twitter Facebook Linkedin acp RSS Feed

Hacking programmes use so-called brute-force attacks to try out all possible character combinations to guess passwords

Captcha_in_einemkritischen_System_collIndecipherable for computers: The Captcha with the password is very grainy, as it is generated in a physical system close to a critical change of state (left). In a chaotic process, it is made completely unreadable. The process can be reversed with an easily remembered password, however. (Photo: Sergej Flach / MPI for the Physics of Complex Systems)


CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) are intended as an additional safeguard the input of which originates from a human being and not from a machine. They pose a task which is simple for any human, but difficult for a programme. Users must enter a distorted text which is displayed on the screen, for example.

Researchers at the Max Planck Institute for the Physics of Complex Systems have developed password protection based on a combination of characters and a Captcha. They also use mathematical methods from the physics of critical phenomena to prevent access to the Captcha by computers.

“We thus make the password protection both more effective and simpler,” says Konstantin Kladko, who had the idea for this interdisciplinary approach during his time at the Dresden Max Planck Institute; he is currently at Axioma Research in the USA.

The researchers initially combine password and Captcha in a completely novel way. The Captcha is no longer generated anew each time in order to distinguish the human user from a computer on a case-by-case basis.

Rather, the physicists use the code word in the image, which can only be deciphered by humans as the real password. The researchers also encrypt this password using a combination of characters.