[camram-spam] Re: Microsoft publicly announces Penny Black PoW postage project

Eric S. Johansson esj at harvee.org
Mon Dec 29 13:43:26 EST 2003 

Bill Stewart wrote:

> At 09:37 PM 12/26/2003 -0500, Adam Back wrote:
> 
>> The 2nd memory [3] bound paper (by Dwork, Goldber and Naor) finds a
>> flaw in in the first memory-bound function paper (by Adabi, Burrows,
>> Manasse, and Wobber) which admits a time-space trade-off, proposes an
>> improved memory-bound function and also in the conclusion suggests
>> that memory bound functions may be more vulnerable to hardware attack
>> than computationally bound functions.  Their argument on that latter
>> point is that the hardware attack is an economic attack and it may be
>> that memory-bound functions are more vulnerable to hardware attack
>> because you could in their view build cheaper hardware more [....]
> 
> 
> Once nice thing about memory-bound functions is that,
> while spammers could build custom hardware farms in Florida or China,
> a large amount of spam is delivered by hijacked PCs or abused 
> relays/proxies,
> which run on standard PC hardware, not custom, so it'll still be slow.

do the math.

d*b
---
  s

where: d = stamp delay in seconds
        s = spam size in bytes
        b = bandwidth in bytes per second

assuming unlimited bandwidth, if a stamp spammer compromises roughly the 
same number of PCs as were compromised during the last worm attack 
(350,000) at 15 seconds per stamp, you end up with 1.4 million stamps 
per minute or 2 billion stamps per day.  When you compare that to the 
amount of spam generated per day (high hundred billion to low trillion), 
they are still a few machine short of what is necessary to totally 
render stamps useless.  Yes, maybe one spammer could muster a few 
machines to be a nuisance but that's the extent of it.

When dealing with hardware acceleration, it becomes a hardware war.  If 
they can make a custom hardware, Taiwan can make us USB stamp 
generators, postage goes to a period of rapid inflation, and the world 
goes back to where was before with no advantage to spammer's.

> Penny Black or any other system that involves tweaking the email protocols
> gets a one-time win in blocking spam, because older badly-administered
> mail relays won't be running the new system - if their administrators
> upgrade them to support the new features, hopefully that will turn off
> any relay capabilities.  That doesn't apply to cracked zombie machines,
> since the crackers can install whatever features they need,
> but at least all of those Korean cable-modem boxes won't run it.

again, work the numbers to figure out the basic model and where the 
threat roughly lives.  Personally, I think that any system that tweaks 
the e-mail protocols basically loses for reasons of adoption and 
backwards compatibility.  I've put a lot of effort into the camram 
implementation to create significant backwards compatibility without 
leaving someone vulnerable to spam.

also, zombied machines are a threat but the beauty of any proof of work 
system is that the machine will start overheating if it's used too much 
and the CPU load will become noticeable to the user.  So in a way, stand 
generating zombies might actually do the net some good and takeout these 
machines.  or cause another blackout in New York State...

---eric


-- 
Speech recognition in use.  Incorrect endings, words, and case is
closer than it appears

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list