Directory
Encyclopedia

NodeWorks
                              ENCYCLOPEDIA

Link Checker
Home
Encyclopedia : H : HA : HAS :

Hashcash

  

Hashcash

Hashcash is a proof-of-work system designed to limit email spam and denial of service attacks. It was proposed in March 1997 by Adam Back [1].

How it works


A sender of non-spam email attaches a header line to his email which proves that he has invested a modest amount of computer time into solving a small puzzle. The receiver can, at negligible computational cost, verify that a sender had solved the puzzle. This can be regarded as a form of numerical stamp, where the 'cash' part is the effort invested by the sender.

The theory is that spammers, whose business model relies on their ability to send large numbers of emails with very little cost per message, cannot afford this investment into each individual piece of spam they send. Receivers can verify whether a sender made such an investment and use the results to help filter email.

Technically the system is implemented as follows: it is relatively easy to calculate an SHA-1 hash for the combination of a specific number of zero-bits, a string containing a time-stamp, the recipient email address, and a random appended string, and senders can do so routinely. It is believed to be computationally expensive (for example, in time, CPU cycles, etc) for anyone to find another combination of such values which also generate a correct SHA-1 digest, but from a spam message. In effect, a great many random appended strings must be tried to find a hash collision; too many to be practical. The time needed to compute such a hash collision is exponentially (base 2) proportional to the number of zero bits. The recipient can verify that the hash received has a specific number of zero bits at almost no cost; any message which does not can be discarded as being unwanted, and probably spam.

Advantages and disadvantages


The system has the advantage over micropayment proposals applying to legitimate email that no real money is involved. Neither the sender nor recipient need pay, thus the administrative issues involved with all micropayment systems are entirely avoided. It is also fairly simple to implement in mail user agents and spam filters.

One weakness is that this method will only slow down, and not completely stop, much spam sent through large collections of zombie computers, which run malware that send e-mail at the command of a spammer. These large networks have a large total computational power, which can be used to generate legitimate hashes for the spam emails they send. But the extra CPU usage will often be noticed by the owners of the machines, who will be more likely to fix them.

References

  • Adam Back, "Hashcash - A Denial of Service Counter-Measure", technical report, August 2002 (PDF).

    External links

  • http://www.hashcash.org — Hashcash homepage
  • Frequently raised objections
  • Beat spam using hashcashDavid Mertz's article on hashcash, its applications and an implementation in Python.


    		•
    NodeWorks boosts web surfing!
    Page Returned in 0.209 seconds - HTML Compressed 66.3%

    This article is from Wikipedia. All text is available
    under the terms of the GNU Free Documentation License.
     GNU Free Documentation License
    © 2008 Chamas Enterprises Inc.