From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/45344 Path: main.gmane.org!not-for-mail From: Stainless Steel Rat Newsgroups: gmane.emacs.gnus.general Subject: Re: [ANNOUNCE] contrib/hashcash.el spam fighter Date: Sun, 23 Jun 2002 00:39:10 -0400 Organization: The Happy Fun Ball Brigade Sender: owner-ding@hpc.uh.edu Message-ID: References: NNTP-Posting-Host: localhost.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: main.gmane.org 1024807256 8909 127.0.0.1 (23 Jun 2002 04:40:56 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Sun, 23 Jun 2002 04:40:56 +0000 (UTC) Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by main.gmane.org with esmtp (Exim 3.33 #1 (Debian)) id 17LzBH-0002Ja-00 for ; Sun, 23 Jun 2002 06:40:55 +0200 Original-Received: from sina.hpc.uh.edu ([129.7.128.10] ident=lists) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 17Lz9s-0006do-00; Sat, 22 Jun 2002 23:39:28 -0500 Original-Received: by sina.hpc.uh.edu (TLB v0.09a (1.20 tibbs 1996/10/09 22:03:07)); Sat, 22 Jun 2002 23:39:48 -0500 (CDT) Original-Received: from sclp3.sclp.com (qmailr@sclp3.sclp.com [209.196.61.66]) by sina.hpc.uh.edu (8.9.3/8.9.3) with SMTP id XAA17536 for ; Sat, 22 Jun 2002 23:39:37 -0500 (CDT) Original-Received: (qmail 16341 invoked by alias); 23 Jun 2002 04:39:12 -0000 Original-Received: (qmail 16336 invoked from network); 23 Jun 2002 04:39:12 -0000 Original-Received: from h0060978d8c91.ne.client2.attbi.com (HELO peorth.gweep.net) (ebzofm@24.218.202.161) by gnus.org with SMTP; 23 Jun 2002 04:39:12 -0000 Original-Received: (from ratinox@localhost) by peorth.gweep.net (8.11.6/8.11.6) id g5N4dB309956; Sun, 23 Jun 2002 00:39:11 -0400 Original-To: "(ding)" X-Attribution: Rat In-Reply-To: (David Masterson's message of "22 Jun 2002 19:40:16 -0700") Original-Lines: 34 User-Agent: Gnus/5.090006 (Oort Gnus v0.06) XEmacs/21.1 (Cuyahoga Valley, i686-pc-linux) Precedence: list X-Majordomo: 1.94.jlt7 Xref: main.gmane.org gmane.emacs.gnus.general:45344 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:45344 * David Masterson on Sat, 22 Jun 2002 | Interesting. Is this technique any better than TMDA (tmda.sf.net)? No. The way hashcash works is quite simple. Your MTA contacts my MTA because you want to deliver mail to me. Me (my MTA) picks two random numbers, multiplies them, and mashes the result through MD5. That gives me 128 bits of fairly random data. I say, "you must find two numbers that when multiplied together and have their product mashed through MD5 generate a hash that has 70 bits in common with this hash. Give me those numbers." You go through the effort of picking random numbers, multiplying them, mashing them through MD5, and comparing the hashes. As I understand it, 64 bits of match is a 50% chance of a hit the first attempt, and each increase of 1 bit of match approximately doubles the number of iterations. The hashcash system works at the MTA level becuase the recipient can say, "this is your postage due". Hashcash can be tuned, adjusting the number of matched bits based on whatever criteria the server manager wants, such as a scoring algorithm that uses the DCC. The system needs everyone to adopt it, or it will not work. Hashcash cannot work at the MUA level because the receiving MUA cannot tell the sender, "this is your price of doing business with me". The sender sets whatever "postage" rate he wants, which can be as negligible as using the same data again and again, or simply incrementing a number by 1 and hashing it, or picking data randomly from a pregenerated table, and make any claims it wants about the postage it is paying. -- Rat \ If Happy Fun Ball begins to smoke, get Minion of Nathan - Nathan says Hi! \ away immediately. Seek shelter and cover PGP Key: at a key server near you! \ head. That and five bucks will get you a small coffee at Starbucks.