Clarification about the minimum random number value

[ausi]

In the documentation in https://altcha.org/docs/complexity/ the following notes appear:

The widget always starts the computational loop at 0 and does not support negative numbers.

We recommend using a minimum value of the random number of at least several thousand as a “minimum required complexity”. The maximum value of 100,000 is a good start for most systems. Adjust these values to your needs.

I don’t understand that.

First, your own implemenation does not seem to use a minimum in https://github.com/altcha-org/altcha-lib/blob/c1f2b989c47685ee84fa6ce0c4b11d7de76d07a7/lib/index.ts#L40 And second, I cannot see the benefit. It would reduce the computational effort of spambots (as they would start the loop with a higher number then) but it would not reduce it for the real clients as the widget always starts the loop at 0.

I think the range of the random number should always be from zero to the desired maximum.

[ovx]

Hi, there are two things to consider:

1. The minimum number is also a secret, unknown to both the client and the attacker. Because the attacker does not know where to start, they must begin at 0.
2. Having a minimum number greater than 0, as recommended in the documentation, ensures that the PoW runs for "some time" instead of finishing in only one cycle of SHA hashing.

The latest version 0.6.0 supports the attribute delay, which adds an artificial delay to the verification process. This makes it appear as though it is performing a task, which is useful when users have powerful devices and a relatively low random number, making the verification too quick, which might not provide the best user experience, as users expect some feedback from the UI, such as a visible spinner.

With this new delay attribute, having a minimum number greater than 0 is no longer necessary to extend the verification duration. I will update the documentation and remove this recommendation.