These Rorschach Ink Tests Could Replace The Good Old CAPTCHA

These Rorschach Ink Tests Could Replace the Good Old CAPTCHA

The CAPTCHA is a wonderful thing, but it's not without its failings. And as hackers get better and better at cracking them, a team of CMU engineers are proposing an alternative: inkblot tests.

It's called a GOTCHA (of course), and it stands for Generating panOptic Turing Tests to Tell Computers and Humans Apart. The test was developed by three CMU researchers named Jeremiah Blocki, Manuel Blum, and Anupam Datta, who wanted to capitalise on our natural predilection to visual pattern recognition. Their test is a variant of a HOSP, or a Human-Only Solvable Puzzle, which defend against offline dictionary attacks by requiring human interaction with each password. In other words, these puzzles defend against attacks where hackers will try millions of different passwords in an attempt to access your account.

Here's how GOTCHA would work: When a user signs up for a service — a new email account, let's say — they'll be shown a series if inkblot tests and asked to describe them in a few words. Then, when they come back a few days later to sign in, they're presented with the same inkblot tests plus their original answers. They simply have to match up the answers with the correct images. That way, it's tougher for a computer to replicate not only the uniquely human ability to see visual patterns, but also to replicate that ability in the same way twice.

According to the team's October 7 paper — creatively titled GOTCHA Password Hackers! — the CMU team tested their design using a small sample of 70 through Amazon's Mechanical Turk. And while some participants didn't match their answers up correctly, there was good evidence that most users could trust their memories, and it's likely that the test could be tailored to be more consistent.

Of course, it'll be a bit sad to see CAPTCHA go — after all, it's given us so many inadvertently hilarious memes. On the other hand, a quick look at the inkblot descriptions given by Mechanical Turk subjects — from "old cow guy" to "bane from Batman" — prove that GOTCHA has its own potential. [MIT Technology Review]

These Rorschach Ink Tests Could Replace the Good Old CAPTCHA

Picture: odes/Shutterstock



    I see a bear blowing at me, and an angry elephant with two Halo Grunts on its head.
    What does everyone else see?

    An angry, chubby mouse with a mohawk on the left and a baby lemur with its eyes gouged out on the right.

    A praying mantis on the left, and a dog sticking its tongue out on the right.

    A wolf flexing, showing off his six-pack while wearing a top hat.
    A puppy placing a recently killed stingray down a hole, camera looking up from in the hole.

    1) Does that mean that the user can't use the email account for a few days until they've passed the second step of the test?
    2) What's to stop the bot from supplying random words ("tree", "pig", "aunt mildred") to an inkblot and storing the image, then when shown the inkblot again it can just match against the stored image and repeat the words it gave the first time.

    By the way, the left picture is definitely a cat wearing a pilgrim's hat.

    So now I will just need to remember a single word and constantly use that one. Great!

    Yeah, unless I'm missing something crucial, I'm failing to see how this will necessarily prevent computers from passing

    In the left I see my mother telling me off for not cleaning my teeth.

    In the right I see my mother telling me off for getting dirty outside.

Join the discussion!

Trending Stories Right Now