why "penny black" etc. are not very useful
Arnold G. Reinhold
reinhold at world.std.com
Wed Dec 31 12:22:12 EST 2003
At 11:12 AM +0000 12/31/03, Ben Laurie wrote:
>Perry E. Metzger wrote:
>>In my opinion, the various hashcash-to-stop-spam style schemes are not
>>very useful, because spammers now routinely use automation to break
>>into vast numbers of home computers and use them to send their
>>spam. They're not paying for CPU time or other resources, so they
>>won't care if it takes more effort to send. No amount of research into
>>interesting methods to force people to spend CPU time to send mail
>>will injure the spammers.
>
>If you set the price to 1 minute of CPU, and spammers own 10% of all
>machines on the 'net, then the average machine can only receive 144
>spams per day. That's a significant improvement on my situation.
>
>Plus I'd've thought that having 100% CPU utilisation all the time
>might attract attention. But maybe not.
>
>Cheers,
>
>Ben.
There is something else one can do that might help. The hashcash
stamp algorithm can be designed to provide a strong, constant
signature to virus detectors. For example, in my HEKS-1 algorithm, I
populate a large array with pseudo random words. It would be easy
enough to have some fraction (say 1/8th or 1/16th) of those words be
a special constant (or one of a few special constants). There would
be no way for the spammer to avoid exhibiting the same constants
while generating stamps without incurring a severe computational
penalty. So any stamp generation activity would be easy to detect.
Since the signature would never change, the detection software could
be built into the operating system (or even the CPU itself).
Legitimate stamp generation would have to be distinguished, perhaps
by code signing or some Touring test. A sufficiently clever virus
writer with root access might be able commandeer the legitimate stamp
generator. If this happens, periodic required updates of the hashcash
software can be issued that thwart viruses in the field. Also a large
number of countermeasure variants can be generated, making it hard
for the virus to recognize them all. This reverses the tactical
advantage normally enjoyed by virus writers. Illegitimate stamp
generators are forced to present a fixed target while legitimate
programs and counter measures can continuously morpf.
Arnold Reinhold
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list