Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hash Cash

Posted by michael on from the what-you-pay-a-short-order-cook dept.

km790816 writes: "I was reading an article in US News about a novel way to end spam: Hash Cash. From US News: 'our E-mail systems could be configured to reject every message from a stranger until the sender's computer had performed a difficult math problem and sent back the correct result. For one-to-one correspondence, this preliminary step would be unnoticed. But bulk E-mailings to strangers would become too costly in terms of needed computational cycles to be feasible, even with a supercomputer.'" If you've heard of Hash Cash before, don't click through, there's nothing new here. But if you haven't, here's a good introduction to the concept.

1 of 15 comments (clear)

  1. Re:It will affect the wrong people by edp · · Score: 3

    "The next time that happens, y.com's SMTP sees that there's already been a correspondence, and therefore does not challenge it."

    No, it doesn't say that. It only suggests remembering approved mailing list senders. Although a recipient would be free to remember other senders if they wish and offer those senders postage-free receipt. And your calculation of an N^2 bit array is excessive. The N^2 function is extremely sparse. If you communicate with one new person with a 30-character email address per day for your entire life, you need less than a megabyte of memory.

    But this still doesn't acknowledge the flexibility of hash cash postage, and it need not impose any burden on the relayers, except to relay the data. I don't see it spelled out on the linked-to page, but there are a variety of ways to implement this. A recipient might merely require that the sender send hash cash that is a function of the recipient's email address. The sender computes it and puts it in the email. The SMTP relays do no computation. The sender can reuse the hash cash since it is an unchanging function of destination address. Each sender has to compute the hash once -- unwieldy for spammers, easy for normal correspondents.

    Another implementation could require the sender to send hash cash that is a function of the recipient's email address and the current time. (The sender would send plaintext of the actual time they used, and the recipient would require that be a reasonable approximation of the time the mail was actually sent, estimated from its receipt.) Then each sender would have to spend hash cash each time they transmitted.