Re: SHA1 broken?
Joseph Ashwood wrote: I believe you are incorrect in this statement. It is a matter of public record that RSA Security's DES Challenge II was broken in 72 hours by $250,000 worth of semi-custom machine, for the sake of solidity let's assume they used 2^55 work to break it. Now moving to a completely custom design, bumping up the cost to $500,000, and moving forward 7 years, delivers ~2^70 work in 72 hours (give or take a couple orders of magnitude). This puts the 2^69 work well within the realm of realizable breaks, assuming your attackers are smallish businesses, and if your attackers are large businesses with substantial resources the break can be assumed in minutes if not seconds. 2^69 is completely breakable. Joe Its fine assuming that moore's law will hold forever, but without that you can't really extrapolate a future tech curve. with *todays* technology, you would have to spend an appreciable fraction of the national budget to get a one-per-year break, not that anything that has been hashed with sha-1 can be considered breakable (but that would allow you to (for example) forge a digital signature given an example) This of course assumes that the break doesn't match the criteria from the previous breaks by the same team - ie, that you *can* create a collision, but you have little or no control over the plaintext for the colliding elements - there is no way to know as the paper hasn't been published yet.
Re: How to Stop Junk E-Mail: Charge for the Stamp
On Wed, Feb 16, 2005 at 03:29:21PM +, Ian G wrote: Peter Gutmann wrote: Barry Shein [EMAIL PROTECTED] writes: Eventually email will just collapse (as it's doing) and the RBOCs et al will inherit it and we'll all be paying 15c per message like their SMS services. And the spammers will be using everyone else's PC's to send out their spam, so the spam problem will still be as bad as ever but now Joe Sixpack will be paying to send it. Hmmm, and maybe *that* will finally motivate software companies, end users, ISPs, etc etc, to fix up software, systems, and usage habits to prevent this. My view - as controversial as ever - is that the problem is unfixable, and mail will eventually fade away. That which will take its place is p2p / IM / chat / SMS based. In that world, it is still reasonable to build ones own IM system for the needs of ones own community, and not to have to worry about standards. Which means one can build in the defences that are needed, when they are needed. Better start on those defenses now then- there is already significant amounts of IM and SMS spam. I would be suprised if the people designing IM and SMS systems have learned much from the failures of SMTP et al. Eric
Re: [p2p-hackers] SHA1 broken?
On Wed, Feb 16, 2005 at 07:55:15AM -0500, R.A. Hettinga wrote: From: Serguei Osokine [EMAIL PROTECTED] To: Peer-to-peer development. [EMAIL PROTECTED] Subject: RE: [p2p-hackers] SHA1 broken? Date: Wed, 16 Feb 2005 00:11:07 -0800 Okay, so the effective SHA-1 length is 138 bits instead of full 160 - so what's the big deal? It is still way more than, say, MD5 In applications where collisions are important, SHA1 is now effectively 69 bits as opposed to 80. That's not very much, and odds are there will be an improvement on this attack in the near future. Eric
Re: What is a cypherpunk?
-- James A. Donald As governments were created to smash property rights, they are always everywhere necessarily the enemy of those with property, and the greatest enemy of those with the most property. Steve Thompson Uh-huh. Perhaps you are using the term 'government' in a way that is not common to most writers of modern American English? Justin [EMAIL PROTECTED] I think it's fair to say that governments initially formed to protect property rights Where we have historical record, this is not the case. Romulus was made King in order that the Romans could abduct and rape women. William the bastard became William the conqueror by stealing land and enserfing people. After George Washington defeated the British, his next operation was to crush the Whisky rebellion. You could say that he defeated the British in order to protect property rights, but his next military operation was to violate property rights, not uphold them. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG h5r7X0d4z7lq2vVpAOdecOCy2txrOnv9O/ymDY+3 4VE2saGBeSH+48fFJ9nuHVOypb45jH6pBBteu3f+Z
Re: SHA1 broken?
-- There is however a huge problem replace SHA-1 by something else from now to tomorrow: Other algorithms are not as well anaylyzed and compared against SHA-1 as for example AES to DES are; so there is no immediate successor of SHA-1 of whom we can be sure to withstand the possible new techniques. Second, SHA-1 is tightly integrated in many protocols without a fallback algorithms (OpenPGP: fingerprints, MDC, default signature algorithm and more). They reduced the break time of SHA1 from 2^80 to 2^69. Presumably they will succeed in reducing the break time of SHA256 from 2^128 to a mere 2^109 or so. So SHA256 should be OK. 2^69 is damn near unbreakable. 2^80 is really unbreakable. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG IQqit8pqSokARYxy1xVLrTaVRSKMAGvz2MXbQqXi 4DAQZgw0sbP3OcD3kgO+x7f+VfsPD4E8EBsB96d/D
Re: SHA1 broken?
--- begin forwarded text Date: Wed, 16 Feb 2005 11:13:23 -0500 (EST) From: Atom Smasher [EMAIL PROTECTED] OpenPGP: id=0xB88D52E4D9F57808; algo=1 (RSA); size=4096; url=http://atom.smasher.org/pgp.txt To: [EMAIL PROTECTED] Subject: Re: SHA1 broken? Sender: [EMAIL PROTECTED] -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, 16 Feb 2005, David Shaw wrote: In terms of GnuPG: it's up to you whether you want to switch hashes or not. GnuPG supports all of the SHA-2 hashes, so they are at least available. Be careful you don't run up against compatibility problems: PGP doesn't support 384 or 512, and only recently started supporting 256. GnuPG before 1.2.2 (2003-05-01), doesn't have any of the new hashes. Finally, if you have a DSA signing key (most people do) you are required to use either SHA-1 or RIPEMD/160. RSA signing keys can use any hash. there's more to it than that. openPGP specifies SHA-1 (and nothing else) as the hash used to generate key fingerprints, and is what key IDs are derived from. a real threat if this can be extended into a practical attack is substituting a key with a *different* key having the same ID and fingerprint. it would be difficult for average users (and impossible for the current openPGP infrastructure) to tell bob's key from mallory's key that claims to be bob's. it can also be used (if the attack becomes practical) to forge key signatures. mallory can create a bogus key and sign it with anyone's real key. this would turn the web of trust into dust. the openPGP spec seemed to have assumed that SHA-1 just wouldn't fail. ever. this was the same mistake made in the original version of pgp that relied on md5. the spec needs to allow a choice of hash algorithms for fingerprints and key IDs, or else we'll play this game every time someone breaks a strong hash algorithm. - -- ...atom _ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 - Any sufficiently advanced technology is indistinguishable from magic. -- Arthur C. Clarke -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures iQEcBAEBCAAGBQJCE3EoAAoJEAx/d+cTpVcinwsIAKnjw1AqwY0guPtdxMagoZC2 Rv7mCZt3QnpH4uEaWNLh5R3VImVwOBevW9VdYm+UdMwdmodD79Bc0MyPOaHDuUiP okmo0PigWIht2vGWK7F6xLtUwLUlGyuAWO5w8g/hNCt0ftdb1jUam0wQtqnTTarM B1kyTWU0sHsjyloSh0umQ8kC0nt9nNhLIasp84oIo+D3b0r6yKIWjMS7dHr1hIbx 2gXBdVw01HJng/BtF/THfZwAD2IE+OLNPg4Q6v6QnVf3BGBBPSiiD2mXrizuknA8 RevXGYgBc4plOWOlDmx2ydbRqFHe5obGMGFCk4muFh8veFhPbFxCKvfBwsawi+U= =f0+g -END PGP SIGNATURE- ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: How to Stop Junk E-Mail: Charge for the Stamp
Thus spake Peter Gutmann ([EMAIL PROTECTED]) [16/02/05 01:04]: : Hmmm, and maybe *that* will finally motivate software companies, end users, : ISPs, etc etc, to fix up software, systems, and usage habits to prevent this. Doubt it'll motivate the ISPs. They'll be the ones making the 15c/msg. If they clean it up, that's lost income.
Re: SHA-1 broken?
All this chatter and everyone pointing to the same page ... but no paper, no proof ... just mindless chatter. Anyone know where this ghost paper is? pgpci4qQOyaKy.pgp Description: PGP signature
Re: What is a cypherpunk?
[snip] Agreements and accords such as the Berne convention and the DCMA, to say nothing of human-rights legislation, are hobbled by the toothlessness of enforcement, pulic apathy to others' rights, and a load of convenient exceptions to such rules made for the agents of state. Okay. So it's fair to say, then, that we have compromises between property rights protections and other (perceived yet imaginary?) property rights protections. Which is really what it boils down to. Absolutely. There's no property rights usurpation without some motive behind it. Unless if it's by accident. And motives generally stem from wanting to redistribute property or deny it to another individual, group, or an entire nation. Sometimes that property is land (the excuse for such property redistribution or denial of ownership is called self determination) Operative word: excuse. , sometimes it is intellectual property (the excuse is information wants to be free)... Or like maybe the NSA needs to steal something that they can't buy because they NEED to conceal the project that requires the stolen item. Or maybe a wealthy interest has a commercial interest to protect and bribes an official to steal land that threatens said interest. Or maybe it's a Klan member who thinks that niggers shouldn't own property, and so he steals it. Or perhaps it's a Xtian who believes it's God's will to deny property rights to heathens, as a lesson in coming to God. Or maybe it's a bunch of fucking theives who use any excuse they have at hand to justify their own greed. sometimes it's explosives (they're TOO DANGEROUS, and only terrorists have them... are you a terrorist?). Sometimes it's a complete load of shit, and there's no real valid reason that will stand intelligent scrutiny as to why some people are allowed to do one thing that is denied to another people. Personally, I believe that the people who run the US, the dirty ones, are too well aware of the liabilities they have assumed as a matter of course in their history, and who will do anything rather than face paying the debt. Anything. And futher, this conclusion is not so foreign as to be beyond comprehension, but rather represents a problem that no-one is willing to deal with -- thus compounding the error. Since you still aren't bothering to address messages I write in good faith, I suggest that you should go fuck yourself. Regards, Steve __ Post your free ad now! http://personals.yahoo.ca
Re: What is a cypherpunk?
On 2005-02-16T13:31:14-0500, Steve Thompson wrote: --- R.A. Hettinga [EMAIL PROTECTED] wrote: [snip] Property is like rights. We create it inherently, because we're human, it is not bestowed upon us by someone else. Particularly if that property is stolen from someone else at tax-time. But as long as property rights are generally considered to be a tenet and characteristic of society, excuses for officiated theft, for instance, merely put a veneer of legitimacy over certain kinds of theft. I doubt that RMS will ever be framed, arrested and thrown in to the gulag, his property confiscated; but for someone like myself, that is certainly an option, eh? Is there a difference between property rights in a society like a pride of lions, and property rights that are respected independent of social status? Or are they essentially the same? They seem to be different, but I can't articulate why. Obviously the latter needs enforcement, possibly courts, etc., but I can't identify a more innate difference, other than simply as I described it -- property rights depending on social status, and property rights not depending on social status. I don't think any society has ever managed to construct a pure property rights system where nobody has any advantage. Without government it's the strong. With government, government agents have an advantage, and rich people have an advantage because they can hire smart lawyers to get unfair court decisions. So maybe this is just silly, in which case I believe even more strongly that formal status-independent property rights are not the basis of government. -- Certainly there is no hunting like the hunting of man, and those who have hunted armed men long enough and liked it, never really care for anything else thereafter. --Hemingway, Esquire, April 1936
Re: What is a cypherpunk?
-- On 16 Feb 2005 at 0:30, Justin wrote: Judging from social dynamics and civil advancement in the animal kingdom, monarchies developed first and property rights were an afterthought. Recently existent neolithic agricultural peoples, for example the New Guineans, seldom had kings, and frequently had no form of government at all other than that some people were considerably wealthier and more influential than others, but they always had private property. This corresponds to the cattle herding people we read depicted in the earliest books of the old testament. They had private property, wage labor, and all that from the beginning, but they do not develop kings until the book of Samuel, long after they had settled down and developed vineyards and other forms of sedentary agriculture: Judges 17:6 In those days there was no king in Israel; every man did what was right in his own eyes Thus both our recent observation of primitive peoples, and our written historical record, shows that private property rights long preceded government. Our observations of governments being formed show that governments are formed primarily for the purpose of attacking private property rights. You want to steal something like land or women, you need a really big gang. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG of/pZSLkKATIjG0fWzPvEZnxIsBE/Q0Se80Gx178 4LGYWiIfc2+Us4l38hwPX8mK0CR7hBpVkJ952v8/D
Re: SHA1 broken?
- Original Message - From: James A. Donald [EMAIL PROTECTED] Subject: Re: SHA1 broken? 2^69 is damn near unbreakable. I believe you are incorrect in this statement. It is a matter of public record that RSA Security's DES Challenge II was broken in 72 hours by $250,000 worth of semi-custom machine, for the sake of solidity let's assume they used 2^55 work to break it. Now moving to a completely custom design, bumping up the cost to $500,000, and moving forward 7 years, delivers ~2^70 work in 72 hours (give or take a couple orders of magnitude). This puts the 2^69 work well within the realm of realizable breaks, assuming your attackers are smallish businesses, and if your attackers are large businesses with substantial resources the break can be assumed in minutes if not seconds. 2^69 is completely breakable. Joe
Re: What is a cypherpunk?
--- R.A. Hettinga [EMAIL PROTECTED] wrote: [snip] Property is like rights. We create it inherently, because we're human, it is not bestowed upon us by someone else. Particularly if that property is stolen from someone else at tax-time. Bzzt. I call you on your bullshit. Supposedly by convention, individuals attach some of a set of symbol relations to physical objects and ideas and processes. Such relations, when observed consistently, confer rights of posession and use to groups or individuals. Individuals employed by governments, as well as special interest groups, are certainly no longer satisfied with a democratic arrangement of property rights and have manufactured consent, as it were, to establish a bunch of exceptions to property rights that allow for `legalised' theft. But as long as property rights are generally considered to be a tenet and characteristic of society, excuses for officiated theft, for instance, merely put a veneer of legitimacy over certain kinds of theft. I doubt that RMS will ever be framed, arrested and thrown in to the gulag, his property confiscated; but for someone like myself, that is certainly an option, eh? Regards, Steve __ Post your free ad now! http://personals.yahoo.ca
Re: What is a cypherpunk?
--- Justin [EMAIL PROTECTED] wrote: On 2005-02-16T13:31:14-0500, Steve Thompson wrote: --- R.A. Hettinga [EMAIL PROTECTED] wrote: [snip] Property is like rights. We create it inherently, because we're human, it is not bestowed upon us by someone else. Particularly if that property is stolen from someone else at tax-time. But as long as property rights are generally considered to be a tenet and characteristic of society, excuses for officiated theft, for instance, merely put a veneer of legitimacy over certain kinds of theft. I doubt that RMS will ever be framed, arrested and thrown in to the gulag, his property confiscated; but for someone like myself, that is certainly an option, eh? Is there a difference between property rights in a society like a pride of lions, and property rights that are respected independent of social status? Or are they essentially the same? They seem to be different, but I can't articulate why. Obviously the latter needs enforcement, possibly courts, etc., but I can't identify a more innate difference, other than simply as I described it -- property rights depending on social status, and property rights not depending on social status. I don't think any society has ever managed to construct a pure property rights system where nobody has any advantage. Without government it's the strong. With government, government agents have an advantage, and rich people have an advantage because they can hire smart lawyers to get unfair court decisions. So maybe this is just silly, in which case I believe even more strongly that formal status-independent property rights are not the basis of government. Whatever. See the sentence I wrote last in my previous message. When you grow the fuck up, drop me a line. Regards, Steve __ Post your free ad now! http://personals.yahoo.ca
Re: What is a cypherpunk?
On 2005-02-16T13:18:16-0500, Steve Thompson wrote: --- Justin [EMAIL PROTECTED] wrote: On 2005-02-15T13:23:37-0500, Steve Thompson wrote: --- James A. Donald [EMAIL PROTECTED] wrote: [snip] As governments were created to smash property rights, they are always everywhere necessarily the enemy of those with property, and the greatest enemy of those with the most property. Uh-huh. Perhaps you are using the term 'government' in a way that is not common to most writers of modern American English? I think it's fair to say that governments initially formed to protect property rights (although we have no historical record of such a government because it must have been before recorded history began). As I said, I think this is wrong. Mammals other than primates recognize property in a sense, but it depends entirely on social status. There is no recognition of property rights independent of social position. If a lion loses a fight, he loses all his property. Chimp and gorilla communities have the beginnings of monarchy. Yet they don't care about religion, and their conception of property rights still derives from their position in the social ladder. If not primates, do any animals besides humans recognize property rights independent of social position? I think it's fair to say that governments were initially, and still largely remain today, the public formalisation of religious rule applied to the civil sphere of existence. It's more complicated than that, but generally speaking, somewhat disparate religious populations (protestant, catholic, jew, etc.) accepted the fiction of secular civil governance when in reality religious groups have tended to dominate the shape and direction of civil government, while professing to remain at arms-length. I think it's fair to say that religion post-dates government, at least informal government. Maybe the first monarchs/oligarchs came up with religious schemes to keep the peons in line, but I would think that was incidental, as was the notion of property rights. Both property rights and religion depend heavily on the ability for communication, but monarchy can be established without it. All the monarch needs is a big stick and an instinctual understanding of some of the principles much later described by our good Italian friend Niccolo M. 'Fiction' is the operative term here, and I contend that nowhere is this more evident in the closed world of clandestine affairs -- civilian OR military. Religion has always been about 'powerful' and educated in-sect sub-populations organising civil and intellectuall affairs in such a way I think it's fair to say that religion may be more important than property rights for keeping people in line. But I think they're both incidental. When democratic states inevitably fold into tyranny, some of those restrictions remain. Right now most states have a strange mix of property rights protections (e.g. the Berne convention and the DMCA) and property rights usurpations (e.g. no right to own certain weapons; equal protection). Agreements and accords such as the Berne convention and the DCMA, to say nothing of human-rights legislation, are hobbled by the toothlessness of enforcement, pulic apathy to others' rights, and a load of convenient exceptions to such rules made for the agents of state. Okay. So it's fair to say, then, that we have compromises between property rights protections and other (perceived yet imaginary?) property rights protections. Which is really what it boils down to. There's no property rights usurpation without some motive behind it. And motives generally stem from wanting to redistribute property or deny it to another individual, group, or an entire nation. Sometimes that property is land (the excuse for such property redistribution or denial of ownership is called self determination), sometimes it is intellectual property (the excuse is information wants to be free)... sometimes it's explosives (they're TOO DANGEROUS, and only terrorists have them... are you a terrorist?). -- Certainly there is no hunting like the hunting of man, and those who have hunted armed men long enough and liked it, never really care for anything else thereafter. --Hemingway, Esquire, April 1936
Re: What is a cypherpunk?
--- Justin [EMAIL PROTECTED] wrote: On 2005-02-15T13:23:37-0500, Steve Thompson wrote: --- James A. Donald [EMAIL PROTECTED] wrote: [snip] As governments were created to smash property rights, they are always everywhere necessarily the enemy of those with property, and the greatest enemy of those with the most property. Uh-huh. Perhaps you are using the term 'government' in a way that is not common to most writers of modern American English? I think it's fair to say that governments initially formed to protect property rights (although we have no historical record of such a government because it must have been before recorded history began). I think it's fair to say that governments were initially, and still largely remain today, the public formalisation of religious rule applied to the civil sphere of existence. It's more complicated than that, but generally speaking, somewhat disparate religious populations (protestant, catholic, jew, etc.) accepted the fiction of secular civil governance when in reality religious groups have tended to dominate the shape and direction of civil government, while professing to remain at arms-length. 'Fiction' is the operative term here, and I contend that nowhere is this more evident in the closed world of clandestine affairs -- civilian OR military. Religion has always been about 'powerful' and educated in-sect sub-populations organising civil and intellectuall affairs in such a way as to mobilise the serfs to the advantage of the privilaged, all the while presenting convenient systems of fiction to the masses that are expected to suffice as the broad official reality of society; a reality fully accessable to some who quite naturally use their position of possibly intellectual privilage to order the affairs of the serf/slaves. They then developed into monarchies which were only really set up to protect property rights of the ruler(s). If I'm not mistaken, it was in Germany where the concept of public figureheads-as-leaders was evolved to a system in which the figurehead (king, pontiff, leader) was presented as the soruce of state power, but who in actuality was groomed, controlled, and ruled by a non-public contingent of privilaged political and intellectual elite who, in general, ran the affairs of state and/or religion from the back room, so to speak. This way of organising the public affairs of government has, I think, roots that date back to the ancient Greeks, but is also largely in favour today. With the advent of various quasi-democratic forms of government, the law has been compromised insofar as it protects property rights. You no longer have a right to keep all your money (taxes), no longer have a right to grow 5' weeds in your front yard if you live in a city, and no longer have a right to own certain evil things at all, at least not without special governmental permission. There were analogous compromises in democratic Athens and quasi-democratic Rome. It's rather different today. When democratic states inevitably fold into tyranny, some of those restrictions remain. Right now most states have a strange mix of property rights protections (e.g. the Berne convention and the DMCA) and property rights usurpations (e.g. no right to own certain weapons; equal protection). Agreements and accords such as the Berne convention and the DCMA, to say nothing of human-rights legislation, are hobbled by the toothlessness of enforcement, pulic apathy to others' rights, and a load of convenient exceptions to such rules made for the agents of state. For instance, the copyright on my computer software was blithely subverted by the fascist ubermench involved and responsible for the surveillance detail that I have suffered over the past two decades. I listened to some of these people make excuses for stealing my intellectual property, fashioning rumours to lessen the wrong of their theft, or 'merely' applying pressure or making plans to 'encourage' the release of my code in the public domain so their prior theft could be buried. Failing that, they have simply stolen all my computer equipment and delayed my life, possibly so my code could be `developed' by their own programmers and a history shown -- perhaps with the partial aim of finally accusing me of stealing their intellectual property after it is released in their own product. These people are nothing more than jack-booted thugs, and whether they are Nazis or not is immaterial to the fact that their methods and ideology closely resemble a modernised version of it. Whatever the EXCUSE offered, it is a triumph of putocratic-fascist zeaotry in the sense that nominally modern and democratic institutions and groups in this world have acquired some of the memes that drove the Gestapo/SS/Abwher. There is no excuse, but since Orwellian political and intellectual abdications and maneuvers are quite well in fashion today, it is obviously stylisn to pretend that
Re: How to Stop Junk E-Mail: Charge for the Stamp
At 8:12 PM -0500 2/16/05, Barry Shein wrote: And how do you fund all this, make it attain an economic life of its own? I can send you a business plan, if you like. Post-Clinton-Bubble talent's still cheap, I bet... ;-) Still estivating, here, in Roslindale, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: SHA1 broken?
On 1108637369 seconds since the Beginning of the UNIX epoch Dave Howe wrote: Its fine assuming that moore's law will hold forever, but without that you can't really extrapolate a future tech curve. with *todays* technology, you would have to spend an appreciable fraction of the national budget to get a one-per-year break, not that anything that has been hashed with sha-1 can be considered breakable (but that would allow you to (for example) forge a digital signature given an example) I think that it is generally prudent to make the most ``conservative'' assumption with regards to Moore's Law in any given context. I.e. bet that it will continue when determining how easy your security is to brute force, and assume that it will not when writing code. -- Roland Dowdeswell http://www.Imrryr.ORG/~elric/
Re: How to Stop Junk E-Mail: Charge for the Stamp
Wrong. We already solved this problem on Cypherpunks a while back. A spammer will have to pay to send you spam, trusted emails do not. You'll have a settable Spam-barrier which determines how much a spammer has to pay in order to lob spam over your barrier (you can set it to 'infinite' of course). A new, non-spam mailer can request that their payment be returned upon receipt, but they'll have to include the payment unless you were expecting them. This way, the only 3rd parties are those that validate the micropayments. -TD From: Barry Shein [EMAIL PROTECTED] To: R.A. Hettinga [EMAIL PROTECTED] CC: cryptography@metzdowd.com, [EMAIL PROTECTED] Subject: Re: How to Stop Junk E-Mail: Charge for the Stamp Date: Tue, 15 Feb 2005 17:29:05 -0500 Oh no, the idiotic penny black idea rides again. Like the movie War Games when a young Matthew Broderick saves the world by causing the WOPR computer to be distracted into playing itself tic-tac-toe rather than launching a pre-emptive nuclear strike. It was a MOVIE, made in 1983 nonetheless, get over it. More seriously, what attracts people to this penny black idea is that they realize that the only thing which will stop spammers is to interject some sort of economic constraint. The obvious constraint would be something like stamps since that's a usage fee. But the proposer (and his/her/its audience) always hates the idea of paying postage for their own email, no, no, there must be a solution which performs that economic miracle of only charging for the behavior I don't like! An economic Maxwell's demon! So, just like the terminal seeking laetrile shots or healing waters, they turn to not even half-baked ideas such as penny black. Don't charge you, don't charge me, charge that fellow behind the tree! Oh well. Eventually email will just collapse (as it's doing) and the RBOCs et al will inherit it and we'll all be paying 15c per message like their SMS services. I know, we'll work around it. Of course by then they'll have a multi-billion dollar messaging business to make sure your attempts to by-step it are outlawed and punished. Consider what's going on with the music-sharing world, as another multi-billion dollar business people thought they could just defy with anonymous peer-to-peer services... The point: I think the time is long past due to grow up on this issue and accept that some sort of limited, reasonable-usage-free, postage system is necessary to prevent collapse into monopoly. -- -Barry Shein Software Tool Die| [EMAIL PROTECTED] | http://www.TheWorld.com Purveyors to the Trade | Voice: 617-739-0202| Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*
Re: How to Stop Junk E-Mail: Charge for the Stamp
Well, basically it's pretty simple. Someone will eventually recognize that the idea has a lot of economic potential and they'll go to Sand Hill and get some venture funds. 6 months later you'll be able to sign up for Spam Mail. Eventually the idea will spread and Spammers, who are already squeezed via Men With Guns, will start running out of options and so will be willing to pay, for instance, 1 cent per email. After that, of course, the price will likely go up, except for crummier demographics that are willing to read email for 1 cent/spam. Actually, this points to why Spam is Spam...Spam is Spam because it has zero correlation to what you want. Look at Vogue, etc...it's a $10 magazine consisting mostly of advertisements, but they're the advertisements women want. Pay-to-Spam will work precisely because it will force Spammers to become actual marketers, delivering the right messages to the right demographics..in that context the Price to send spam is a precise measure of Spammers lack-of-marketing savvy and/or information. Hell, if they're good enough at it they'll probably get women to pay THEM to spam 'em. -TD From: Barry Shein [EMAIL PROTECTED] To: Tyler Durden [EMAIL PROTECTED] CC: [EMAIL PROTECTED], [EMAIL PROTECTED], cryptography@metzdowd.com, [EMAIL PROTECTED] Subject: Re: How to Stop Junk E-Mail: Charge for the Stamp Date: Wed, 16 Feb 2005 20:12:59 -0500 And how do you fund all this, make it attain an economic life of its own? That's the big problem with all micropayment schemes. They sound good until you try to work the business plan, then they prove themselves impossible because it costs 2c to handle each penny. And more if issues such as collections and enforcement (e.g., against frauds) is taken into account. This is why, for example, we have a postal system which manages postage, rather than some scheme whereby every paper mail recipient charges every paper mail sender etc etc etc. On February 16, 2005 at 12:38 [EMAIL PROTECTED] (Tyler Durden) wrote: Wrong. We already solved this problem on Cypherpunks a while back. A spammer will have to pay to send you spam, trusted emails do not. You'll have a settable Spam-barrier which determines how much a spammer has to pay in order to lob spam over your barrier (you can set it to 'infinite' of course). A new, non-spam mailer can request that their payment be returned upon receipt, but they'll have to include the payment unless you were expecting them. This way, the only 3rd parties are those that validate the micropayments. -TD From: Barry Shein [EMAIL PROTECTED] To: R.A. Hettinga [EMAIL PROTECTED] CC: cryptography@metzdowd.com, [EMAIL PROTECTED] Subject: Re: How to Stop Junk E-Mail: Charge for the Stamp Date: Tue, 15 Feb 2005 17:29:05 -0500 Oh no, the idiotic penny black idea rides again. Like the movie War Games when a young Matthew Broderick saves the world by causing the WOPR computer to be distracted into playing itself tic-tac-toe rather than launching a pre-emptive nuclear strike. It was a MOVIE, made in 1983 nonetheless, get over it. More seriously, what attracts people to this penny black idea is that they realize that the only thing which will stop spammers is to interject some sort of economic constraint. The obvious constraint would be something like stamps since that's a usage fee. But the proposer (and his/her/its audience) always hates the idea of paying postage for their own email, no, no, there must be a solution which performs that economic miracle of only charging for the behavior I don't like! An economic Maxwell's demon! So, just like the terminal seeking laetrile shots or healing waters, they turn to not even half-baked ideas such as penny black. Don't charge you, don't charge me, charge that fellow behind the tree! Oh well. Eventually email will just collapse (as it's doing) and the RBOCs et al will inherit it and we'll all be paying 15c per message like their SMS services. I know, we'll work around it. Of course by then they'll have a multi-billion dollar messaging business to make sure your attempts to by-step it are outlawed and punished. Consider what's going on with the music-sharing world, as another multi-billion dollar business people thought they could just defy with anonymous peer-to-peer services... The point: I think the time is long past due to grow up on this issue and accept that some sort of limited, reasonable-usage-free, postage system is necessary to prevent collapse into monopoly. -- -Barry Shein Software Tool Die| [EMAIL PROTECTED] | http://www.TheWorld.com Purveyors to the Trade | Voice: 617-739-0202| Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo* -- -Barry Shein Software Tool Die| [EMAIL PROTECTED] | http://www.TheWorld.com
Re: How to Stop Junk E-Mail: Charge for the Stamp
Bingo, that's the whole point, spam doesn't get fixed until there's a robust economics available to fix it. So long as it's treated merely an annoyance or security flaw there won't be enough economic backpressure. On February 16, 2005 at 18:38 [EMAIL PROTECTED] (Peter Gutmann) wrote: Barry Shein [EMAIL PROTECTED] writes: Eventually email will just collapse (as it's doing) and the RBOCs et al will inherit it and we'll all be paying 15c per message like their SMS services. And the spammers will be using everyone else's PC's to send out their spam, so the spam problem will still be as bad as ever but now Joe Sixpack will be paying to send it. Hmmm, and maybe *that* will finally motivate software companies, end users, ISPs, etc etc, to fix up software, systems, and usage habits to prevent this. Peter. -- -Barry Shein Software Tool Die| [EMAIL PROTECTED] | http://www.TheWorld.com Purveyors to the Trade | Voice: 617-739-0202| Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*