[hashcash] Re: hashcash v1 questions

  • From: Hubert Chan <hubert@xxxxxxxxx>
  • To: hashcash@xxxxxxxxxxxxx
  • Date: Mon, 31 May 2004 22:32:10 -0400

>>>>> "Eric" == Eric S Johansson <esj@xxxxxxxxxx> writes:


Eric> Before you get your knickers in a twist over this attitudes,
Eric> remember that all of the "proper procedures" as put forth by
Eric> pgp/smime enthusiasts have done more to setback to widespread use
Eric> of cryptography than any political/legislative manipulations by
Eric> the spook community. What the crypto geeks have forgotten (or
Eric> maybe never knew) is that human factors wins out over technical
Eric> features any day.

It all depends on what you're trying to achieve with crypto, and what
your attack model is.  If you just want to verify that the person who
is emailing you today was the same guy who emailed you last week, you
can be a lot more lax than if you want to make sure that the email you
got really was from the Linus Torvalds who wrote the Linux kernel.

And I don't think that human factors is the reason we don't have
widespread crypto.  The thing is that most people just don't see a need
for it.  (Here.  I'll GPG sign this message just for fun.)

P.S.  I don't know much (anything) about the camram model, but how well
does it protect against zombied machines?  Say, Alice's machine gets
zombied by the latest virus-du-jour, and starts sending out emails,
signed with her camram key.

Hubert Chan <hubert@xxxxxxxxx> - http://www.uhoreg.ca/
PGP/GnuPG key: 1024D/124B61FA
Fingerprint: 96C5 012F 5F74 A5F7 1FF7  5291 AF29 C719 124B 61FA
Key available at wwwkeys.pgp.net.   Encrypted e-mail preferred.

Other related posts: