[hashcash] Re: Opportunistic signatures - a proposed design

  • From: Atom 'Smasher' <atom@xxxxxxxxxxxxxx>
  • To: hashcash@xxxxxxxxxxxxx
  • Date: Sun, 29 Aug 2004 16:15:24 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Sun, 29 Aug 2004, Hal Finney wrote:

The issue of using a shared-secret type of signature versus a public-key signature is being discussed by others. I will focus on the details of the shared-secret signature.
==============

regarding shared secrets...

a practical implementation of a system using shared secrets would be an absolute nightmare on anything approaching the scale of email. if anyone can explain a feasible (secure, trusted, invisible to end users, etc) system of key exchange, i'd enjoy hearing about it.

simpler (and less secure) than a MAC, but suitable for some applications, is just whitelisting a secret... this could range from the pgp fingerprint in the body and header of my mail (it's unlikely that a spammer would include my fingerprint in spam, and even more unlikely that it would aid the spammer getting past a whitelist), to an extra header, such as:
X-Whitelist-This: secret
or:
X-Whitelist-This: d1ac8c83e8d2dbe6a77c95a2ef6672f654819400


the first form (with the example of a pgp fingerprint in the body of the message) is useful for hiding a secret in plain sight...

i use the latter form to send myself mail from web-forms... sometimes they seem spammy (mostly due to poor spelling and grammar), but i ALWAYS want to read them... for this application, an incredibly insecure protocol is secure enough.


...atom

 _________________________________________
 PGP key - http://atom.smasher.org/pgp.txt
 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
 -------------------------------------------------

        "It may be true that the law cannot make a man love me,
         but it can keep him from lynching me,
         and I think that's pretty important."
                -- Martin Luther King, Jr.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures

iQEcBAEBCAAGBQJBMjlhAAoJEAx/d+cTpVcioIAIAJ73Z9gEVT5gPJGTwl+twrpc
pm1Urs+08f4yOLsziarI5KOU/QOkplZ7U79LxXPK11o8LoM8AKULxXsOkWprNik0
jgJ98B/NB0HRDlFqAQwNA8VNnTSMszZsL1k3jFS+W5Jd3uuZ3XgfQxjIfm6WVhoN
ndX9ZU7eAaWL156zbkPSpA28ZyDX+M0cDUhx4CDJJfa23qYBCz/dBbJAQl8G6TlI
dUs+TK22pT1uSmB8jyjlJVHQTD1P99S+fLUr22nhUfkWXyXQGqo6I6QxEv1ljdmI
zNQKnZ1hBI2ZKnEK2P1c50/W1FzpC04RUf6pjNQyuHVcKuoLWAcZjdIdMFBzIew=
=vDM4
-----END PGP SIGNATURE-----

Other related posts: