Try to analyze the computing Verification Code

Try to analyze the computing Verification Code

0x00 Preface

The original intention of the verification code is human-machine recognition. However, most of the time is only used to increase the time cost and reduce the frequency.

If it is only for time consumption, can it be completely implemented using programs without images?

0x01 how to consume time

Let's first think about a problem: write a program that can consume the Time of the other party.

Time consumption is not easy. Just sleep:

#!cppSleep(1000)

This does consume time, but does not consume CPU. If the variable speed gear is enabled, it can be completed in an instant.

It is not difficult to consume CPU. Just write a large loop:

#!cppfor i = 0 to 1000000000end

However, this is essentially different from Sleep. Do the other party have any operations? Where do we know?

Therefore, we need a returned result. Only the complete operation has the correct answer.

#!cppresult = 0for i = 0 to 1000000000    result = result + iendreturn result

Through the returned results, we can determine whether the other party is fully running the program.

However, the above problem is still too simple. As primary school students know, the results can be directly calculated using the series formula, without having to take the time to run the loop.

So what algorithms cannot be inferred using formulas?

Obviously, the one-way hashing function is. For example, a classic question:

#!cppMD5(X) == X

The formula cannot be used to solve the problem. To find out the answer, it takes a lot of time to raise the question one by one.

However, for validators, you only need to calculate the received answer once to determine whether it is right or not, so you can easily verify it.

This is the way PoW (Proof-of-Work) proves that the other party is put into Work.

Of course, the above example is too difficult, and the answer can be reused, so we still need to improve it. For example:

#! CppMD5 ("problem" + X) = "0000 ......"

We only require that the first few digits of the hash result be 0. The smaller the number of digits, the easier it is to find the answer. At the same time, add a salt value so that the answer cannot be reused.

In fact, bitcoin uses a similar approach, using a SHA-256 as a hash function. In this way, we can only do nothing, and we cannot use faster methods to speculate. This reflects the value of mining.

The PoW implemented by the hash function is Hashcash.

0x02 traditional applications

Hashcash is nothing new, and has been used in anti-spam.

For example, when a user writes an email, the client uses the "Receiving address + mail content" as the Salt and then calculates the qualified answer:

#!cppHash(X, Salt) == "000000..."

Finally, append the found X to the email and send it. After receiving the email, the server can identify whether the email has been computed.

For normal users, an extra few seconds does not affect their use, but for those who make SPAM, the cost is greatly increased.

Traditional policies are mostly restricted by IP addresses and accounts. Attackers can use a large number of vests and proxies to bypass these restrictions.

When PoW is used, the bottleneck is limited to hardware-How fast computing is, and how fast operations are.

0x03 Web Applications

Similarly, Hashcash can also be used for Web applications. For example, a forum can be calculated when posting:

#! CppHash (X, Post content) = "000000 ..."

However, unlike the email client that can be automatically calculated in the background, if the post is on the card for several seconds, the user experience will be greatly reduced.

Therefore, you cannot select user input such as post content and title as the salt value. Instead, a random number is issued at the backend using the traditional verification code.

The front end uses this random number as the salt value-so that when the page is opened, the calculation can begin.

#! Cpp # backend-allocate session ["pow_code"] = rand () # front-end-mining while Hash (X, pow_code) = "000000..." X = X + 1end

Select a moderate difficulty, for example, 10 seconds. With multithreading, computing tasks can be completed more quickly without affecting the user experience.

Under normal circumstances, the user has completed computation before posting. When you submit the job, attach it to it.

If the calculation is not completed at the time of submission, wait until the calculation is complete. (Posting is too fast, and there is suspicion of bumping water)

#! Cpp # frontend-submit wait Xsubmit (..., X) # backend-verify if Hash (X, session ["pow_code"]) = "000000..." okelse failend

In this way, a verification code for "Testing Machine computing power" is implemented.

Currently, hashcash third-party verification websites, such as hashcash. io, are available.

0x04 Web Performance

Of course, when used in the Web, performance is also a major problem. For 10 seconds of script computing, it takes only one second to use a local program. Then, attackers can use a local version of plug-in.

Fortunately, there are currently asm. js, which can be close to the native performance. For older browsers, Flash can also be used for post-completion. In the previous article section 0x08, we have explained in detail.

If the computing power is not enough, you can also use the backup solution-traditional graphic verification code.

In this way, high-performance users can enjoy a better experience, and low-performance users can also ensure basic functions.

This is to encourage everyone to use modern browsers :)

0x05 critical Defects

However, the performance gap in language is still limited. Plug-ins do not struggle with this, but use a more powerful weapon-GPU.

The essence of Hashcash is to run hash, Which is what GPU is best. For example, the well-known oclHashcat is not an order of magnitude with the CPU.

The parallel computing against hardware has the following solutions and ideas:

Hardware bottleneck porting difficulty CPU algorithm uses brute-force code obfuscation serial mode

The first three articles mentioned in the previous article 0x09 are discussed below.

0x06 violence

If we can also call graphics card computing on the Web, the GPU plug-in has no advantage.

However, this idea seems a little far away. Although mainstream browsers currently support WebGL, they are only limited to rendering acceleration and do not provide general computing interfaces.

Of course, you can also use some hack methods. For example, someone tried to use WebGL to dig bitcoin, but the efficiency is not high.

If WebCL becomes a standard in the future, you may still consider it.

0x07 code obfuscation

The last time I discussed slow encryption, I mentioned why performance optimization is required. Because it is not recommended to create an encryption algorithm, you must optimize the existing algorithm.

However, compared to account security, the verification code requirements are much lower and the algorithm can be changed at any time. Therefore, you may wish to create one by yourself.

The strength of the self-created encryption algorithm is obviously not guaranteed. But we can start with "concealment"-obfuscation of code to hard-to-understand. At this time, the opposite side is tested with reverse capabilities.

This is a bit similar to the previous write of the anti-dummy-front-end combination of WAF. However, if obfuscation is good enough, do I still need a PoW mechanism?

Yes is better than no. Because browser fingerprints, user behaviors, and other information can be simulated through sandbox. However, in workload calculation, hardware resources must be consumed before the results can be obtained.

Therefore, the use of PoW can increase the hardware costs of attackers.

0x08 serial mode

The principle of Hashcash determines that it can be computed in parallel. What kinds of algorithms cannot be computed in parallel?

If each computation depends on the previous result, it cannot be parallel. For example, the slowhash discussed earlier:

#!cppfunction slowhash(x)    for i = 0 to 1000000000        x = hash(x)    end    return xend

This type of serial computing cannot be split. But can I use PoW?

Obviously not! Because PoW is difficult to calculateEasy to identify. In this way, you have to repeat the authentication, which is too costly.

But in reality, as long as it is well designed, we can still try it. We use a UGC-like model to allow users to contribute computing power!

First, a website with a large access volume needs to be quietly placed with a script. Use online users to generate questions and answers.

#! Cpp # concealed script Q = rand () A = slowhash (Q) submit (Q,)

Of course, this work must be concealed enough to prevent curious users from discovering and submitting incorrect answers.

When the backend question bank has accumulated a certain amount, you can use the verification code mode. During user access, the backend randomly selects a question from the question bank and assigns it to the front-end computing:

#! Cpp # backend-Allocation Problem Q = select_key_from_db () session ["pow_ques"] = Q # frontend-computing problem A = slowhash (Q)

When a user submits a request, the backend does not need to perform any calculation. You can use the table to check whether the answer is correct:

#! Cpp # frontend-submit (..., A) # backend-authenticate Q = session ["pow_ques"] if A = db [Q] okelse failend

The pre-calculation method is used to avoid heavy authentication work. At the same time, the computing is handed over to the user, which can greatly save hardware costs.

Of course, there are many things to consider about this model. Here we will only introduce the basic idea and discuss it in detail later.

Compared with hashcash, the solution time is random, and the slowhash time is fixed, so the difficulty is more controllable.

0x09 demo

Hashcash is relatively simple, so here we will demonstrate an md5 version, which is implemented using asm. js and flash and optimized the algorithm.

Https://github.com/EtherDream/proof-of-work-hashcash

If you want to view detailed computing speed, you can view this Demo:

Http://www.etherdream.com/FunnyScript/hashcash/js/test.html

It looks like it is not slow, but the speed of comparison with GPU is just a little lower. Therefore, Hashcash using the classic algorithm is simply vulnerable.

As for the PoW in the serial mode, many policies and data accumulation are involved, this article demonstrates and will discuss it separately next time.

0x0A Summary

Finally, we will compare the differences between computing power verification and traditional graphic verification.

Verification Method verification Object User Experience interception dummy traditional verification Image Recognition human brain needs interaction part interception computing power verification question answering computer imperceptible Interception

The effect is of course better than traditional image verification, but it is at the expense of user experience.

With the continuous development of hardware, image recognition software will become more and more powerful. The human brain is always limited, and the advantage will be smaller and smaller, resulting in more and more complex verification codes.

However, computing power verification is different. The development of hardware will also boost the computing power of browsers. In the end, you only need to increase the difficulty of the problem.

Of course, the more fields involved in security defense, the better. Every solution is not invincible, just to increase some attack costs.

Therefore, computing power verification, combined with traditional defense solutions, can bring value to play.