[idupree]

The paper: http://arxiv.org/pdf/1310.1137v1.pdf

Its thesis: "We introduce GOTCHAs (Generating panOptic Turing Tests to Tell Computers and Humans Apart) as a way of preventing automated offline dictionary attacks against user selected passwords."

It cites http://eprint.iacr.org/2006/276.pdf which it is an improvement upon.

As far as I can tell from reading the papers, though it does not state this, the purpose is to make offline dictionary attacks harder by helping the users create/remember a higher amount of entropy than they do with a password.[1] Given ten images to be matched up with phrases, there are 10! matchings, providing at most log2(10!) = 21.8 bits of entropy (fewer bits if computers can make even a really bad guess at which phrases go with which pictures). That is about as much entropy as in four randomly-generated lowercase-letter-or-digit characters (log2(36^4) = 20.7): a great improvement for bad passwords, but modest for good passwords. The authors are hoping that its easiness-to-remember per bit of entropy is significantly greater than that of passwords (randomly generated and human chosen passwords).

[1] Once the attacker has gained all server data, there's no stopping brute-forcing. Even with SRP ( http://srp.stanford.edu/ ) in which the server never sees the plaintext password, if the attacker gains a password's verifier that's stored on the server then they can offline-brute-force it. In this case, a brute-forcer would brute-force {password + which picture goes with which phrase}.