At 11:12 AM +0000 12/31/03, Ben Laurie wrote:
Perry E. Metzger wrote:
In my opinion, the various hashcash-to-stop-spam style schemes are not
very useful, because spammers now routinely use automation to break
into vast numbers of home computers and use them to send their
spam. They're not paying for CPU time or other resources, so they
won't care if it takes more effort to send. No amount of research into
interesting methods to force people to spend CPU time to send mail
will injure the spammers.

If you set the price to 1 minute of CPU, and spammers own 10% of all machines on the 'net, then the average machine can only receive 144 spams per day. That's a significant improvement on my situation.

Plus I'd've thought that having 100% CPU utilisation all the time might attract attention. But maybe not.



There is something else one can do that might help. The hashcash stamp algorithm can be designed to provide a strong, constant signature to virus detectors. For example, in my HEKS-1 algorithm, I populate a large array with pseudo random words. It would be easy enough to have some fraction (say 1/8th or 1/16th) of those words be a special constant (or one of a few special constants). There would be no way for the spammer to avoid exhibiting the same constants while generating stamps without incurring a severe computational penalty. So any stamp generation activity would be easy to detect. Since the signature would never change, the detection software could be built into the operating system (or even the CPU itself).

Legitimate stamp generation would have to be distinguished, perhaps by code signing or some Touring test. A sufficiently clever virus writer with root access might be able commandeer the legitimate stamp generator. If this happens, periodic required updates of the hashcash software can be issued that thwart viruses in the field. Also a large number of countermeasure variants can be generated, making it hard for the virus to recognize them all. This reverses the tactical advantage normally enjoyed by virus writers. Illegitimate stamp generators are forced to present a fixed target while legitimate programs and counter measures can continuously morpf.

Arnold Reinhold

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to