[hashcash] Re: hashcash v1 questions

  • From: Kyle Hasselbacher <kyle@xxxxxxxxxxx>
  • To: hashcash@xxxxxxxxxxxxx
  • Date: Mon, 31 May 2004 22:41:28 -0500

Hash: SHA1

On Mon, May 31, 2004 at 11:02:05PM -0400, Eric S. Johansson wrote:
>Hubert Chan wrote:
>>It all depends on what you're trying to achieve with crypto, and what
>>your attack model is.  If you just want to verify that the person who
>>is emailing you today was the same guy who emailed you last week, you
>>can be a lot more lax than if you want to make sure that the email you
>>got really was from the Linus Torvalds who wrote the Linux kernel.
>I think you understand what I'm trying to do.  :-) I'm going for the lax 
>approach.  [...]

This discussion reminds me of an interest I took in zero-UI crypto a while
back.  I put my interest in some words here:



>>And I don't think that human factors is the reason we don't have
>>widespread crypto.  The thing is that most people just don't see a need
>>for it.  (Here.  I'll GPG sign this message just for fun.)
>we could have an interesting conversation over a ginger beer.  :-) I 
>will argue that if you were to embed crypto into your e-mail system at 
>the client level such that there was little or no user interface 
>required, but demonstrable benefit, people would use it without a second 
>thought.  Start requiring passphrases and additional end-user client to 
>human interactions and quite frankly, they will look for that check box 
>that says "turn it off".

It's never totally transparent.  Alice has a working zero-UI crypto
system.  Alice's computer is lost, stolen, broken.  She gets a new one,
sets it up for email, but all her friends are still encrypting to a key she
no longer has.  How does she inform them?  How does she prove that she's
not Eve trying to take over Alice's account?  Can you do it without human

>goodness gracious, people seem so obsessed by zombies.  I'm getting 
>ready to start calling this project the "net of the living dead".


Nothing protects against a zombie!  It will eat your brain!  Once the
computer is overtaken, it steals the credentials of the user, and the game
is over.  Everything the legitimate user can do, the flesh-eating zombie
can do.

Will we require that users taken an intelligence test before every email
they send?  Decode the twisted and cruel text!  Answer me these questions
three!  JUMP, user, JUMP!  Prove you're not a suture-headed mutant!
- -- 
Kyle Hasselbacher             "Wit is educated insolence."
kyle@xxxxxxxxxxx                           -- Aristotle (284-322 B.C.)
Version: GnuPG v1.2.4 (GNU/Linux)


Other related posts: