[hashcash] zombie calculator, messaging without SMTP using identity brokers (Re: response to "proof of work proves not to work"?)
- From: Simon Bohlin <simbo040@xxxxxxxxxxxxxx>
- To: hashcash@xxxxxxxxxxxxx
- Date: Tue, 18 Jul 2006 10:02:43 +0200
Hi all!
While figuring out how Eric's calculator works, I organized it as a
story (see attached file). I'm sharing this "2.1"-version hoping to shed
some more light on how the calculations are done. It seems to me that
the calculations are sound.
Abound my remark (1.) in the calculator: spammers do more or less know
which spams get through, if nothing else they can gather intelligence on
which spams were stopped, or harvest for DNS-records that tell stamping
is privileged. (So the proposed DNS-entry would have best effect if
spammers would get the wrong idea and stamp for more destinations than
ISPs need. In the end some kind of trust-structure seems more practical
than DNS-entries).
On the trust topic, I recommend looking into messaging between
"identities", with trust brokers instead of mail servers (i.e. no SMTP).
Competing proposals are LID http://lid.netmesh.org/ , Yadis and several
others. In the LID ranks, they are not sure if the single-sign API
(which saves you some work when filling in /inventing :-) new identities
to register with a web service) or the tracable messaging is the most
important feature. I just got the pdf on the LID messaging mechanism and
didn't read it yet, but probably they are doing crypto-signed messages
with crypto certificates issued and verified through the brokers. The
novelties are: no untraceable emails, but anonymity is ok if your broker
allows it. You can see just how anonymous it is by exploring my identity
at http: slash slash mylid.net slash sesam -- to prevent future mail
list harvesters to connect my email with my LID url I write out the
slashes as words.
I think Verisigns free personal certificates were used to sign your
email with a real name, presumably to make sure nobody would impersonate
you. The identity broker idea extends this and allows anonymity and many
more things (for more hype, search for Identity 2.0). What more, they
open the floodgates for paid-for credibility, i.e. paying customers
might get a higher trust-value than those subscribing with a free
broker. The _only_ difference to current SMTP is the _traceability_ of
all messages.
Anonymous remailer systems can be implemented as legally and
geographically separated brokers with agreements of secrecy/anonymity,
will be more expensive to run and will surely be filtered by many ISPs
because it would be the easiest attack vector for spammers. <-- This is
where proof-of-work / hash stamps fit in!
Best regards,
Simon Bohlin
Title: Zombie Calculator 2.1
Zombie Calculator 2.1
Assume that
zombies,
among which the average efficiency is
percent
(one recent discussion indicated 40000 zombies working only a few hours per day!),
are attacking/sending a spam round aimed for mail recipients,
to be completed within a limited time of hours,
where probabilistic filters and other obstacles on average let
percent of emails through.
(1. Is this meant because we assume that spammers will only stamp spam that really need a stamp to try to pass filters?)
Click the button
to see the minimal
stamp size in seconds (2 decimals) where the stamp cost start limiting spam
(where the attacker cannot spend as much stamps as needed and must start skipping stamping some recipients, which in effect means those spams never get through the spam filters)
and the auxiliary information
stamp minutes available to the "owner" of the zombies (i.e. zombies*effiency * duration*60)
and on average
processor minutes (=stamp amount, no decimals) needed per zombie to stamp _only_those_mails_passed_by_filters_ (see 1. above).
From stamp time to processor time
Stamp costs above are measured in time, but computers have differing efficiency at minting stamps.
A science paper (forgotten reference) assumes that spammers/attackers can have processors 30 times more efficient than the slowest
home computers which are in internet use. The same paper proposed a more memory-intensive method with suggested factor 4 between the faster and slower computers in use.
Add mobile devices used for messaging and the factor gets _much_ bigger, both in processor speed and memory availability. Anyway, processor speed factor "is academic"
as long as attackers have huge zombie farms that can both mint stamps and send out their spam.
Other related posts: