Re: Hashcash

From: Tom St Denis (tom_at_securescience.net)
Date: 07/16/04

  • Next message: Jean-Luc Cooke: "Re: Hashcash" 
    Date: Fri, 16 Jul 2004 20:14:26 GMT

    Jean-Luc Cooke wrote:

    > http://www.hashcash.org
    >
    > I'd like to hear discussion on this. My concerns:
    >
    > 1) The proposed standard doesn't provide a way to specify how many LSBit
    > are zero, this would be required in the X-Hashcash: MIME header for
    > server-side computation.
    > My suggestion:
    > "X-Hashcash: 16 0:030626:adam@cypherspace.org:6470e06d773e05a8"
    > Where "16" specifies the number of lower bits to be zero of
    > SHA("0:030626:adam@cypherspace.org:6470e06d773e05a8")
    > Mail-servers and chose to accept varying levels, but most of the world
    > will be happy accepting a standard like 17 (2^17 = 131,072)
    >
    > 2) The proposed standard suggests using time & email address. Fine and
    > good, but this leaves two issues:
    > a) Pre-computation of email address Hashcash DBs becomes possible, even
    > with the time variable in there (do you reject email as spam if it took
    > 3 days to make it though a SMTP spooler?)
    > My Suggestion:
    > Replace the email field with:
    > SHA1(<fromAddress>:<destinationAddress>:<subject>:<emailBody>)
    > Hashing the emailBody isn't that much more expensive now is it?
    > Even 10MB in size, it should be manageable.

    This opens you to mail flooding though. I could form that for one message
    and just repeat it.

    A timestamp makes sense just don't have it down to the second. Very little
    email bounces around for 3 days so why not make the timeout 1 day. The
    more important point though is you don't delete email that fails. You just
    sort it. Hashcash is more of a "method of filtering" than a whitelist of
    sorts...

    More important problems though are

    1. How do you address web email systems [java being easiest solution]
    2. Wireless [cell] users?
    3. How do you negotiate collision sizes? Sure 20 bits may be fine for
    today, but not for 6 months from now.

    Tom

  • Next message: Jean-Luc Cooke: "Re: Hashcash"

    Relevant Pages

    • Re: Repost - Help with code
      ... I tried your last suggestion - to put ... form are sorted and the form itself is set to sort, ... >>> I'm dubious of a nested Where clause in an OpenForm's WhereCondition. ... >>> IF NOT OpenArg is null THEN ...
      (microsoft.public.access.formscoding)
    • Re: Overcoming Transact-SQL ORDER BY limitations
      ... That's a good point, dealing with NULL's. ... that suggests not using this suggestion, ... a variation to examine the impact of dealing with NULL's. ... I could use a calculated field and sort on ...
      (microsoft.public.sqlserver.programming)
    • Re: go out or put out
      ... view the light as a fuel-burning lantern of some sort. ... wish to comment on the level of colloquialism in my last suggestion. ...
      (alt.usage.english)
    • Re: Sort columns between break lines
      ... > then ³Sort² by column A and it would sort each group ... > This post is a suggestion for Microsoft, ... To vote for this suggestion, ... > click "I Agree" in the message pane. ...
      (microsoft.public.excel.misc)