ietf-asrg
[Top] [All Lists]

RE: [Asrg] DCC and IP checksums

2003-03-10 09:15:42
I had the code up and working for about a month. I found that doing an MD5
of the hash result of 5 lines in the middle of the message worked just fine.
I only did this to streamline processing. No need to spin extra cycles to
process the entire mesage.The hash was not dependent on size of the message
but the result of the process and the MD5.
The process held the last 10,000 MD5's and popped the top one off as over
10,000 were added. Spammers don't usually pull out old spam to resend in
exactly the same form as they sent it a year ago and usually they send the
same stuff all at once.
 Keeping unique MD5's over the lifetime of the system is impractical and
will eventually start encroaching on the "hammering distance" issue. But
since the sample is relatively small and refreshed over a period of time, I
do not worry about the "million monkeys at a million typewriters". It caught
the spam cycles very quickly, but again, this is just a duplicity check. The
only value that I could get out of it was to "mark" the messages as
"possible" spam and make a copy for further investigation.

Regards,
Damon
 




-----Original Message-----
From: Hadmut Danisch [mailto:hadmut(_at_)danisch(_dot_)de]
Sent: Monday, March 10, 2003 10:44 AM
To: Sauer, Damon
Cc: asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] DCC and IP checksums


On Mon, Mar 10, 2003 at 10:18:55AM -0500, Sauer, Damon wrote:
I have actually come up with a way that this works perfectly. 
It does not matter what the password is or the dear * line says.

In imitation of the coding theory's "hamming distance":

What's the maximum "spamming distance" of to messages resulting 
in the same hash value? 

In other words: How much can messages differ to still get the same
hash and what's the minimum difference that guarantees a different
hash?

Hadmut


*****
"The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential, proprietary, and/or
privileged material. Any review, retransmission, dissemination or other use
of, or taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from all
computers."
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>