1.0.3 • Published 6 months ago

pow_captcha v1.0.3

Weekly downloads
-
License
Apache-2.0
Repository
github
Last release
6 months ago

pow_captcha (proof of work captcha)

Usage

Installation

npm install pow_captcha

Importing

const {makeTest, takeTest, takeTestAsync, ready} = require('pow_captcha');

Concept (what is this)

Usually, when one thinks of a "CAPTCHA", weird looking images with instructions about which one(s) to select to prove you're human. These ensure only human traffic to certain operations on a website. However, they do not stop spam to a server that much. The only way the server can verify a token is to use its resources to send a request the CAPTCHA service API (for at least reCAPTCHA and hCAPTCHA). On top of that, if the attacker spams enough, you would have sent enough requests to the respective API to disable your API credentials for a period of time, leading to denial of services to valid requests. Now, this proof of work captcha utilises cryptography in a way that a cryptographic "puzzle" can be created that takes a physical amount of processor time to complete, adding a logical delay to the spamming capabilities of an attacker.

  • The puzzle is the hash of a correct buffer, an incorrect buffer being given and the definitions of various ranges where the computer can edit the buffer.
  • The idea here is that a computer has to edit the incorrect buffer using the ranges, then to only stop when its hash is equal to the hash of the correct buffer.
  • Buffer length has its part to play to be large enough that an attacker cannot pre hash every single possibility. An attacker needs to hash (a2-a1)^B B lengthed buffers to do this.
  • For instance the default values have a1 at 0, a2 at 256 and B at 1024 if you check the argument descriptions below in the makeTest function. This means that an attacker would have to prehash 256^1024 sets of 1024 lengthed buffers (this is a ridiculous amount, check it out yourself) and therefore, one needs to take the processor time to complete this puzzle :D

Exports

There are 3 functions that are exported for use But before that there is simply a Promise named ready that will resolve when everything is ready; meaning when the wasm binary for takeTest has asynchronously loaded What does this mean? The code to take the test (the one that takes a physical amount of time for a computer to solve) has been now written in C and compiled to something called WebAssembly for increased performance

workcaptchaproofofworkpowproofofworkcaptchahash
1.0.3

6 months ago

1.0.2

1 year ago

1.0.1

1 year ago

1.0.0

1 year ago