Don Marti
Thu 15 Dec 2005 06:28:12 PM PST
JavaScript Hash Cash
Hey kids! Prior Art! Great idea, and it looks like it's working, but I'm wondering...if you run the JavaScript once, you get four hours to spam like a madman. I'm thinking about something like this for a simpler form-based site, but without encrypting the JavaScript itself. The form would have hidden fields containing a string A and a length L, and the JavaScript would run until it finds a string B whose hash matches the hash of A in the first L bits. Then you could turn up L until the script runs within the length it takes a user to type a thoughtful comment on a slow machine, and of course on the server side only accept the form submit if B passes the test. Go back to the form again and you get a new A.
(To make this extra leet, I should find a hash function whose implementation in JavaScript runs not too much slower than some future spamware's implementation in C.)