[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] torslap!

Hash: SHA1

I think this is a pretty good idea. I see it as something like OAuth, or Facebooks universal login thing, whatever they call it. There may be a problem with it defeating the purpose of Tor though, since you are now trying to track users... 

5 hours is far too long though. For people to use it, it would have to be less than a minute, I think. Which is still enough to stop the mass creation of accoutns for spamming. 

I have some spare time at the moment and need a new project. Might look into this...



On Tue, Apr 23, 2013 at 09:05:19AM -0000, uruioz@xxxxxxxxxxx wrote:
> i read the messages about websites making it hard to register for torians.
> these guys throw out the wheat with the chaff.
> but dont you know to separate wheat from the chaff?
> thresh that shit, yo:
> ***Torslap***
> "Like hashcash but much much worse."
> server gets request from tor exit to register
> server sends back with javascript "You've been Torslapped!"
> client presses button "Watch me now hey"
> client clicks
> wait...hash...work it now baby
> hash...wait...drivin me crazy
> (average 5 hours later)
> javascript says "Success. Click to continue"
> client sends solution
> server verifies and sends captcha to expire after 5 minute
> client solves captcha
> server opens gate
> anon registers
> server flags account
> (later)
> server gets login from tor exit
> database sees flag that means this anon already got slapped
> victory.
> (after some abuse tracked to tor exits)
> turn up the hate and slap tor noobs harder
> (if sybil gets lose in the flagged accounts)
> slap time for all accounts with tor flags (nuclear option)
> Server just need to send javascript hashing page to client with the rule
> and verify the answer (cheap!).
> Honest Torians- if pain in the ass is better than censorship than we use
> Tor therefore what's another pain in the ass
> Troll Torians- you can tie up laptop for five hours hot hashing action or
> play your MMORPG but not both. which will they chose?
> Honest Torians- waste of five hours register on wikipedia then spend years
> to edit. good tradeoff
> Troll Torians- waste five hours for each hydra head before even doing
> damage. if caught slapped with 7 hours a hydra. Then 10. Then 13.
> Because the captcha has expiration troll can not hoard hashes.
> Could use the litecoin scrypt hashing algo. sounds like there is now
> possible to do gpu hashing for improved efficiency but if trolls don't
> have the discipline and dedication to continue attack just when the
> free-beer attack vector is blocked from them would they really take the
> time to study javascript and improve hash efficiency?
> unlike hashcash that make impossible many kind of massive email jobs that
> people perform today torslap would make possible kind of registration jobs
> that torians are not able to complete.
> btw did i say i cannot code any of this sorry :(
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Version: GnuPG v1.4.11 (GNU/Linux)

tor-talk mailing list