[hashcash] rng & stamp collisions
- From: Adam Back <adam@xxxxxxxxxxxxxxx>
- To: hashcash <hashcash@xxxxxxxxxxxxx>
- Date: Tue, 31 Aug 2004 05:13:28 -0400
Hi
I believe on windows at least one can do better than the current
fall-back code. There is a random number API. We need to call it.
MAC OSX, BSD, linux has /dev/urandom.
The reason I didn't include the sender id in the stamp by default is
that hashcash was originally considered for anonymous remailers where
you don't know what the sender is.
But this design carries over quite well into general internet mail
because in fact the sender id in internet email is whatever the sender
chooses to claim it is, there is no authentication. It is completely
forgeable and commonly is forged, either to match soft-hosting by
people who roam, mangled by people who don't want to receive spam in
USENET and so on. So at this point the forgeability is a feature
(equivalent of Reply-To all my mails are forged in this way; I write
them on a shell account on a machine called off.net and forge some of
the sender-id to be adam@xxxxxxxxxxxxxxx instead of adam@xxxxxxx).
(SPF breaks some of these uses).
Additionally if someone intentionally _wants_ to try collide with your
stamps to deny service even if you do use a sender id extension, they
can anyway use whatever id they know you will use and still collide
with you.
The ideal solution to me seems to be better randomness.
Putting the sender id into the hash input as more random input
generally should work, however for anonymous cases it could be
dangerous. (If there really is not much randomness in the hash, or
more importantly what randomness there is related to time which is put
in headers or observable from when it appears, then perhaps someone
can brute force and confirm your identity). Hashcash includes some
anonymity related features particularly the -a flag.
But there are so many applications which must be portable that have a
generally stronger requirement for randomness that we should be able
to borrow some code. eg. openSSL etc.
Adam
Other related posts:
- » [hashcash] rng & stamp collisions
