Talk:Hashcash
From Wikipedia, the free encyclopedia
 |
This article is part of WikiProject Cryptography, an attempt to build a comprehensive and detailed guide to cryptography on Wikipedia. If you would like to participate, you can choose to edit the article attached to this page, or visit the project page, where you can join the project and see a list of open tasks. |
 |
This page has been cited as a source by a media organization. The citation is in:
|
At 21:34, 2 June 2005, someone changed
- ... a small puzzle involving the recipient's email address.
to
- ... a small puzzle, often involving the recipient's email address.
with the comment
- "Hashcash isn't only for email (even if primarily)"
Really? Tell me more.
I reluctantly reverted it back.
If the puzzle *doesn't* include the email address, then what stops the spammer from spending an entire second calculating the hashcash header just one time, then once he has "the" hashcash header, sending identical copies of that header to millions of email address?
I would be fascinated to learn more about
- hashcash that do not involve the recipient's email address
- hashcash used for something other than email.
I see no theoretical reason why someone couldn't do either or both of these things, but I see no reason to stick them in the encyclopedia article unless someone actually does do either or both of these things.
--DavidCary 05:48, 10 November 2005 (UTC)
Elliott Back has implemented a JavaScript-based hashcash-like scheme for protecting blogs from blog comment spam. See [1]
I've only looked at this superficially, but I don't believe this is Hashcash per se, even though he is calling it "WP Hashcash". It's the same basic idea.
--dreish~talk 21:24, 29 November 2005 (UTC)
It's actually similar to the Hashcash spec, but more of a generic secret-sharing through computation than a proof-of-work system. The latest version can be found [2] here.
24.90.145.31 00:28, 30 January 2007 (UTC)
On further reading, it looks like the official hashcash specification does not call for an email address, but rather a "resource string" which can be an email address, an IP address, or something else.
Also, it looks like the only place where hashcash is currently in wide use is in WP Hashcash, so actually the resource identifier is usually not an email address. Spam may have been the original motivation behind the design of hashcash, but that's not where it appears to have spread.
--dreish~talk 17:15, 2 December 2005 (UTC)
Hashcache is also used for the "stamp" in camram, an antispam system. [3]. I created something I call hybrid-sender-pays because instead of using a proof of work stamp for every message, you only use it for introductions. If you e-mail someone that has already accepted e-mail from you, there's no need for a stamp. I also use it to heal some of the damage caused by blacklists. A very large value stamp (typically plus 3 bits over the nominal stamp value) is used to bypass a black list. The assumption being that a stamp a times larger than the standard value is large enough to discourage spammers from widespread use but small enough to allow someone to get through and alert the recipient about the blockage.
Esj 15:58, 19 March 2006 (UTC)
Re-worded the first paragraph of 'how-it-works' for reasons of clarity, as described below;
'non-spam email' implies the sender is never a spammer. But spammers can also attach stamps to their spam if they can afford the CPU time.
Replaced 'computer time' with 'CPU time'.
'...verify the sender has solved the puzzle...' implies it is the sender themselves and not their PC doing the solving.
'numerical stamp' - It's not numerical, it's textual
--Jhonan 11:32, 1 May 2006 (UTC)
