Take me back!

Adventures in Captchaing

A Captcha is a test that tries to distinguish real people from bots. I run a faucet, a site that gives out free cryptocurrency, so bots are a huge problem. There are plently of captcha services out there, so why make one?

Well, reCAPTCHA charges money (albeit only for large customers) and is owned by Google (Google=bad), hCaptcha is fine, but can easily be bypassed with the accessibility cookie feature. Not to mention, selecting which squares are traffic lights or boats is actually kind of hard. I've looked at other captcha sites, but couldn't find any good sites.

Making the Captcha

Luckily, I had recently finished a couple of projects, and was looking for something to do, so why not make a text captcha?

Not just any text captcha, I had a general plan of what to do:

For the programming language, I quickly decided to use Ruby, with Sinatra for the web component, and found an image processing library called chunky_png.

The first problem encountered was the question of how the system should be designed so that it would not require a database. Hashing, maybe? But hashing is, by definition, one way, so it wouldn't be possible to decode the response. Instead, I decided to use the Salsa20 encryption algorithm.


Documentation

You can find the documentation and details on how to add the captcha (or run your own) on the project Github.


Code Example

In addition to hosting the actual captcha, the Github has a working implementation of the captcha, in Ruby using Sinatra web framework. Of course, any other language can be used instead.