vcaptcha

package module
v0.0.0-...-f533ddb Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 21, 2022 License: Apache-2.0 Imports: 8 Imported by: 0

README

vcaptcha

vcaptcha is a proof of concept alternative to existing captcha systems using verifiable delay functions (vdf) to provide a privacy first, centralized provider free captcha service. It is non-interactive so that the end-user doesn't need to manually solve a puzzle. It in theory should be effective at stopping ddos attacks or bots however this hasn't been tested. Unfortunately at the moment vcaptcha requires golang as there is yet no solver for it in python or javascript.

overview

The VDF library used requires that each VDF be given a 32-byte seed along with specifying the difficulty. To get this 32-byte seed we leverage segmentio's KSUID format, which allows us to collect some metadata, such as the time captchas were generated without any personally identifiable information.

This KSUID is bundled into a "ticket" which is really a JSON object containing the KSUID, difficulty, and proof (when ticket is generated the proof doesnt yet exist). Information about the ticket is stored in memory on the server so we can keep track of tickets we have given to clients. We send this information to the client who will then solve the VDF.

After the VDF is solved the proof is then stored inside the ticket, and sent back to the server. The server then verifies that we did give out this seed + difficulty combination before. The proof is verified and if everything checks out we mark the captcha as solved, and generate a JWT which is then used to authenticate the user in the future.

usage

To see a usage example implementing vcaptcha in a HTTP server see the examples directory.

future improvements

  • each captcha can be used by at most one session
    • this prevents attacks in which a solved vdf is used across many users
  • enable captcha solve, and current active captcha information persisting to storage or other
    • at the moment it is simply stored in memory
  • implement vdf solver in python and javascript

license

all code in the vdf folder is from from https://github.com/harmony-one/vdf i have included it in-tree as the harmony-one repository isn't very go modules friendly. everything else is licensed under apache2.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type VCaptcha 

type VCaptcha struct {
	// contains filtered or unexported fields
}

func NewVCaptcha 

func NewVCaptcha(jwtSecret string, minDiff int, maxDiff int) *VCaptcha

NewVCaptcha returns a new instance of VCaptcha that generates tickets within the defined difficulty range

func (*VCaptcha) DiffInRange 

func (vp *VCaptcha) DiffInRange(diff int) bool

ensures that the given difficulty is within the range

func (*VCaptcha) GetDiff 

func (vp *VCaptcha) GetDiff() int

getDiff returns a new difficulty to use for a vdf withi na range

func (*VCaptcha) JWT 

func (vp *VCaptcha) JWT() *jwtauth.JWTAuth

JWT returns the underlying JWT implementation

func (*VCaptcha) Request 

func (vp *VCaptcha) Request() ([]byte, error)

Request is used to request a new ticket

func (*VCaptcha) Verify 

func (vp *VCaptcha) Verify(data []byte) (string, error)

Verify takes a marshalled ticket struct and is used to verify that it contains a valid proof. it ensures that the id and difficulty are ones that we have previously allocated

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.