That was never the true goal. The goal was to prevent spam, brute force attacks and similar. This approach can work by making spam cost more. The user is not as affected by the cost (they probably have a mostly unused computer sitting there anyways) but it may be enough to stop attackers. (At least some that buy their own hardware.)

>The goal was to prevent spam

It does not. Its broken the day someone who can code wants to beak it.

>The user is not as affected by the cost...

Its exactly the opposite it affects the user not an attacker who can generate millions of PoW units on toaster for a few bucks. Or even use another systems idle time. No human needed == its super cheap. Unlike real CAPTCHAs where you need to pay real people to solve them.

In short, the Scrypt hash function was designed for this. With SHA256, the "toaster" you were refferring to is called an ASIC and you can buy one for $200 that plugs into a USB port and it would hash faster than 2 million CPUs.

However that's not possible with Scrypt, especially with the relatively large memory cost and block size parameters that this software uses. Even GPUs choke on scrypt at these levels. See: https://www.mobsec.ruhr-uni-bochum.de/media/mobsec/arbeiten/...

You misses the point. It does not matter what kind of technical implementation or algorithm is used. If the average user hardware can solve the "captcha" in a meaningful time on average hardware then an attacker with optimized hardware and on scale can always solve millions of these "captcha" relatively cheap. If you increase hardware demand to slow down an attacker you just exclude more and more legitimate people. Sure the attacker maybe can only spam 500k messages instead of 1MM in the same time but you also reduced the legitimate user by 50%.

Even in the absolute worst case where no optimization is possible at all the attacker can still run a device 24/7 so if a normal user has to wait 20 second on a smartphone an attacker can spam at least 4320 messages per day with the same device. And it scale at least perfectly linear. 2 such devices would double the spam capacity.Aand if the block sizes are increased to slow the attacker down it is exactly as much as it slows down the real user. But the real user actually cares and gets annoyed the attacker does not, he keep the same spam/legit message ratio.

If that was true than why doesn't that person sit down and use his coding talents to optimize bitcoin mining and profit.

Not sure if that is joke but Bitcoin mining is already highly optimized and done on scale.

Beating the average smartphones in-browser hash power does absolutely nothing. You are not competing against them you compete against large scale mining farms with special hardware.

Captcha is proof of human work.

Because of improved interfaces to exploit the poor, a spammer can already pay to have humans solve captchas using an API, just as well as they could pay for computing time to solve hashes.

As such, if you were to tune the difficulty of a computing proof of work to be more expensive to compute than to pay the lowest bidding human farm to solve a captcha, it should be better at decreasing spam.

But humans are expensive and dont scale well even if done by exploiting poor people.

If you would raise the PoW to cost more than that the average user would simply be unable to solve the PoW it in a meaningful time on their hardware.

Not sure whats you point or argument, none questioned the existence of humans captcha solvers.