[hashcash] Hi!

• From: Máté Soós <msoos@xxxxxxxxxxxxxx>
• To: hashcash@xxxxxxxxxxxxx
• Date: Fri, 26 May 2006 18:39:53 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!

I am a new member of this anti-spam hash-cash list. I was wondering, if
the following idea would solve the BCC-related hashcash problem:

The problem with BCC, as far as I can see, is that the X-HASH value must
contain the email address of the BCC recipient, which needs to be
hidden. In theory, we could use some sort of masking of this email
address. And if we are at hashes, why not use them (after all, they are
one-way, not only 2nd-preimage-resistant). So, hash the address, and use
that(or some first bytes of that) instead of the email string. We are
done - hmm, well, almost. Except that if the person thinks that the
email might have been sent to someone he knows the email address of, he
could check. Well, nothing is perfect.What do you think?

Also, another thing. Is the length of the 0-bits that must be calculated
by the sender fixed ? Because if so, the whole idea will be useless in
about 8-12 years, given that the barrier will remain the same, but the
runners (the computers) will become 4-8 times better jumpers(faster).
Maybe the number of 0's that needed to be calculated should be increased
propotionally(linearly, btw, since its effect is exponential anyways)
to time(i.e. 2004, 2006, etc)?

Also, a note on implementation. The random digits at the end of the
'date:email:random' that needs to hash to (00[..]xxx) should truly be
random. Otherwise, the probability of collisions would rise high above
the probablility of winning the lottery weeks on end. This is a matter
of implementation, but I believe it should be emphasised. Generating
truly random numbers is not as easy as people(programmers) think.

Oh, well. Just to generate some discussion, this mail is not intended to
start a war :O

Máté


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEdy9ZuXopCweTRxMRAg7lAJ964m2qBdbzAlkT/ZAflFEl8Qq/6gCbBc8T
TWO41In8Yp5VC+ZEj0WIMao=
=M6Zy
-----END PGP SIGNATURE-----

• Follow-Ups:
  • [hashcash] Re: Hi!
    • From: Adam Back
  • [hashcash] Re: BCC problem (was: Hi!)
    • From: Hubert Chan
  • [hashcash] Re: Hi!
    • From: Atom Smasher

Other related posts:

• » [hashcash] Hi!
• » [hashcash] Re: Hi!
• » [hashcash] Re: Hi!

1. Home
2. hashcash
3. Archive
4. 05-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---