Re: why "penny black" etc. are not very useful

At 11:12 AM +0000 12/31/03, Ben Laurie wrote:
> Perry E. Metzger wrote:
> > In my opinion, the various hashcash-to-stop-spam style schemes are not
> > very useful, because spammers now routinely use automation to break
> > into vast numbers of home computers and use them to send their
> > spam. They're not paying for CPU time or other resources, so they
> > won't care if it takes more effort to send. No amount of research into
> > interesting methods to force people to spend CPU time to send mail
> > will injure the spammers.
>
> If you set the price to 1 minute of CPU, and spammers own 10% of all 
> machines on the 'net, then the average machine can only receive 144 
> spams per day. That's a significant improvement on my situation.
>
> Plus I'd've thought that having 100% CPU utilisation all the time 
> might attract attention. But maybe not.
>
> Cheers,
>
> Ben.

There is something else one can do that might help. The hashcash 
stamp algorithm can be designed to provide a strong, constant 
signature to virus detectors. For example, in my HEKS-1 algorithm, I 
populate a large array with pseudo random words. It would be easy 
enough to have some fraction (say 1/8th or 1/16th) of those words be 
a special constant (or one of a few special constants).  There would 
be no way for the spammer to avoid exhibiting the same constants 
while generating stamps without incurring a severe computational 
penalty. So any stamp generation activity would be easy to detect. 
Since the signature would never change, the detection software could 
be built into the operating system (or even the CPU itself).

Legitimate stamp generation would have to be distinguished, perhaps 
by code signing or some Touring test.  A sufficiently clever virus 
writer with root access might be able commandeer the legitimate stamp 
generator. If this happens, periodic required updates of the hashcash 
software can be issued that thwart viruses in the field. Also a large 
number of countermeasure variants can be generated, making it hard 
for the virus to recognize them all. This reverses the tactical 
advantage normally enjoyed by virus writers. Illegitimate stamp 
generators are forced to present a fixed target while legitimate 
programs and counter measures can continuously morpf.

Arnold Reinhold

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@xxxxxxxxxxxx