What is Proof of Work on MTCaptcha
MTCaptcha supports ‘Adaptive Proof of Work’ as part of the build in captcha capability, so what does that mean?
Proof of Work is basically a ‘large effort of computation’, commonly used to deter high volume automated attacks. It helps even the playing field between attacker and defender where traditionally its substantially cheaper to attack than defend. With Proof of Work attacks are :
More Complicated and difficult to setup (need to run virtual browsers and complicated scripts)
More Expensive (require much more compute power and servers)
Significantly Slower, where MTCaptcha’s proof-of-work also includes a time-delay/time-lock aspect.
Adaptive Proof of Work
Of course having your browser pause for seconds to execute a proof of work every time can be annoying, so just as we have risk based adaptive complexity for the captcha image, we also added adaptive complexity to our Proof of Work. This means for almost all real users the proof of work is completely undetectable taking less than 100 milliseconds, and only escalate in difficulty and time-delay for specific networks or regions where the Adaptive Risk Engine perceives higher risk.
Best Protection Against
The proof of work is best for protecting against API level brute force or denial attacks, such as
Brute Force Password Attacks
Brute Force Key or ID Attacks
Note: Proof of Work it is a logical layer check, and can not protect against network layer denial of service attacks such has TCP SYN Flood or TCP Split Handshake attacks which will require network layer infrastructure to mitigate. If you have any questions or uncertain the type of attack you are under feel free to reach out to us via our contact page.
Also see Wikipedia: Proof of Work