mCaptcha
crypto-puzzle
mCaptcha | crypto-puzzle | |
---|---|---|
11 | 2 | |
1,578 | 19 | |
2.6% | - | |
8.6 | 4.9 | |
about 1 month ago | about 2 months ago | |
Rust | TypeScript | |
GNU Affero General Public License v3.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
mCaptcha
-
So much for CAPTCHA then – bots can complete them quicker than humans
What about proof of work based CAPTCHA like https://github.com/mCaptcha/mCaptcha ? Since CAPTCHAs can be solved by bots, at least make it more costly for them.
-
Google's reCAPTCHA likely illegal in Europe?
That should only be an issue if the server is under attack.
According to the docs (https://github.com/mCaptcha/mCaptcha/blob/master/docs/CONFIG...), you can set three difficulty levels:
MCAPTCHA_CAPTCHA_AVG_TRAFFIC_DIFFICULTY
MCAPTCHA_CAPTCHA_PEAK_TRAFFIC_DIFFICULTY
MCAPTCHA_CAPTCHA_BROKE_MY_SITE_TRAFFIC_DIFFICULTY
-
Let us serve you, but don't bring us down
It isn't proprietary [0]. There is a matrix channel [1] for the project to ask questions.
[0] https://github.com/mCaptcha/mCaptcha
[1] https://matrix.to/#/@realaravinth:matrix.batsense.net
- Self-hosted captcha solution?
- Self-hosted email is the hardest it's ever been, but also the easiest
- Silent SHA256 based proof-of-work(PoW) captcha solution
- Botspam Apocalypse
crypto-puzzle
-
mCaptcha: Open-source proof-of-work captcha for websites
Funnily enough I've recently implemented [0] a little proof-of-work generator (or more specifically a time-lock puzzle [1] generator), which is the base building block on top which something like this can be built.
It's a very cool idea imo, you generate a cryptographic puzzle that's cheap for you to make, cheap for you to verify if its solved, and potentially cheap-enough for legitimate users to solve, but expensive-enough that users making too many requests would find solving them prohibitively expensive.
I wish something like this was bolted onto email protocols, it would just cost more to be a spammer than it'd be worth it.
Interesting how mCaptcha seems based on sha256, I don't know enough but it would be worth checking how much the algorithm can be sped up with (already existing) dedicated ASICs, if the attacker can solve the puzzle like 10000x faster than normal users you just can't crank the difficulty of the puzzle high enough and for motivated attackers this becomes basically useless. Basing this of on repeated squarings, like the RSW paper on time-lock puzzles did, seems potentially better.
[0]: https://github.com/fabiospampinato/crypto-puzzle
-
Silent SHA256 based proof-of-work(PoW) captcha solution
Nice! I had written a little algorithm that one could use to implement something like this (maybe interesting if you want to understand how it could work): https://github.com/fabiospampinato/crypto-puzzle
I think there's something to this, it costs you next to nothing to generate these puzzles and get a guaranteed, tunable, slowdown factor on attackers (or cost increase for them I guess).
What are some alternatives?
aws-lambda-ses-forwarder - Serverless email forwarding using AWS Lambda and SES
2captcha-php - PHP package for easy integration with the API of 2captcha captcha solving service to bypass recaptcha, hcaptcha, funcaptcha, geetest and solve any other captchas.
friendly-lite-server - Lite server for Friendly Captcha
next-hcaptcha - 🤖 Robust, dependency free and highly configurable solution for guarding Next.js API Routes through higher order function with HCaptcha
dalted - Image processing web-app for color blindness
0x4447_product_s3_email - 📫 A serverless email server on AWS using S3 and SES
proton-bridge - Proton Mail Bridge application
Mail-in-a-Box - Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.
xmrig-for-android - ⛏Mine Monero from your android device
wildduck - Opinionated email server
pyhttp-benchmark - Micro-benchmarks of the Python http clients. Heavily inspired by httpxprof.
RandomxAudits - Audit Proposals and Reports for RandomX