I have recently posted WaterCap - new, simple and strong CAPTCHA image generator in PHP. At the same time I mentioned that I have no idea how strong it really is. Various notes that people made while assessing the strength are collected here...

---

12 Hours Passed
In just 12 hours some one took a crack at breaking my CAPTCHA. Here is what was said:

The noise doesn't help a bit if it's easy to filter out. The letters a very predictable and easy to crack. It would only help if you're one of the few that uses this code, but if it's accepted as a patch I'm sure it will be cracked in no time. Random fonts, font size, rotation, character position, contrast, color, backgrounds, blur etc, those would really make a "better captcha".

To prove the point two pictures were posted with the noise removed and the edges detected. Here:

Sad news... I, however, don't have these tools to try anything myself. If I had the tools I could try to improve the design. Should ask around for tools and try to reproduce these.

---

24 Hours Passed
Following the hints posted elsewhere I found some tools that can effectively do a digital image processing. And, well, it's true! The WaterCap backgrounds can be removed and the edges can be detected - quite easily.

Having the image processing tools it's possible to compare the WaterCap with other CAPTCHA's. And what a surprise... It looks like the WaterCap is nor better or worth than any other CAPTCHA that I have collected so far. In all the CAPTCHAS the backgrounds can be removed and the edges can be detected using identical 4-5 step image processing sequence!

And I spend just minutes creating the digital filters. Much better results are possible if more time can be put into the selection of filters, adjusting brightness, etc. Here you can see the results of my experimentation on background removal/edge detection in various CAPTCHA's.

Having the tools allows me to conduct some quick and promising experimentation. However, I am limited in the ability to manipulate these tools. The tools I found are full blown end-user graphical software applications (a.k.a. Microsoft Office) with very limited scripting ability. I have to make many manual operations: open files, use menu, click here and there wasting a lot of time to perform each experiment. In order to have a good CAPTCHA testing/cracking platform the same image processing methods need to be available in a programming language PHP, Java, etc. Since WaterCap was written in PHP I better find and learn how to use a digital image processing library for PHP...

---

36 Hours Passed
Well, you only need PHP 5 with a standard GD library to get the backgrounds removed and the edges detected. In just 10-15 lines of PHP I can clean up the original WaterCap challenge image to fully remove the noise and to reveal the features of individual characters.

Here below you can see the results of my home-grown WaterCap noise removal/edge detection in PHP.

---

48 Hours Passed
Some dust has settled and new opinions are in. Highway of Life fully understood the intentions and the design behind the WaterCap! He saw more than just YACA - "Yet Another CaptchA". Here is the quote:

I know that NO CAPTCHA is perfect, but it's the uniqueness of each one that will defeat the bots. The trick in yours I think is the fact that it appears as an optical illusion, it's the shadows that are creating the characters, this is good, since they are not directly outlined. Sure, it could be defeated, but as long as it makes it more difficult to defeat, you are winning.

Here is an example of an optical illusion. What letters do you see?

(the key: there are yellow letters inside the black letters)