Many readers have no doubt encountered funny-looking images of distorted letters that look as if they are filtered through a haze of mind-altering substances. Sometimes these images are associated with sign-ups for Web pages; occasionally one encounters e-mail systems that demand that one decode the weird letters and numbers to be able to send e-mail to a person being guarded against spam.

These puzzles are known as CAPTCHAs, standing for “Completely Automated Public Turing test to tell Computers and Humans Apart.” They were developed by The CAPTCHA Project at Carnegie Mellon University:
http://www.captcha.net/

It started around 2000 as an approach to defeating bots (automated processes - from “robots”) that can be used to abuse online services. The examples cited on the CAPTCHA Web site include distortions of online polls, abuse of free e-mail services, search-engine violations of privacy requests on Web sites, spam, and brute-force challenges to passwords on live systems.

There are several types of CAPTCHAs in use today:

* Gimpy, which presents distorted letters and numbers that are difficult for machines to interpret but easy for people to recognize.
* Bongo, resembling a simple IQ test involving pattern recognition (better hope you agree with the designers’ opinions).
* Pix, which distorts ordinary photographs and presents a list of words from which one must select the element in common (I failed a sample in which the images were all supposed to look like cheese but included what appeared to be a plate with a pile of rotting leaves in one and a platter of sushi in a fourth).
* Sounds, which distort a sound clip and ask the user to interpret the clip.

The visually based systems are evidently difficult or impossible for visually impaired users to master, as is the last one for hearing-impaired users. Any attempt to use CAPTCHAs should offer alternatives for _bona fide_ human beings with perceptual disabilities to authenticate themselves.

According to the CAPTCHA Web site, several artificial intelligence research groups are using CAPTCHAs as challenges. In addition, criminals have been applying human ingenuity to defeat the system as well. In particular, some spammer bots have been transferring CAPTCHAs to pornography sites where unsuspecting pornophiles decode them on behalf of the bots. Other bots take advantage of the relatively small number of answers available for many of the CAPTCHA applications; if there is no limit on the number of retries, the bots simply try all the values until they succeed.

M. E. Kabay, PhD, CISSP-ISSMP, is Program Director of the Master of Science in Information Assurance program at Norwich University.