From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/45379 Path: main.gmane.org!not-for-mail From: Simon Josefsson Newsgroups: gmane.emacs.gnus.general Subject: Re: [ANNOUNCE] contrib/hashcash.el spam fighter Date: Mon, 24 Jun 2002 23:14:30 +0200 Sender: owner-ding@hpc.uh.edu Message-ID: References: <02Jun24.115740edt.119250@gateway.intersystems.com> <02Jun24.151839edt.119751@gateway.intersystems.com> NNTP-Posting-Host: localhost.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: main.gmane.org 1024953340 27058 127.0.0.1 (24 Jun 2002 21:15:40 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Mon, 24 Jun 2002 21:15:40 +0000 (UTC) Cc: "(ding)" Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by main.gmane.org with esmtp (Exim 3.33 #1 (Debian)) id 17MbBT-00072I-00 for ; Mon, 24 Jun 2002 23:15:40 +0200 Original-Received: from sina.hpc.uh.edu ([129.7.128.10] ident=lists) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 17MbAf-0007AU-00; Mon, 24 Jun 2002 16:14:49 -0500 Original-Received: by sina.hpc.uh.edu (TLB v0.09a (1.20 tibbs 1996/10/09 22:03:07)); Mon, 24 Jun 2002 16:15:09 -0500 (CDT) Original-Received: from sclp3.sclp.com (qmailr@sclp3.sclp.com [209.196.61.66]) by sina.hpc.uh.edu (8.9.3/8.9.3) with SMTP id QAA21531 for ; Mon, 24 Jun 2002 16:14:57 -0500 (CDT) Original-Received: (qmail 14727 invoked by alias); 24 Jun 2002 21:14:32 -0000 Original-Received: (qmail 14722 invoked from network); 24 Jun 2002 21:14:31 -0000 Original-Received: from 178.230.13.217.in-addr.dgcsystems.net (HELO yxa.extundo.com) (217.13.230.178) by gnus.org with SMTP; 24 Jun 2002 21:14:31 -0000 Original-Received: from latte (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.12.4/8.12.4) with ESMTP id g5OLESlf000986; Mon, 24 Jun 2002 23:14:29 +0200 Original-To: Stainless Steel Rat Mail-Copies-To: nobody X-Hashcash: 020624:ratinox@peorth.gweep.net:696e49e4b709bd51 X-Hashcash: 020624:ding@gnus.org:9077ca4575eea9ce In-Reply-To: <02Jun24.151839edt.119751@gateway.intersystems.com> (Stainless Steel Rat's message of "Mon, 24 Jun 2002 15:26:57 -0400") Original-Lines: 39 User-Agent: Gnus/5.090007 (Oort Gnus v0.07) Emacs/21.3.50 (i686-pc-linux-gnu) Precedence: list X-Majordomo: 1.94.jlt7 Xref: main.gmane.org gmane.emacs.gnus.general:45379 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:45379 Stainless Steel Rat writes: > * Simon Josefsson on Mon, 24 Jun 2002 > | No, it does not work like that. Each coin has a limited life length > | (e.g., 28 days), the receiver only has to keep track of valid ones > | within the time window. > > I-the-spammer generate a new hash every hundred thousand messages or so. > I-the-spammer easilly circumvent the X-Hashcash system, and without even > trying hard. How? The coin is specific for each recipient, and you can only use each coin once. To create a new coin, you need to burn CPU time. If you send the same hash in more than one message to the same recipient, the double spending database will notice and reject it, and if you send the same hash to another recipient, the other recipient cannot verify the coin and rejects it. > | This is explained on the web page... > > I looked. The X-Hashcash scheme is fundamentally flawed. It relies on the > sender being honest when he says that he spent the time generating the hash > when he puts it in his headers. >From how I understand it, the receiver verifies that the sender spent time generating the coin by verifying the coin, it is not simply trusting the sender about that. > | > The more I learn about X-Hashcash, the more I see that it is doomed to > | > fail. > | Do you have a better idea? > > Hashcash at the MTA level. That is enforceable because the recipient says > "find X bits of collision with this hash or your message will not be > accepted". This would slow down my mail server a bit, but is otherwise good. One good thing with doing hashcash in the MUA is that only my own machine is slowed down.