Re: Implement proof-of-work CPU altcoin mining instead of CAPTCHA
There is CAPTCHA on login. It is here to protect the site from bots and bruteforcing. But it is annoying.
There is an option to replace it with proof-of-work mining of CPU-only altcoins
There is an option to replace it with proof-of-work mining of CPU-only altcoins
Why would anyone open it's login for bots just because captcha is annoying for people? Do you imagine how high the hash-rate for the CPU-only coins, because the bot farms? And not everyone is using really strong password, because humans etc.
I think switching to PoW instead of captcha would introduce huge vulnerability.
Every failed login attempt should increase difficulty. Say, the difficulty-increase multiplier is 2 (per one nickname). If first attempt takes 1 CPU-second (default difficulty), 8th will take minute and 100 attempts will take ages (imagine 2^100 seconds). Meanwhile the attacker's hashrate will work to fund Bitcointalk forum
Cryptocurrencies themselves are based on similar principle. They can theoretically be bruteforced (wallet's master key, cancel confirmed payment etc) but modern hardware can't do this in reasonable time.
I mentioned above that captcha should be preserved as a second option so that it could be used by legitimate user if the difficulty increased after bruteforce attempts. Then the user should see how many failed attempts did he have, what the password guesses were and be able to reset the difficulty.
Users should be able to set POW difficulty and difficulty increase multiplier (for failed attempts) by themselves. If a user does not like POW confirmation and wants to be logged in by captcha only, he should set difficulty impossible for all supercomputers of the world.