search

globaleaks / globaleaks-whistleblowing-software

GlobaLeaks is free, open-source whistleblowing software enabling anyone to easily set up and maintain a secure reporting platform.
https://www.globaleaks.org
Other
1.23k stars 269 forks source link

Extend Proof of Work requiring clients to perform a proof of work on session renewal. #4119

Closed evilaliv3 closed 1 week ago

evilaliv3 commented 3 months ago

Proposal

I would like to propose to extend the proof of work mechanism requiring clients to complete a challenge to perform the session renewal.

The idea is to require the client to perform a dynamic proof of work mechanism varying from complexity LOW to HIGH based on a threshold.

Extending the thresholds defined in https://github.com/globaleaks/GlobaLeaks/issues/4118 and adding thresholds_proof_of_work_operations_per_session = 50 we could for example require a client to renew the session every 60 seconds by continue to solve a proof of work. The proof of work complexity could be dynamically changed from a level LOW to HIGH based on the number of requests that the client is performing.

Motivation and context

Ticket strictly related to https://github.com/globaleaks/GlobaLeaks/issues/4118 with same motivations.

evilaliv3 commented 1 week ago

Closing the ticket since current version (5.0.12) implement the proof of work at every session renewal.

The complexity for the moment is kept constant.