Perry E. Metzger wrote:In my opinion, the various hashcash-to-stop-spam style schemes are not very useful, because spammers now routinely use automation to break into vast numbers of home computers and use them to send their spam. They're not paying for CPU time or other resources, so they won't care if it takes more effort to send. No amount of research into interesting methods to force people to spend CPU time to send mail will injure the spammers.
If you set the price to 1 minute of CPU, and spammers own 10% of all machines on the 'net, then the average machine can only receive 144 spams per day. That's a significant improvement on my situation.
Plus I'd've thought that having 100% CPU utilisation all the time might attract attention. But maybe not.
There is something else one can do that might help. The hashcash stamp algorithm can be designed to provide a strong, constant signature to virus detectors. For example, in my HEKS-1 algorithm, I populate a large array with pseudo random words. It would be easy enough to have some fraction (say 1/8th or 1/16th) of those words be a special constant (or one of a few special constants). There would be no way for the spammer to avoid exhibiting the same constants while generating stamps without incurring a severe computational penalty. So any stamp generation activity would be easy to detect. Since the signature would never change, the detection software could be built into the operating system (or even the CPU itself).
Legitimate stamp generation would have to be distinguished, perhaps by code signing or some Touring test. A sufficiently clever virus writer with root access might be able commandeer the legitimate stamp generator. If this happens, periodic required updates of the hashcash software can be issued that thwart viruses in the field. Also a large number of countermeasure variants can be generated, making it hard for the virus to recognize them all. This reverses the tactical advantage normally enjoyed by virus writers. Illegitimate stamp generators are forced to present a fixed target while legitimate programs and counter measures can continuously morpf.
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]