GOTCHA Challenge (Un)Solved

Conference paper

DOI: 10.1007/978-3-319-19713-5_40

Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 369)
Cite this paper as:
Olimid R.F. (2015) GOTCHA Challenge (Un)Solved. In: Herrero Á., Baruque B., Sedano J., Quintián H., Corchado E. (eds) International Joint Conference. Advances in Intelligent Systems and Computing, vol 369. Springer, Cham


Password-based authentication is common due to its high usability and simplicity to implement; however, it raises many security problems. This implies a continuous effort in designing new password-based authentication techniques. J. Blocki, M. Blum and A. Datta introduced GOTCHA (Generating panOptic Turing Tests to Tell Computers and Humans Apart), an innovative method to perform password-based authentication: a challenge-response mechanism that gives humans a great advantage over machines. The authors of GOTCHA proposed a public challenge to test its strength. We disclosed all 5 passwords of the first round, because of a leakage in the released code. In this paper, we present our attack: an improved brute-force that revealed each of the 7-digit password in less than 0.5 h and the 8-digit password in approximately 1.5 h on a personal laptop.


GOTCHA challenge Password-based authentication Hash functions Offline attacks Dictionary attacks 

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversity of BucharestBucharestRomania

Personalised recommendations