Joke Collection Website - Blessing messages - Where is the third generation verification code better than the first generation and the second generation?
Where is the third generation verification code better than the first generation and the second generation?
First generation: standard verification code
This generation of verification code is our common graphic verification code and voice verification code, because it is difficult for machines to deal with complex computer vision and voice recognition problems, but humans can easily identify and distinguish between humans and machines. At first, this generation of verification codes used the mechanism that human knowledge is easy to answer, but computers are difficult to answer.
The second generation: innovative verification code
The second generation captcha is an innovative interactive optimization captcha based on the core idea of the first generation captcha (questions that human knowledge can answer but computers are difficult to judge). The second generation verification code is based on the core principle of the first generation verification code-"the difference of human-computer knowledge", and a large number of innovative verification codes have been developed.
12306 and other verification codes are also innovations to traditional verification codes:
The third generation: no knowledge verification code
The biggest feature of the third generation verification code is that it is no longer based on knowledge for man-machine judgment, but based on the comprehensive judgment of human inherent biological characteristics and operating environment information to judge whether it is a person or a machine. The biggest feature of the knowledge-free verification code is that it does not require human thinking, so it will not interrupt the user's operation and provide a better user experience.
For example, Google's new ReCaptcha:
Principle of knowledge-free verification code
Step 1: Confuse the Javascript code, and update the encryption algorithm regularly in the Web front end, so that the untrusted Web front end becomes a trusted client. When the user glides, the behavior information and environmental information of the user's operation are collected based on the trusted client, and encrypted and submitted to the back-end risk control engine;
Web front-end is a clear script language, and the server wants to obtain credible data from the client, which has always been plagued by "no secrets in front of the source code". Given enough time for a front-end engineer, it seems that the Web front-end is really no secret.
As the offensive and defensive confrontation continues, security patches can always find poor ways to protect themselves. Although the Web front-end does not have the security strength to prevent reverse and debugging of the client, it has the hotpatch capability that the client does not have.
According to the principle of Map-Reduce, the performance of a single machine is not good, and tasks are assigned to multiple machines for concurrent execution. If the intensity of single Javascript obfuscation is not feasible, then Javascript code will be obfuscated automatically periodically. Even if an attacker can reverse the Web front end in a short time, the reverse function will fail on the server in a short time, which can also greatly consume the attacker's cost.
What is even more frightening is that the frantic Google has completely realized a set of virtual machines based on Javascript, and the core code is realized by bytecode. The cost of updating bytecode format regularly increases geometrically.
If you don't update the code logic and just confuse the original logic repeatedly, it is still meaningless. For verification code applications on the network, the kernel function has only two parts:
1, event acquisition module, which collects user's behavior information. This part of the logic is simple and can't automatically update the code logic;
2. Behavior data encryption module. The core of this part is the encryption algorithm. There seems to be enough room for automatic update and change of code logic.
In order to ensure the credibility of the front end, it is necessary to update the encryption algorithm automatically, and there must be a huge symmetric encryption algorithm set to ensure the automatic update of the code. All symmetric encryption algorithms are based on Feistel block cipher structure, which can derive countless symmetric encryption algorithms, so countless symmetric encryption algorithms can be derived.
- Previous article:How to intercept express delivery?
- Next article:Do you need to inspect the used car for transfer? What procedure should you follow?
- Related articles
- How to inquire about the off-site phone bill and package balance of telecom cards?
- How to cancel extracting China mobile and messages?
- Parents' brief comments on son's admission to university
- Mid-Autumn Message to Relatives
- The father's speech at the wedding was short and classic.
- Why can¡¯t I send text messages with the China Unicom card I just applied for?
- Announcement of the activity trajectory of a close contact in Feicheng City (close contact in Feidong)
- 80 1, Building 5, Dachong International Center, No.39 Tonggu Road, Nanshan District. What company is this? What is this? That's weird.
- Subject 2: How long will it take to receive a text message if the appointment is successful?
- How is Unicom's nailed treasure card buckled?