 Show Posts
|
|
Pages: [1]
|
CPU-only altcoins' communities and developers! Bitcointalk forum's administrator said: If someone codes up the necessary libraries and end-user utilities, I would be very keen to use it on the forum
This is a bounty! What CPU-mineable altcoin will be mined as proof-of-work to log in to this forum? It depends just on you! |
|
|
|
Captcha-solving services charge about $0.003 per reCaptcha solve currently, so the computation cost to an attacker (not an average user) would have to be comparable to that. Certainly this makes SHA-x PoW impractical, as it would be far cheaper for an attacker using GPUs/ASICs and special code vs an ordinary user solving it via JavaScript on a CPU Oh, really? If a thousand users logs in, you pay $3 to Google. There are many users, you pay too much! This thread is about POW-mining of new ASIC/GPU-resistant coins, not Bitcoin! Algos like yescrypt, yescryptr16, yescryptr32 are mineable by CPU only. No way for attackers to use ASICs. Futhermore, POW with mining coins like Koto, Yenten, WAVI will give the forum some coins! With my idea implemented you will yield coins instead of spending them. Someone could right now write a userscript which integrates the forum captcha with a captcha-solving site. Some of them allow you to purchase captcha solves, solve captchas in exchange for credits (eg. solve on your computer and then use the credits on a mobile device), or transfer credits between accounts (eg. buy credits from other users). This is still not ideal from a privacy standpoint, of course. So we need: 1. Javascript client-side miner for CPU-only algos. This depends mostly on coins' developers and communities. 2. Server-side scripts. This depends on server-side software. I am not a professional Javascript or PHP coder but I hope this idea will attract the proper specialists. |
|
|
|
What if someone else with malicious intents increases difficulty for your nickname, intentionally making wrong attempts ? Ooops, and in order to login you need to do a couple of giga-hashes. Or, if you wish, we can do it for you, for a small amount of ether... See how it works? Again: users should be able to choose captcha as alternative to POW. They could do this in such cases. That doesn't fix the issue though. They're then still going to have to use the captcha? What if, at some point, the user who was using 50000 IP addresses returns to try to bruteforce the forum again and attack everyone's user accounts and makes it extremely difficult for everyone to log-in without the captcha. Also, it'd use a lot of unnecessary CPU power to try to mine it - especially if they don't know how long they'd have to wait first. Attacking thousands users and making it impossible for all of them to log in without captcha? This will give much coins to the forum! Users will just log in with captcha and reset difficulty. They should be able to see what were the failed password attempts and laugh at how far they were from their real passwords (increasing difficulty will not allow many attempts, remember FLM). We wouldn't want a rush of environmentalists that start to complain about how this forum is contributing to the decline of the environment now would we?
Aren't those environmentalists already okay with ASICs and GPU farms consuming electricity more than a middle-sized state? CPU-mined altcoins will save us from this. Again: users should be able to choose captcha as alternative to POW. They could do this in such cases.
Defeats the point then. They'll just continue using the very system they are using now and allowing people to login with their CPU would be a nothing less than a gimmick. Spending CPU-time mining coins for the forum... is it not a charity? And what is the purpose? Just to make users use captcha again? |
|
|
|
I agree with you,captcha is quite annoying and there has to be a better solution.However,don't think CPU mining is the one.
There are a large number of people who access forum through their mobile devices.Does your mining idea works well with them ? Being someone who is very very considerate about their privacy,why would I want any script on the website to utilise my CPU power ? That opens to a lot of vulnerabilities.
1. Yes, users should be able to choose Captcha as alternative to POW mining for some cases like too slow devices. And they should be able to adjust 2. If you respect your privacy you should be concerned about Google's Cloudfare (collecting your IP at least), not about mining script "collecting" nothing but roughly estimated CPU power. BTW, captcha also works on scripts. What if someone else with malicious intents increases difficulty for your nickname, intentionally making wrong attempts ? Ooops, and in order to login you need to do a couple of giga-hashes. Or, if you wish, we can do it for you, for a small amount of ether... See how it works? Again: users should be able to choose captcha as alternative to POW. They could do this in such cases. |
|
|
|
There is CAPTCHA on login. It is here to protect the site from bots and bruteforcing. But it is annoying.
There is an option to replace it with proof-of-work mining of CPU-only altcoins
Why would anyone open it's login for bots just because captcha is annoying for people? Do you imagine how high the hash-rate for the CPU-only coins, because the bot farms? And not everyone is using really strong password, because humans etc. I think switching to PoW instead of captcha would introduce huge vulnerability. Every failed login attempt should increase difficulty. Say, the difficulty-increase multiplier is 2 (per one nickname). If first attempt takes 1 CPU-second (default difficulty), 8th will take minute and 100 attempts will take ages (imagine 2^100 seconds). Meanwhile the attacker's hashrate will work to fund Bitcointalk forum  Cryptocurrencies themselves are based on similar principle. They can theoretically be bruteforced (wallet's master key, cancel confirmed payment etc) but modern hardware can't do this in reasonable time. I mentioned above that captcha should be preserved as a second option so that it could be used by legitimate user if the difficulty increased after bruteforce attempts. Then the user should see how many failed attempts did he have, what the password guesses were and be able to reset the difficulty. Users should be able to set POW difficulty and difficulty increase multiplier (for failed attempts) by themselves. If a user does not like POW confirmation and wants to be logged in by captcha only, he should set difficulty impossible for all supercomputers of the world. |
|
|
|
1. This thread is not about the proof-of-work confirmation mining idea itself (as the linked thread) but about implementing it on bitcointalk forum. 2. Yes, there should be option to complete CAPTCHA instead of mining for weak hardware. Yes, 1 minute confirmation mining is too long, this difficulty should be set only if there is DDOS/bruteforcer activity spike. Usually confirmation mining should take no more than a few seconds. Also, you'd just get people putting more cpu power behind these attacks. AND, you get that ddos isn't don't by pepole logging in right? It's just a large amount of network traffic, they're not all trying to login.
If you're gonig to try to get everyone's login data, that is mainly something that is done offline (obviously not going into specifics).
Yes, but there is CAPTCHA on login/sign up. The question is about giving an option of proof-of-work mining confirmation instead of completing it. It will not only get more CPU power for attacks. It will make attackers mine coins for the forum!!! |
|
|
|
Good idea, but now most of the browsers had blockers for mining soft in js.
It shows warning message if JS code trying to run miner on client, users need to click OK or YES for this warning message.
This is not a problem. The site should inform the users that there is proof-of-work captcha replacement and the user should allow it to access the site or do other thing that bots should not do (login, sign up, post a message, forum search etc) with higher difficulty for things needing more security. In some cases there should be an option to complete CAPTCHA instead of mining if, for example, users have very weak hardware. I have already proposed this idea for Bitcointalk forum itself, please support it in the poll https://bitcointalk.org/index.php?topic=3242646.0 |
|
|
|
There is captcha on login. It is here to protect the site from bots and bruteforcing. But it is annoying. 1. There is an option to replace it with proof-of-work mining of CPU-only altcoins. It will not be a trouble to normal users for one-time confirmation but will make DDOS/bruteforcing hard and expensive for attackers making many queries. 2. There should be an option to complete traditional captcha instead of mining if, for example, users have very weak hardware. But most users with good CPUs would better mine a bit than deal with annoying captcha. 3. Users should be able to set POW difficulty for their login. If a user uses a weak mobile device, has strong password and does not fear bruteforce, he needs to set low difficulty. If a user wants to disable POW at all and login with captcha only, he could set difficulty, impossible for all of the modern supercomputers, and always use captcha. 3. Mining difficulty for a specific user (not all the forum) should increase on every failed attempt by failed-login multiplier (FLM). User should also be able to set FLM themselves. Say, initial difficulty is 1 second on an average PC and FLM is 2. 2nd attempt will take 2 seconds, 8th will take a minute and 100 attempts will take 2^100 seconds - ages. 4. If user's account appears "locked" by increased POW difficulty after bruteforce, he should be able to use captcha alternative, see failed attempt list and (if wants) reset the difficulty. 5. Note that all login attempts will give coins to the forum. Pity bruteforce attempts will give even more coins (remember FLM). Main thread for the idea: https://bitcointalk.org/index.php?topic=3240247.0I hope admins will take it seriously. |
|
|
|
The idea is to replace captchas by CPU altcoin mining. |
|
|
|
|
At the moment it is just an idea.
The idea is that customers can pay CPU-time for using websites or do any other things that DDOS or bruteforcer bots should not be able to do. Say, you need to solve a share that takes 5 seconds on average PC to login to Bitcointalk forum (instead of completing Recaptcha) - and difficulty can be increased if there is a reason to have more security.
This will not a problem for a normal user but it will be very hard and expensive for bots to take site down (DDOS purpose) or crack a password. Bots will have to complete mining shares for every try and will make money for site owner.
We need:
1. Javascript implementation for mining CPU altcoins (yescrypt, yescrypt16r, yescrypt32r etc).
2. Server-side implementation to serve the method.
This will advertise CPU altcoins and make people use them.
|
|
|
|
Hey, I have an idea! PROOF-OF-WORK DDOS PROTECTIONSay, you have a website that is being DDOSed. Instead of CAPTCHA, you can put a script on it to mine some Yescrypt coin (CPU-only) shares before opening access to the site (or do other things needing spam protection). Of course, you can adjust difficulty depending on DDOS volume and your greed. For a normal user this will take a few seconds on an average PC. No more annoying CAPTCHAs, just wait a bit. For a DDOSer this will be a pain. Moreover, DDOSer will mine coins for you! DDOS will give profits to website owners, with no more paid subscription to Cloudfare. IMHO this idea will lead CPU altcoins to the top! Related topic: https://bitcointalk.org/index.php?topic=3240247.0what abt another types of ddos attac? DDOSer will have to mine coins for the website owner. More DDOS = more coins! |
|
|
|
|
DeepOnion is good in all but mining. It is bounded to X13 algo. X13 is even worse than SHA-256 since ASICS for it are more rare.
Could you please switch to CPU-only algo such as Yescrypt R32?
|
|
|
|
|
