COMMUNICATIONS OF THE ACM February 2004/Vol. 47, No. 2
57
You’ve probably seen them—colorful images with
distorted text in them at the bottom of Web registration
forms. CAPTCHAs are used by Yahoo, Hotmail, PayPal and
many other popular Web sites to prevent automated regis-
trations, and they work because no computer program can
currently read distorted text as well as humans can. What
you probably don’t know is that a CAPTCHA is something
illustration by Jean-François Podevin
B y L u i s v o n A h n , M a n u e l B l u m , a n d J o h n L a n g f o r d
How lazy
cryptographers
do AI.
TELLING
HUMANS AND
COMPUTERS
APART
AUTOMATICALLY
www.laptop1.blogbus.com
This is trial version
www.adultpdf.com
58
February 2004/Vol. 47, No. 2 COMMUNICATIONS OF THE ACM
more than just an image with distorted text: it is a
test, any test, that can be automatically generated,
which most humans can pass, but that current com-
puter programs cannot pass. Notice the paradox: a
CAPTCHA is a program that can generate and
grade tests that it itself cannot pass (much like some
professors).
CAPTCHA stands for “Completely Automated
Public Turing Test to Tell Computers and Humans
Apart.” The P for Public means that the code and
the data used by a CAPTCHA should be publicly
available. This is not an open source requirement,
but a security guarantee: it should be difficult for
someone to write a computer program that can pass
the tests generated by a
CAPTCHA even if they
know exactly how the
CAPTCHA works (the
only hidden information
is a small amount of ran-
domness utilized to gener-
ate the tests). The T for
“Turing Test to Tell” is
because CAPTCHAs are
like Turing Tests [10]. In
the original Turing Test, a
human judge was allowed to ask a series of questions
to two players, one of which was a computer and the
other a human. Both players pretended to be the
human, and the judge had to distinguish between
them. CAPTCHAs are similar to the Turing Test in
that they distinguish humans from computers, but
they differ in that the judge is