Many security primitives rely on difficult mathematical problems. The use of these difficult AI problems for security is emerging as a new exciting paradigm, but has been under exploration. CaRP is both a Captcha and graphical password scheme. CaRP wa together, such as online divination attacks like retransmission attacks. if combined with double shoulder-surfing attacks. A CaRP password can only be found probabilistically by automatic g attacks online even if the password is in the search systems. CaRP also offers a novel approach to addressing the problem of hot spot known image in a popular graphic password system such as Pass Points, which often leads to weak password choice. CaRP is not a panacea but offers reasonable security and usability and seems to fit well with some of the practical applications to improve online security.