Skip to main content
SpringerLink
Log in

GOTCHA Challenge (Un)Solved

  • Conference paper
  • First Online:
International Joint Conference (CISIS 2015)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 369))

  • 771 Accesses

Abstract

Password-based authentication is common due to its high usability and simplicity to implement; however, it raises many security problems. This implies a continuous effort in designing new password-based authentication techniques. J. Blocki, M. Blum and A. Datta introduced GOTCHA (Generating panOptic Turing Tests to Tell Computers and Humans Apart), an innovative method to perform password-based authentication: a challenge-response mechanism that gives humans a great advantage over machines. The authors of GOTCHA proposed a public challenge to test its strength. We disclosed all 5 passwords of the first round, because of a leakage in the released code. In this paper, we present our attack: an improved brute-force that revealed each of the 7-digit password in less than 0.5 h and the 8-digit password in approximately 1.5 h on a personal laptop.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Blocki, J. Blum, M., Datta A.: GOTCHA password hackers!. In: AISec’13 Proceedings of the 2013 ACM workshop on Artificial Intelligence and Security, pp. 25–35 (2013)

    Google Scholar 

  2. GOTCHA Challenge. http://www.cs.cmu.edu/jblocki/GOTCHA-Challenge.html. Accessed Jan 2015

  3. New York Times—If Your Password Is 123456, Just Make It HackMe. http://www.nytimes.com/2010/01/21/technology/21password.html?_r=0. Accessed Jan 2015

  4. Oechslin, P.: Making a faster cryptanalytic time-memory trade-off. Adv. Crypt.—CRYPTO 2003, 617–630 (2003)

    MathSciNet  Google Scholar 

  5. CAPTCHA: Telling Humans and Computers Apart Automatically. http://www.captcha.net/. Accessed Jan 2015

  6. RSA Laboratories—The RSA Factoring Challenge. http://www.emc.com/emc-plus/rsa-labs/historical/the-rsa-factoring-challenge.htm. Accessed Jan 2015

  7. Provos, N., Mazieres, D.: A future-adaptable password scheme. In: USENIX Annual Technical Conference, FREENIX Track, pp. 81–91 (1999)

    Google Scholar 

  8. GIMP—The GNU Image Manipulation Program. http://www.gimp.org/. Accessed Jan 2015

Download references

Acknowledgments

The author would like to thank Alex Gatej for informing about the GOTCHA challenge.

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Bucharest, Bucharest, Romania

    Ruxandra F. Olimid

Authors
  1. Ruxandra F. Olimid
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ruxandra F. Olimid .

Editor information

Editors and Affiliations

  1. Department of Civil Engineering, Escuela Politécnica Superior, University of Burgos, Burgos, Spain

    Álvaro Herrero

  2. Department of Civil Engineering, Escuela Politécnica Superior, University of Burgos, Burgos, Spain

    Bruno Baruque

  3. Technological Institute of Castilla y León, Burgos, Spain

    Javier Sedano

  4. University of Salamanca, Salamanca, Spain

    Héctor Quintián

  5. Plaza de la Merced S/N, University of Salamanca, Salamanca, Spain

    Emilio Corchado

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Olimid, R.F. (2015). GOTCHA Challenge (Un)Solved. In: Herrero, Á., Baruque, B., Sedano, J., Quintián, H., Corchado, E. (eds) International Joint Conference. CISIS 2015. Advances in Intelligent Systems and Computing, vol 369. Springer, Cham. https://doi.org/10.1007/978-3-319-19713-5_40

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-19713-5_40

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-19712-8

  • Online ISBN: 978-3-319-19713-5

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation