Comment by hiccuphippo
Comment by hiccuphippo 4 days ago
Wasn't sha256 designed to be very fast to generate? They should be using bcrypt or something similar.
Comment by hiccuphippo 4 days ago
Wasn't sha256 designed to be very fast to generate? They should be using bcrypt or something similar.
Apparently bcrypt has design that makes it difficult to accelerate effectively on a GPU.
Indeed a new token should be requested per request; the tokens could also be pre-calculated, so that while the user is browsing a page, the browser could calculate tickets suitable to access the next likely browsing targets (e.g. the "next" button).
The biggest downside I see is that mobile devices would likely suffer. Possible the difficulty of the challange is/should be varied by other metrics, such as the number of requests arriving per time unit from a C-class network etc.
Unless they require a new token for each new request or every x minutes or something it won't matter.
And as the poster mentioned if you are running an AI model you probably have GPUs to spare. Unlike the dev working from a 5 year old Thinkpad or their phone.