JavaScript Hash Cash
Hey kids! Prior Art! Great idea, and it looks like it's working, but I'm wondering...if you run the JavaScript once, you get four hours to spam like a madman. I'm thinking about something like this for a simpler form-based site, but without encrypting the JavaScript itself. The form would have hidden fields containing a string A and a length L, and the JavaScript would run until it finds a string B whose hash matches the hash of A in the first L bits. Then you could turn up L until the script runs within the length it takes a user to type a thoughtful comment on a slow machine, and of course on the server side only accept the form submit if B passes the test. Go back to the form again and you get a new A.
(To make this extra leet, I should find a hash function whose implementation in JavaScript runs not too much slower than some future spamware's implementation in C.)
--
Don Marti
<dmarti@zgp.org>
