[Nym3-devel] Account creation and proof of work.
Laurent Fousse
laurent at komite.net
Mon Apr 11 10:12:54 CEST 2005
Hi,
* Nick Mathewson [2005-04-10]:
> The idea of the proof-of-work field is not to 'prove that the identity
> key works' --- it's to require an amount of computational or human
> effort to set up a new account, to prevent an attacker from creating
> millions of accounts and flooding the system.
Yup. Obviously the mere signing of the creation message is not
computationally enough, if we ask for such a proof-of-work.
I think I made a little confusion about the "proof-of-work" term
("proof it works" against "proof the user worked").
> You can do this by requiring an amount of computation, but that isn't
> such a good idea---see this paper for one set of opinions.
> http://www.cl.cam.ac.uk/users/rnc1/proofwork.pdf
I've seen similar ideas on mailing-lists, but not as thoroughly
discussed. Thanks for the pointer!
> Another option is to require an amount of human work, like how you
> need to type in the letters from an image in order to create a hotmail
> account. For more info here, google RPOW and CAPTCHA. This approach
> has problems too.
google(RPOW) leads me to a webpage about reusable hashcash tokens (so
still something computational). I know CAPTCHA, and one of the first
google answer is "breaking visual CAPTCHA" (made it to a /. article).
The Wikipedia article is informative:
http://en.wikipedia.org/wiki/Captcha
> For a nymserver, for now, I'd just recommend that we change the field
> to have a length field and a body, with values for the length field
> other than 0 currently unspecified. How does that sound?
Good. Unless the others disagree, I'll change the code to do that.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.noreply.org/pipermail/nym3-devel/attachments/20050411/532ca334/attachment.pgp
More information about the Nym3-devel
mailing list