Skip to content

Y0ursTruly/pow_captcha

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

pow_captcha (proof of work captcha)

Usage

Installation

npm install pow_captcha

Importing

const {makeTest, takeTest, takeTestAsync} = require('pow_captcha');

Concept (what is this)

Usually, when one thinks of a "CAPTCHA", weird looking images with instructions about which one(s) to select to prove you're human. These ensure only human traffic to certain operations on a website.
However, they do not stop spam to a server that much. The only way the server can verify a token is to use its resources to send a request the CAPTCHA service API (for at least reCAPTCHA and hCAPTCHA). On top of that, if the attacker spams enough, you would have sent enough requests to the respective API to disable your API credentials for a period of time, leading to denial of services to valid requests.
Now, this proof of work captcha utilises cryptography in a way that a cryptographic "puzzle" can be created that takes a physical amount of processor time to complete, adding a logical delay to the spamming capabilities of an attacker.

  • The puzzle is the hash of a correct buffer, an incorrect buffer being given and the definitions of various ranges where the computer can edit the buffer.
  • The idea here is that a computer has to edit the incorrect buffer using the ranges, then to only stop when its hash is equal to the hash of the correct buffer.
  • Buffer length has its part to play to be large enough that an attacker cannot pre hash every single possibility. An attacker needs to hash (a2-a1)^B B lengthed buffers to do this.
  • For instance the default values have a1 at 0, a2 at 256 and B at 1024 if you check the argument descriptions below in the makeTest function. This means that an attacker would have to prehash 256^1024 sets of 1024 lengthed buffers (this is a ridiculous amount, check it out yourself) and therefore, one needs to take the processor time to complete this puzzle :D

Exports

There are 3 functions that are exported for use

  • makeTest([tries[,B[,a1[,a2]]]])
    • Description: This function generates a cryptographic quiz based on the arguments given. Arguments in this function have these constraints
    • Returns:
      [
        string that looks like garbage but is the cryptographic quiz(hash of correct buffer, incorrect buffer, ranges of where to modify when guessing),
        string that looks like garbage but is the SOLUTION of the given cryptographic quiz(the correct buffer)
      ]
    • Arguments:
      • tries number (default is 2^20 or 1048576) The maximum amount of combinations(of the buffer) that might get guessed before arriving at the solution. In the cryptographic quiz, this is expressed in one or more ranges that multiply up to this number
      • B number OR Buffer (default is 64) The length of the buffer OR a chosen buffer. This will not affect tries because specific ranges across the buffer are chosen, but it prevents an attacker from prehashing all combinations of the buffer
      • a1 number (default is 0) The lowest value a byte can be. For example if a1 is 65, there will be no byte less than 'A' in the buffer
      • a2 number (default is 256) The highest value a byte can be plus one. For example if a2 is 91, there will be no byte greater than 'Z' in the buffer
  • takeTest(input)
    • Description: This function solves a cryptographic quiz based on the string input given
    • Returns:
      string that looks like garbage but is the SOLUTION of the given cryptographic quiz(the correct buffer)
    • Arguments:
      • input string A string which is a cryptographic quiz
  • takeTestAsync(input)
    • Description: To avoid hanging the process that called it, this runs the takeTest function in a worker thread
    • Returns:
      string that looks like garbage but is the SOLUTION of the given cryptographic quiz(the correct buffer)
    • Arguments:
      • input string A string which is a cryptographic quiz

About

I built a proof of work captcha inspired from friendly-captcha's concept

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published