From: Simon Josefsson <jas@extundo.com>
Cc: "(ding)" <ding@gnus.org>
Subject: Re: [ANNOUNCE] contrib/hashcash.el spam fighter
Date: Sat, 29 Jun 2002 01:03:26 +0200 [thread overview]
Message-ID: <iluadpfgg5d.fsf@extundo.com> (raw)
In-Reply-To: <02Jun28.172137edt.119392@gateway.intersystems.com> (Stainless Steel Rat's message of "Fri, 28 Jun 2002 17:30:03 -0400")
Stainless Steel Rat <ratinox@peorth.gweep.net> writes:
> * "Patrick J. LoPresti" <patl@curl.com> on Fri, 28 Jun 2002
> | Right, so you have to try them all. Checking the validity of a coin
> | is "fast", so this is OK, in theory.
>
> Not even in theory. It is a linear problem, and linear problems do not
> scale.
The number of email addresses a person has is usually a constant, so
the problem is O(1).
> | Then again, it is not disastrous if you miss a message.
>
> And if that lost message is the job offer I am expecting? -Anything- that
> causes loss of legitimate mail is BAD. Really bad. Unacceptably bad, in
> my opinion and that of the 350 employees in my company who expect mail not
> to be lost.
I wouldn't reject failed hashcash, I would treat it as mail that don't
have hashcash. Hashcash improves the situation in most cases, and in
the remote cases where it fails, it doesn't make things worse than it
was before.
> [...]
> | Well, you get to decide how many bits you require the sender to match,
> | so you can make it one out of however many you like.
>
> | Or am I misunderstanding what you mean?
>
> You are misunderstanding. Say that you (not necessarilly "you" personally,
> but anyone or thing that relies on X-Hashcash headers) want 20 bits
> collision (that is a 1:2^20 probability of any two hashes of the same total
> length meeting the criteria, or approximately 1 in 1 million, just so you
> know). And say that I use something like Sub7 to distribute my X-Hashcash
> DoS system to a mere five thousand machines, which can calculate hashes at
> a rate of 1 every 10 seconds, just to pull some numbers out of my behind
> (10 seconds is rather slow by today's standards, anyway). That is 1.8
> million hashes per hour.
>
> All those hashes being dumped into your spent coin database. And five
> thousand Sub7 variant infections is a very conservative number.
>
> Do you begin to see the vulnerabilities in X-Hashcash?
Not at all, it seems to work fine, if in your example hashcash forces
spammers to invest in knowledge to get a cluster with 5000 machines to
work. Making it expensive to spam is the whole point of hashcash.
Also, in practice the collision size people will use will be close to
30 bits though, and is increased over time as CPUs gets faster.
next prev parent reply other threads:[~2002-06-28 23:03 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-06-22 12:55 Simon Josefsson
2002-06-23 2:40 ` David Masterson
2002-06-23 4:39 ` Stainless Steel Rat
2002-06-23 5:12 ` David Masterson
2002-06-23 13:50 ` Stainless Steel Rat
2002-06-23 14:36 ` Simon Josefsson
2002-06-23 15:20 ` Stainless Steel Rat
2002-06-23 17:59 ` Simon Josefsson
2002-06-23 21:34 ` Stainless Steel Rat
2002-06-24 5:41 ` David Masterson
2002-06-24 8:20 ` Kai Großjohann
2002-06-24 12:06 ` Simon Josefsson
2002-06-24 16:05 ` Stainless Steel Rat
2002-06-24 16:41 ` Simon Josefsson
2002-06-24 19:26 ` Stainless Steel Rat
2002-06-24 21:14 ` Simon Josefsson
2002-06-25 1:55 ` Stainless Steel Rat
2002-06-25 2:15 ` Stainless Steel Rat
2002-06-25 8:56 ` Simon Josefsson
2002-06-25 14:54 ` Stainless Steel Rat
[not found] ` <mit.lcs.mail.ding/02Jun25.104630edt.119271@gateway.intersystems.com>
2002-06-28 14:48 ` Patrick J. LoPresti
2002-06-28 16:30 ` Stainless Steel Rat
[not found] ` <mit.lcs.mail.ding/02Jun28.122222edt.119118@gateway.intersystems.com>
2002-06-28 20:25 ` Patrick J. LoPresti
2002-06-28 21:30 ` Stainless Steel Rat
2002-06-28 23:03 ` Simon Josefsson [this message]
2002-06-29 0:41 ` Stainless Steel Rat
2002-06-29 11:46 ` Simon Josefsson
2002-06-29 13:56 ` Stainless Steel Rat
[not found] ` <m2u1nmti0u.fsf@tnuctip.rychter.com>
2002-06-29 14:05 ` Stainless Steel Rat
[not found] ` <mit.lcs.mail.ding/m3bs9uxjsh.fsf@peorth.gweep.net>
2002-06-30 0:20 ` Patrick J. LoPresti
2002-06-30 7:23 ` Stainless Steel Rat
[not found] ` <mit.lcs.mail.ding/02Jun28.172137edt.119392@gateway.intersystems.com>
2002-06-30 0:07 ` Patrick J. LoPresti
2002-06-30 7:48 ` Stainless Steel Rat
2002-07-01 6:37 ` Steinar Bang
2002-07-01 15:20 ` Stainless Steel Rat
2002-07-01 17:22 ` Steinar Bang
2002-07-01 18:37 ` Stainless Steel Rat
2002-07-02 10:43 ` Steinar Bang
2002-07-02 15:33 ` Stainless Steel Rat
2002-07-02 18:23 ` Simon Josefsson
2002-07-02 18:28 ` Karl Kleinpaste
2002-07-02 18:50 ` Simon Josefsson
2002-07-05 22:14 ` Kevin Ryde
2002-07-06 11:11 ` Henrik Enberg
2002-07-07 18:40 ` Simon Josefsson
2002-07-02 18:57 ` Steinar Bang
2002-07-02 21:09 ` Stainless Steel Rat
2002-07-03 11:45 ` Steinar Bang
2002-07-03 12:35 ` Oystein Viggen
2002-07-03 14:49 ` Stainless Steel Rat
2002-06-25 6:57 ` undo mail catchup w .snapshot .[mumble]rc ? Yeoh Yiu
2002-06-26 19:33 ` Paul Jarc
2002-06-28 4:51 ` Yeoh Yiu
2002-06-23 14:36 ` [ANNOUNCE] contrib/hashcash.el spam fighter Mark Milhollan
2002-06-23 10:54 ` Simon Josefsson
2002-06-24 18:22 ` Jason R. Mastaler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=iluadpfgg5d.fsf@extundo.com \
--to=jas@extundo.com \
--cc=ding@gnus.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).