[tor-talk] torslap!
ramo at goodvikings.com
ramo at goodvikings.com
Thu May 2 00:58:48 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I think this is a pretty good idea. I see it as something like OAuth, or Facebooks universal login thing, whatever they call it. There may be a problem with it defeating the purpose of Tor though, since you are now trying to track users...
5 hours is far too long though. For people to use it, it would have to be less than a minute, I think. Which is still enough to stop the mass creation of accoutns for spamming.
I have some spare time at the moment and need a new project. Might look into this...
Cheers
Ramo
On Tue, Apr 23, 2013 at 09:05:19AM -0000, uruioz at tormail.org wrote:
> i read the messages about websites making it hard to register for torians.
> these guys throw out the wheat with the chaff.
> but dont you know to separate wheat from the chaff?
> thresh that shit, yo:
>
> ***Torslap***
>
> "Like hashcash but much much worse."
>
> server gets request from tor exit to register
> server sends back with javascript "You've been Torslapped!"
> client presses button "Watch me now hey"
> client clicks
> wait...hash...work it now baby
> hash...wait...drivin me crazy
> (average 5 hours later)
> javascript says "Success. Click to continue"
> client sends solution
> server verifies and sends captcha to expire after 5 minute
> client solves captcha
> server opens gate
> anon registers
> server flags account
>
> (later)
> server gets login from tor exit
> database sees flag that means this anon already got slapped
> victory.
>
> (after some abuse tracked to tor exits)
> turn up the hate and slap tor noobs harder
>
> (if sybil gets lose in the flagged accounts)
> slap time for all accounts with tor flags (nuclear option)
>
> Server just need to send javascript hashing page to client with the rule
> and verify the answer (cheap!).
>
> Honest Torians- if pain in the ass is better than censorship than we use
> Tor therefore what's another pain in the ass
> Troll Torians- you can tie up laptop for five hours hot hashing action or
> play your MMORPG but not both. which will they chose?
>
> Honest Torians- waste of five hours register on wikipedia then spend years
> to edit. good tradeoff
> Troll Torians- waste five hours for each hydra head before even doing
> damage. if caught slapped with 7 hours a hydra. Then 10. Then 13.
>
> Because the captcha has expiration troll can not hoard hashes.
>
> Could use the litecoin scrypt hashing algo. sounds like there is now
> possible to do gpu hashing for improved efficiency but if trolls don't
> have the discipline and dedication to continue attack just when the
> free-beer attack vector is blocked from them would they really take the
> time to study javascript and improve hash efficiency?
>
> unlike hashcash that make impossible many kind of massive email jobs that
> people perform today torslap would make possible kind of registration jobs
> that torians are not able to complete.
>
> btw did i say i cannot code any of this sorry :(
>
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAEBAgAGBQJRgbpIAAoJEAXQWoW8lug/TXMH/R7sJLDKwU2nrdLmovF2zCMu
OVprnIdjN0GHc55DLVaTEM2b0r2Cw0Iy4J6HgzdhHxQmEqs/vkjlT72/69Whs4Ds
hbjobk0s3GFFS2AF6J92bhoG7oNIN7eOCO5svLuOQst+fQ+SkPU1Sv0FWjOLe0CV
vujcbdPK3if4WO7v4fHc+FN4F4MpzcudL3rIoZdBhnnZRlgKWjXfBLsCZaTUpGHz
t+fjpxv9agz3htNNPvcpKtFczdfVNjyVS2IQQCNxdHUrsN9JDiyIhXMAqsX353wm
jtBg+YOfswZqdGmV1Pv0fvqtj5n9CEwS9YRCFNCKYMjeZ6bKCy0D+E7X/uUtAfQ=
=dUJm
-----END PGP SIGNATURE-----
More information about the tor-talk
mailing list