[hashcash] Re: stamp collisions
- From: Jonathan Morton <chromi@xxxxxxxxxxxxxxxxxxxxx>
- To: hashcash@xxxxxxxxxxxxx
- Date: Mon, 30 Aug 2004 00:55:48 +0100
With v1 stamps the full collision string is used for avoiding stamp
collisions because there is a separate field for counting to find
partial hash collisions. With the C implementation this defaults to
96-bits or 2^48 stamps before 1st collision, which is pretty small.
The RNG of some implementations is prone to occasionally working from
the same seed at the same (or similar) time. In other words, if Bob
and Charles both send a mail from their Windows machines (or some other
platform without a strong RNG facility) to Alice at the same time, they
might inadvertently produce the same random field, with a far greater
probability than a true randomness model predicts. Without extensions,
this will often result in identical stamps.
This is despite the precautions taken in the code to introduce entropy
to the seed from several different sources. Because none of those
sources are truly random, the resulting seed is not either. Strong
RNGs typically take entropy from sources of "environmental noise" such
as mouse movements and interrupt timings, which carry at least small
amounts of true randomness.
To eliminate collisions entirely, a "sender=..." extension field would
be advisable. This reduces the chance of collisions to 1 in 2^48
stamps produced by any particular sender, even if they only have a
medium-quality RNG.
--------------------------------------------------------------
from: Jonathan "Chromatix" Morton
mail: chromi@xxxxxxxxxxxxxxxxxxxxx
website: http://www.chromatix.uklinux.net/
tagline: The key to knowledge is not to rely on people to teach you it.
Other related posts:
