Re: [Asrg] My take on e-postage
2004-04-26 00:18:45
Of course, it still suffers from the usual problems endemic to all
hashcash, notably the very wide variety in CPU speeds out there.
J. Random Hacker in Outer Slobbovia running on a half-lung salvaged
68020 will be utterly blocked by hashcash values high enough to be even
noticed by Evil Q. Spammer's late-model 8-CPU 18GHz Hexium.
Some numbers, using hashcash 0.27 (compiled with optimisation for each
machine):
My 16MHz 68030 (an old Mac pulled from a skip) can do 1000 hashes a
second - it'll take 15-20 minutes on average to do a 20-bit collision.
For the impoverished people that must rely on such a machine, this is
vaguely acceptable. They can always go outside and do a bit of
gardening while they wait.
My 200MHz Pentium-MMX can do 84000 hashes a second, reducing the time
for a 20-bit collision to 12 seconds - a much more acceptable figure.
The vast majority of Internet users in the Western world have a machine
at least this fast. Indeed any Pentium-class CPU would appear to be
able to produce a 20-bit collision in under a minute (on average).
My 1600MHz Athlon-XP can do 575000 hashes a second - enough to reduce
the time for a 20-bit collision to 2 seconds. Most enthusiasts and
power users have a machine about this size, which reduces a 20-bit
hashcash to near invisibility for normal levels of e-mail.
I estimate that the fastest current-generation CPUs can do a 20-bit
collision in about 1 second. Assuming spammers can build 4-way boxes
out of these, how many boxes will they need to fill a T1 to capacity,
the way they used to? Assuming a 5KB spam size, about 7500 of them.
Is this economically feasible for the spammer? You tell me.
So, assuming the spammer is limited to conventional CPUs and that
hashcash is widely used, he is now rate-limited to 1 spam per second
per CPU for machines he builds himself, and perhaps 1 spam per 2-5
seconds per zombie he controls. This is a VAST improvement on the
current situation.
On the other hand, in an earlier discussion on this subject, I pointed
out that dedicated hardware can be built to accelerate hashcash
generation. Someone else replied that if the spammers can do it, so
can Taiwan, and cheaper. If everyone has access to a SHA-1 coprocessor
and an e-mail program that supports it, the playing field becomes more
level, not less.
However, there's a flaw in that argument too, because coprocessors
cheap enough for Aunt Tillie to buy one without thinking too hard about
it, are also cheap enough for the spammers to buy in hundreds, together
with a huge batch of USB hubs to plug them into a mere handful of
servers. But that still means the spammers can "only" send hundreds of
times as much mail as Aunt Tillie, which is still a vast improvement on
the status quo.
--------------------------------------------------------------
from: Jonathan "Chromatix" Morton
mail: chromi(_at_)chromatix(_dot_)demon(_dot_)co(_dot_)uk
website: http://www.chromatix.uklinux.net/
tagline: The key to knowledge is not to rely on people to teach you it.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Asrg] My take on e-postage, Jonathan Morton
- Re: [Asrg] My take on e-postage, der Mouse
- Re: [Asrg] My take on e-postage, Jonathan Morton
- Re: [Asrg] My take on e-postage, der Mouse
- Re: [Asrg] My take on e-postage, Jonathan Morton
- Re: [Asrg] My take on e-postage, der Mouse
- Re: [Asrg] My take on e-postage, Jonathan Morton
- Re: [Asrg] My take on e-postage, Seth Breidbart
- Re: [Asrg] My take on e-postage, der Mouse
- Re: [Asrg] My take on e-postage,
Jonathan Morton <=
- Re: [Asrg] hashcash, was My take on e-postage, John Levine
- Re: [Asrg] hashcash, was My take on e-postage, Chris Lewis
- Re: [Asrg] hashcash, was My take on e-postage, Daniel Feenberg
- Re: [Asrg] hashcash, was My take on e-postage, Chris Lewis
- Re: [Asrg] hashcash, was My take on e-postage, Jonathan Morton
- Re: [Asrg] hashcash, was My take on e-postage, Yakov Shafranovich
- Re: [Asrg] hashcash, was My take on e-postage, David Maxwell
- Re: [Asrg] hashcash, was My take on e-postage, Jonathan Morton
- Re: [Asrg] hashcash, was My take on e-postage, Seth Breidbart
- Re: [Asrg] hashcash, was My take on e-postage, Chris Lewis
|
|
|