Linearized computations - was OCR
Ray Dillinger
bear at sonic.net
Fri Aug 10 09:06:52 PDT 2001
On 10 Aug 2001, Dr. Evil wrote:
>blacked out. Cool! But I'm working on a different problem.
>Basically, I have a web site that lets you reserve domain names before
>you pay for them. I want to make sure that no loser out there decides
>to be cool and write a script which reserves every word in the
>dictionary, or every sequence of eight characters, or some moronic
>thing like that. So I will have the page display three characters,
>somewhat blurry, and say, "type these characters here!" If they don't
>match, you're not human! (Why didn't they think of this simple method
>in Terminator and Blade Runner?) This same moron could sit there and
>type domain names all day long, but that's enough punishment in
>itself.
This is a case where I'd make them do some kind of computation before
they could register a name. Frex, -- "here's a number, and here's a
downloadable utility that does squaring under a modulus. Tell me what
this number is, squared N times, under modulus X, and I'll let you
register a domain name. "
So, your typical user has to wait thirty seconds, which is no big
deal, but the guy who's trying to register every word in a million-
word dictionary is going to have to harness truly massive computing
resources in order to do so. You can even linearize the computation
(meaning it won't do them any good to sic multiple cpu's on it) if
you make them submit numbers in a sequence for multiple registrations.
(ie, first registration is number squared N times, second is number
squared 2N times, third is number squared 6N times, etc....)
Or, if you are keeping track of who registers what, which of course
you must be for "register" to have any meaning, why not just refuse
the tenth and subsequent registrations for any particular address?
Even if the addresses are masked, you can still compare hashes of them.
Bear
More information about the cypherpunks-legacy
mailing list