[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Wikimedia and Tor

On 10/01/2014 12:10 PM, Derric Atzrott wrote:


>> Even imposing a nontrivial cost for creating accounts (say 10 BTC) would
>> not help. Determined adversaries would pay it. And of course, that would
>> exclude numerous innocents who wouldn't or couldn't pay.
> Yeah, I was just listing off some items that we came up with brainstorming
> over the past few years.  Clearly that item was cut fairly quickly.  Some
> type of proof of work might work, so long as it was expensive enough to
> deter attackers after the first few times while still cheap enough to
> generate just once for well behaved actors.

Wikimedia could authenticate users with GnuPG keys. As part of the
process of creating a new account, Wikimedia could randomly specify the
key ID (or even a longer piece of the fingerprint) of the key that the
user needs to generate. Generating the key would require arbitrarily
great effort, but would impose negligible cost on Wikimedia or users
during subsequent use. Although there's nothing special about such GnuPG
keys as proof of work, they're more generally useful.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to