On 10 Aug 2001, Dr. Evil wrote:
blacked out. Cool! But I'm working on a different problem. Basically, I have a web site that lets you reserve domain names before you pay for them. I want to make sure that no loser out there decides to be cool and write a script which reserves every word in the dictionary, or every sequence of eight characters, or some moronic thing like that. So I will have the page display three characters, somewhat blurry, and say, "type these characters here!" If they don't match, you're not human! (Why didn't they think of this simple method in Terminator and Blade Runner?) This same moron could sit there and type domain names all day long, but that's enough punishment in itself.
This is a case where I'd make them do some kind of computation before they could register a name. Frex, -- "here's a number, and here's a downloadable utility that does squaring under a modulus. Tell me what this number is, squared N times, under modulus X, and I'll let you register a domain name. " So, your typical user has to wait thirty seconds, which is no big deal, but the guy who's trying to register every word in a million- word dictionary is going to have to harness truly massive computing resources in order to do so. You can even linearize the computation (meaning it won't do them any good to sic multiple cpu's on it) if you make them submit numbers in a sequence for multiple registrations. (ie, first registration is number squared N times, second is number squared 2N times, third is number squared 6N times, etc....) Or, if you are keeping track of who registers what, which of course you must be for "register" to have any meaning, why not just refuse the tenth and subsequent registrations for any particular address? Even if the addresses are masked, you can still compare hashes of them. Bear