What is Proof of Work on MTCaptcha?

MTCaptcha supports ‘Adaptive Proof of Work’ as part of the build in captcha capability, so what does that mean?

Proof of Work is basically a ‘large effort of computation’, commonly used to deter high volume automated attacks. It helps even the playing field between attacker and defender where traditionally its substantially cheaper to attack than defend. With Proof of Work attacks are :

  • More Complicated and difficult to setup (need to run virtual browsers and complicated scripts)
  • More Expensive (require much more compute power and servers)
  • Significantly Slower, where MTCaptcha’s proof-of-work also includes proof-of-elapsed-time .

Adaptive Proof of Work

Of course having your browser pause for many seconds to execute a proof of work every time can be annoying, so just as we have risk based adaptive complexity for the captcha image, we also included adaptive complexity to our Proof of Work. This means for most real users the proof of work is completely undetectable taking less than 100 milliseconds, and only increases in difficulty and time-delay for specific networks or regions where the Adaptive Risk Engine perceives higher risk.

Best Protection Against

The proof of work is best for protecting against API level brute force or denial attacks, such as

  • Brute Force Password Attacks
  • Brute Force Key or ID Attacks

Note: Proof of Work is an application layer check, and can not protect against network layer denial of service attacks such has TCP SYN Flood or TCP Split Handshake attacks which will require network layer infrastructure to mitigate. If you have any questions or is uncertain the type of attack you are under feel free to contact us via our contact page.

Also see Wikipedia: Proof of Work