[hashcash] Re: stamp collisions
- From: Atom 'Smasher' <atom@xxxxxxxxxxxxxx>
- To: hashcash@xxxxxxxxxxxxx
- Date: Tue, 31 Aug 2004 02:04:39 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Tue, 31 Aug 2004, Hubert Chan wrote:
Yes. That's why you still need the sender=<email address> extension.
Anyways, I feel pretty safe using a resolution that's on the order of
one day. But for people really worried about collisions, that's one
thing that you can do. Even if the date in the stamp stays with a
one-day resolution, you can add a time value as an extension.
============
i'm not entirely sure why i don't like that extension... maybe because it
makes the header bigger...? maybe because it can be used for "joe
jobs"...?
OK, it doesn't have to be sequential then. Use a pseudo-random number
generator with a large cycle length and that depends on your own secret
key.
(of course, having this "counter" also requires that hashcash save the
seed/counter value between runs, which probably should be avoided.)
=============
what you're describing is similar to GnuPG's "random_seed" file, and that
does seem like overkill for hashcash.
the three simple sources of "entropy" that i see for seeding a PRNG (in
addition to system entropy):
1) use the sender's address (or it's hash)
2) hash the double-spend database file
3) create a file in the yet-to-be-created (hint) config directory and
fill the file with random stuff... similar to ezmlm's "key" file. this
only has to be created when hashcash is first used*.
any one of these should reduce the risk of doppelganger stamps being
created during the same second, but i'm partial to either 1 or 1+2.
* it might seem tempting to fill this file during installation, but if a
machine comes with hashcash installed at the factory, then all machines
leaving that factory might have the same "entropy file", and it would be
somewhat self defeating.
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"Water and air, the two essential fluids on which all
life depends, have become global garbage cans."
-- Jacques Cousteau, 1910-1997
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJBNBT9AAoJEAx/d+cTpVci55gH/RdD4OMw4qQ+ri2aMBnmfYyS
lMDWTsZ4Xj4oSDSfYVJaKZeFgNwURoUsQqjRmIFlRCSVEfupFGqPoTJas06jUlNv
PmKWqP0dvhbmu9V5B2FVeECp9jukedTlKzgyXuFXGGpzNGAc7q5ieeXGdfJ2DLVT
Q/LoCLDdT1mUJEn+9wQ1VRFgTyjdzfX1yX5s5V9GNBWpphfpZH2AhK6xcwS79cb0
AmBh6Np4cTb9TFtCxYsofs56rJorf6w2nw5E9NNuDvaXHDSuXt1z0uM4SVs1vlb3
SHR85Jq9IojhvUnJHXi+vkaqlAdIK55O1hZS1LBVWsnTOes0a24Zd+z8XNJyuh0=
=qFd1
-----END PGP SIGNATURE-----
Other related posts:
