We’ve just released: GitHub - cachix/elm-hashcash: Implements HashCash to prevent spammers abusing a resource.
10 Likes
Proof of signup XD this is smart!
Maybe I misunderstood but it seems like this alone won’t slow down signup spam unless you force the data to change between each request? For example, if someone computes the correct hash once and then resends that request over and over then they don’t need to do any additional work.
Maybe the package readme could mention that you need to at least increment a counter in the data for each request so that previous hashes can’t be reused?
It seems like there are two attack vectors being discussed:
Using HashCash seems like a great fit for the case of signing up zillions of different email addresses, since the attacker will need to compute a hash for each new email address that they try to register.
But, for dealing with a denial of service attack from repeated submissions of the same data, you’d have to serve some kind of unique value and somehow keep track of what inputs have already been submitted. Which is perhaps veering into territory that should be solved by something in front of the application, rather than the application itself.
1 Like
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.