Skip to main content

The CAPTCHA Project

Researchers: Manuel Blum, Luis von Ahn

Abstract

The CAPTCHA Project

A CAPTCHA is a program that can generate and grade tests that:

  • Most humans can pass.
  • Current computer programs can't pass.
  • For example, humans can read distorted text as the one shown below but current computer programs can't:

CAPTCHAs have several applications for practical security, including (but not limited to):

  • Online Polls. Can the result of any online poll be trusted? Not unless the poll requires that only humans can vote.
  • Free Email Services. Several companies (Yahoo!, Microsoft, etc.) offer free email services. Most of these suffer from a specific type of attack: "bots" that sign up for thousands of email accounts every minute.
  • Search Engine Bots. Search engine bots, since they usually belong to large companies, respect Web pages that don't want to allow them in. However, in order to truly guarantee that bots won't enter a Web site, CAPTCHAs are needed.
  • Worms and Spam. CAPTCHAs also offer a plausible solution against email worms and spam: "I will only accept an email if I know there is a human behind the other computer."
  • Preventing Dictionary Attacks. Pinkas and Sander have suggested using CAPTCHAs to prevent dictionary attacks in password systems. The idea is simple: prevent a computer from being able to iterate through the entire space of passwords.