what fields to hash with hashcash (Re: A Trial Balloon to Ban Email?)

ken bbrow07 at students.bbk.ac.uk
Thu May 15 08:53:34 PDT 2003


Justin wrote:


>>Well there are different things you could hash.  This simplest is just
>>to hash the recipient address and the current time (to a day
>>resolution).
>>
>>The recipient looks at the token and knows it is addressed to him
>>because it's his address.  He stores it in his double spend database
>>and won't accept the same token twice.
> 
> This is just broken.
> 
> How do you know what address the sender was sending to?  You have no
> reliable access to envelope to: addresses.

Why do you care about that?  All you care about is that the 
intended recipient on the mail you actually see is an address you 
are willing to read mail for. If there is no to: field, or if the 
"to:" is an address you don't think is yours, just drop the mail.
Plenty of places already filter out incoming mail with no "to:" 
anyway.

As others have pointed out, if a mechanism like this is meant to 
give a clue to your filters (or SpamAssassin, or whatever) that 
something is likely not spam: then it does not need to be of any 
value to the recipient. All the hash need do is indictate that the 
originator has thought about the recipient for long enough to make 
the hash. You don't really need to store the hash for any longer 
than a day or two (so only one spammer can use one hash), and you 
can't respend it because it is only good for sending messages to you.

So if this was implemented we get incentive to design a new kind 
of hashing algorithm, one designed to be difficult to run, because 
all it is needed for is to prove that someone bothered enough to 
spend the time. Also  it needs to map one plaintext to many valid 
hashes  of course as others said thats easier when you include the 
"from:" in the hash or allow some arbitrary field.

I still don't think it's going to happen though





More information about the cypherpunks-legacy mailing list