[hashcash] Re: hashcash v1 questions

  • From: Hubert Chan <hubert@xxxxxxxxx>
  • To: hashcash@xxxxxxxxxxxxx
  • Date: Tue, 01 Jun 2004 02:56:47 -0400

>>>>> "Eric" == Eric S Johansson <esj@xxxxxxxxxx> writes:


Eric> we could have an interesting conversation over a ginger beer.  :-)
Eric> I will argue that if you were to embed crypto into your e-mail
Eric> system at the client level such that there was little or no user
Eric> interface required, but demonstrable benefit, people would use it
Eric> without a second thought.  Start requiring passphrases and
Eric> additional end-user client to human interactions and quite
Eric> frankly, they will look for that check box that says "turn it
Eric> off".

I've never tried ginger beer.  I know approximately two people who like
it.  I'll have to give it a try some time.

Like Kyle pointed out, you'll never be able to get a crypto system with
no user interaction.  I think it's a good idea to go for little user
interaction (I get tired of typing in my 20+ character passphrase
sometimes -- it would be nice to have the passphrase manager tied into
the login manager).  I'll agree that bad UI makes crypto less
widespread than it should be (e.g. people emailing corporate secrets in
plaintext).  But I doubt that if we could make a crypto system with the
absolute minimal user interaction, then people would start using it.
Unless you could come up with some "killer feature".  Like spam
prevention.  ;-)

Eric> on a personal level, I do not sign any of my messages or even use
Eric> PGP anymore because I have about three or four keys that I do not
Eric> remember the pass phrases for.

I have the "bad habit" of sharing passphrases.  Yeah, it's weaker, but
I don't have to worry about remembering so many different secrets.

I also use PGP to encrypt some of the files on my harddrive that I use
on a regular basis (at least once a month).


Eric> Seriously, it does not protect against zombies in any way, shape,
Eric> or form.  All it does is make them more visible.  In the case of
Eric> stamp generation, it increases the load on your system which makes
Eric> it run slower and get hot which will hopefully increase
Eric> instability.  In your example, which is quite a good one, now we
Eric> have something that is traceable back to an individual even if the
Eric> key is stolen!  Again, you now have a zombie infested machine
Eric> identified.  Once they are identified, they can be turned off,
Eric> blackholed, or otherwise ostracized.

Sounds reasonable.  One of the annoying things with viruses these days
is that you never know where exactly it came from.  If we could
identify the sources, we could get them shut down quicker.

Eric> on a side note, I think hashcash stamps make it possible to use
Eric> black holes in a rational fashion.  instead of using presence on a
Eric> black hole list as a sign to totally shut off e-mail from a
Eric> machine, use it to increase your postage requirements from that
Eric> machine.  This allows communications to continue but at a higher
Eric> cost for the users of that machine.

That sounds like a very interesting idea.

Hubert Chan <hubert@xxxxxxxxx> - http://www.uhoreg.ca/
PGP/GnuPG key: 1024D/124B61FA
Fingerprint: 96C5 012F 5F74 A5F7 1FF7  5291 AF29 C719 124B 61FA
Key available at wwwkeys.pgp.net.   Encrypted e-mail preferred.

Other related posts: