Re: [camram-spam] Re: Microsoft publicly announces Penny Black PoW postage project

[Alan Brown]

On Tue, 30 Dec 2003, Bill Stewart wrote:

> The reason it's partly a cryptographic problem is forgeries.
> Once everybody starts whitelisting, spammers are going to
> start forging headers to pretend to come from big mailing lists
> and popular machines and authors, so now you'll not only
> need to whitelist Dave Farber or Declan McCullough if you read their lists,
> or Bob Hettinga if you're Tim (:-), you'll need to verify the
> signature so that you can discard the forgeries that
> pretend to be from them.
>
> You'll also see spammers increasingly _joining_ large mailing lists,
> so that they can get around members-only features.

This has already happened:

Krazy Kevin pulled this stunt 5 years ago on at least one list I was on,
joining the list to harvest the most common posters, then spamming using
them as sender envelopes after he'd been kicked off.

> At least one large mailing list farm on which I've joined a list
> used a Turing-test GIF to make automated list joining difficult,

...discrimination against blind users - this is legally actionable in
several countries. There is a blind group in the UK taking action
against a number of companies for this and the Australian Olympic
committee ended up being fined several million AU$ for the same offence
in 1999.

> and Yahoo limits the number of Yahoogroups you can join in a day,
> but that's the kind of job which you hire groups of Indians
> or other English-speaking third-world-wagers to do for you.

To underscore that point, I've _watched_ cybercafes full of SE asians(*)
doing exactly this kind of thing for the princely sum of US$5/day -
twice the average wage of the area, even after the cafe fees were
deducted.

(*) Philippines and east Malaysia.

AB

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: [camram-spam] Re: Microsoft publicly announces Penny Black PoW postage project

[Eric S. Johansson]

Ben Laurie wrote:

Richard Clayton wrote:

and in these schemes, where does our esteemed moderator get _his_ stamps
from ? remember that not all bulk email is spam by any means...  or do
we end up with whitelists all over the place and the focus of attacks
moves to the ingress to the mailing lists :(


He uses the stamp that you generated. Each subscruber adds 
[EMAIL PROTECTED] as an address they receive mail at. Done. 
Trivial.
take a look at my headers and you'll see a real example.

---eric (No. 1 generator of stamps on the Internet)

--
Speech recognition in use.  Incorrect endings, words, and case is
closer than it appears
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: [camram-spam] Re: Microsoft publicly announces Penny Black PoW postage project

[Ben Laurie]

Richard Clayton wrote:
and in these schemes, where does our esteemed moderator get _his_ stamps
from ? remember that not all bulk email is spam by any means...  or do
we end up with whitelists all over the place and the focus of attacks
moves to the ingress to the mailing lists :(
He uses the stamp that you generated. Each subscruber adds 
[EMAIL PROTECTED] as an address they receive mail at. Done. Trivial.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html   http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: [camram-spam] Re: Microsoft publicly announces Penny Black PoW postage project

[jal]

On Tue, 30 Dec 2003, Bill Stewart wrote:

> At 07:46 PM 12/30/2003 +, Richard Clayton <[EMAIL PROTECTED]> 
> wrote:
> > [what about mailing lists]
> Obviously you'd have to whitelist anybody's list you're joining
> if you don't want your spam filters to robo-discard it.
> 
> >
> >I never understand why people think spam is a technical problem :( let
> >alone a cryptographic one :-(
> >

It has always been mostly a technical problem, and only partially a
social problem. 

> The reason it's partly a cryptographic problem is forgeries.
> Once everybody starts whitelisting, spammers are going to
> start forging headers to pretend to come from big mailing lists
> and popular machines and authors, so now you'll not only
> need to whitelist Dave Farber or Declan McCullough if you read their lists,
> or Bob Hettinga if you're Tim (:-), you'll need to verify the
> signature so that you can discard the forgeries that
> pretend to be from them.

I had to change my (admittedly simple) whitelisting recently, when
spammers started using the same domain name we do business under, or the
name of partners.

> You'll also see spammers increasingly _joining_ large mailing lists,
> so that they can get around members-only features.
> At least one large mailing list farm on which I've joined a list
> used a Turing-test GIF to make automated list joining difficult,
> and Yahoo limits the number of Yahoogroups you can join in a day,
> but that's the kind of job which you hire groups of Indians
> or other English-speaking third-world-wagers to do for you.

Yep. Spam rates have been creeping up on Debian lists, lately.
Another list I'm on having to do with Oracle has been having similar
problems. 

"Who is a meaningful member?"

That's a tough question, if you don't charge, and if you do, you miss
quite a bit, thus lowering the value. Commons, tragedy, etc.

-j


-- 
Jamie Lawrence[EMAIL PROTECTED]
"Those who make peaceful revolution impossible will make violent revolution
inevitable." 
   -John F. Kennedy


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: [camram-spam] Re: Microsoft publicly announces Penny Black PoW postage project

[Bill Stewart]

At 07:46 PM 12/30/2003 +, Richard Clayton <[EMAIL PROTECTED]> wrote:
> [what about mailing lists]
Obviously you'd have to whitelist anybody's list you're joining
if you don't want your spam filters to robo-discard it.

I never understand why people think spam is a technical problem :( let
alone a cryptographic one :-(

The reason it's partly a cryptographic problem is forgeries.
Once everybody starts whitelisting, spammers are going to
start forging headers to pretend to come from big mailing lists
and popular machines and authors, so now you'll not only
need to whitelist Dave Farber or Declan McCullough if you read their lists,
or Bob Hettinga if you're Tim (:-), you'll need to verify the
signature so that you can discard the forgeries that
pretend to be from them.
You'll also see spammers increasingly _joining_ large mailing lists,
so that they can get around members-only features.
At least one large mailing list farm on which I've joined a list
used a Turing-test GIF to make automated list joining difficult,
and Yahoo limits the number of Yahoogroups you can join in a day,
but that's the kind of job which you hire groups of Indians
or other English-speaking third-world-wagers to do for you.






-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: [camram-spam] Re: Microsoft publicly announces Penny Black PoW postage project

[R. A. Hettinga]

At 7:46 PM + 12/30/03, Richard Clayton wrote:
>where does our esteemed moderator get _his_ stamps
>from ?

A whitelist for my friends, etc...

Whitelist [EMAIL PROTECTED]

Cheers,
RAH

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: [camram-spam] Re: Microsoft publicly announces Penny Black PoW postage project

[Richard Clayton]

>On Tue, 30 Dec 2003, Eric S. Johansson wrote:
>
>>  But using your spam size, , the slowdown factor becomes roughly
>> 73 times.  So they would need 73 machines running full tilt all the time
>> to regain their old throughput.
>
>Believe me, the professionals have enough 0wned machines that this is
>trivial.
>
>On the flipside, it means the machines are "burned" faster.

only if the professionals are dumb enough to use the machines that are
"making" the stamps to actually send the email (since it is only the
latter which are, in practice, traceable)

>> unfortunately, I think you making some assumptions that are not fully
>> warranted.  I will try to do some research and figure out the number of
>> machines compromised.  The best No. I had seen to date was about 350,000.
>
>It's at least an order of magnitude higher than this, possibly 2 orders,
>thanks to rampaging worms with spamware installation payloads
>compromising cablemodem- and adsl- connected Windows machines worldwide.

the easynet.nl list (recently demised) listed nearly 700K machines that
had been detected (allegedly) sending spam... so since their detection
was not universal it would certainly be more than 700K :(

>-
>The Cryptography Mailing List

and in these schemes, where does our esteemed moderator get _his_ stamps
from ? remember that not all bulk email is spam by any means...  or do
we end up with whitelists all over the place and the focus of attacks
moves to the ingress to the mailing lists :(


I never understand why people think spam is a technical problem :( let
alone a cryptographic one :-(


-- 
richard  Richard Clayton

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. Benjamin Franklin

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: [camram-spam] Re: Microsoft publicly announces Penny Black PoW postage project

[Jerrold Leichter]

(The use of memory speed leads to an interesting notion:  Functions that are
designed to be differentially expensive on different kinds of fielded hardware.
On a theoretical basis, of course, all hardware is interchangeable; but in
practice, something differentially expensive to calculate on an x86 will remain
"expensive" for many years to come.)

In fact, such things are probably pretty easy to do - as was determined during
arguments over the design of Java.  The original Java specs pinned down
floating point arithmetic exactly:  A conforming implementation was required
to use IEEE single- and double-precision arithmetic, and give answers
identical at the bit level to a reference implementation.  This is easy to do
on a SPARC.  It's extremely difficult to do on an x86, because x86 FP
arithmetic is done to a higher precision.  The hardware provides only one way
to round an intermediate result to true IEEE single or double precision:
Store to memory, then read back.  This imposes a huge cost.  No one could find
any significantly better way to get the bit-for-bit same results on an x86.
(The Java standards were ultimately loosened up.)

So one should be able to define an highly FP-intensive, highly numerically
unstable, calculation all of whose final bits were considered to be part of
the answer.  This would be extremely difficult to calculate rapidly on an
x86.

Conversely, one could define the answer - possibly to the same problem - as
that produced using the higher intermediate precision of the x86.  This would
be very hard to compute quickly on machines whose FP hardware doesn't provide
exactly the same length intermediate results as the x86.

One can probably find problems that are linked to other kinds of hardware. For
example, the IBM PowerPC chip doesn't have generic extended precision values,
but does have a fused multiply/add with extended intermediate values.

Some machines provide fast transfers between FP and integer registers; others
require you to go to memory.  Vector-like processing - often of a specialized,
limited sort intended for graphics - is available on some architectures and
not others.  Problems requiring more than 32 bits of address space will pick
out the 64-bit machines.  (Imagine requiring lookups in a table with 2^33
entries.  8 Gig of real memory isn't unreasonable today - a few thousand
dollars - and is becoming cheaper all the time.  But using it effectively on a
the 32-bit machines out there is very hard, typically requiring changes to
the memory mapping or segment registers and such, at a cost equivalent to
hundreds or even thousands of instructions.)

-- Jerry

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: [camram-spam] Re: Microsoft publicly announces Penny Black PoW postage project

[Alan Brown]

On Tue, 30 Dec 2003, Eric S. Johansson wrote:

>  But using your spam size, , the slowdown factor becomes roughly
> 73 times.  So they would need 73 machines running full tilt all the time
> to regain their old throughput.

Believe me, the professionals have enough 0wned machines that this is
trivial.

On the flipside, it means the machines are "burned" faster.

> unfortunately, I think you making some assumptions that are not fully
> warranted.  I will try to do some research and figure out the number of
> machines compromised.  The best No. I had seen to date was about 350,000.

It's at least an order of magnitude higher than this, possibly 2 orders,
thanks to rampaging worms with spamware installation payloads
compromising cablemodem- and adsl- connected Windows machines worldwide.

AB




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: [camram-spam] Re: Microsoft publicly announces Penny Black PoW postage project

[Eric S. Johansson]

Scott Nelson wrote:

d*b
---
s
where: d = stamp delay in seconds
  s = spam size in bytes
  b = bandwidth in bytes per second


I don't understand this equation at all.

It's the rate limiting factor that counts, not a combination of
stamp speed + bandwidth.
well, stamp speed is method of rate limiting.  This equation/formula 
gives you the ratio of performance degradation.  So,

Given d=15, b=49152 (aka 384kbps) and s=1000

the slowdown ratio or factor is 737.28 times over what an unimpeded 
spammer can send.  But as you increase spam size, the slowdown factor 
declines.

Assuming 128Kbps up, without a stamp it takes about .6 seconds to
send a typical 10K spam.
If it takes 15 seconds to generate the stamp, then it will take
15 seconds to send a stamped spam.  It won't even take 15.6 seconds,
because the calculation can be done in parallel with the sending.
actually, it would take 15 but only because you can be sending one 
stamped piece of spam at the same time as you're generating the next 
stamp.  But using your spam size, , the slowdown factor becomes roughly 
73 times.  So they would need 73 machines running full tilt all the time 
to regain their old throughput.  It's entirely possible that one 
evolutionary response to stamps would be to generate larger pieces of 
spam but that would also slow them down so we still win, kind of, sort of...


assuming unlimited bandwidth, if a stamp spammer compromises roughly the 
same number of PCs as were compromised during the last worm attack 
(350,000) at 15 seconds per stamp, you end up with 1.4 million stamps 
per minute or 2 billion stamps per day.  When you compare that to the 
amount of spam generated per day (high hundred billion to low trillion), 



Not according to the best estimates I have.
The average email address receives 20-30 spams a day (almost twice 
what it was last year) and there are only 200-400 million 
email addresses, which works out to less than 10 billion spams per day.
actually, I'm hearing that there are roughly one billion addresses but 
unfortunately have lost the source.  The numbers for spam I'm hearing 
are on the order of 76 billion to 2 trillion
(
2 tril spams /day 
http://www.pacificresearch.org/press/clip/2003/clip_03-05-08.html
76 bil http://www.marketinglaw.co.uk/open.asp?A=703
)

If you have a better source (and I am sure there are some), I would like 
to hear it.


But there's a much easier way to do the math.

If 1% of the machines on the internet are compromised,
and a stamp takes 15 seconds to generate, then spammers can send
50-60 spams to each person.
(86400 seconds per day / 15 seconds per stamp * 1% of everybody = 57.6)
unfortunately, I think you making some assumptions that are not fully 
warranted.  I will try to do some research and figure out the number of 
machines compromised.  The best No. I had seen to date was about 350,000.

You can reduce that by factoring in the average amount of time
that a compromised machine is on per day.
I fully expect that stamps will rise in "price" to several minutes,
if camram actually gets any traction.
well, that might be the case but I must have a who cares attitude about 
that.  For the most part I rarely send mail to strangers and the stamp 
generation process is in background.  So if it take several minutes to 
queue up and send a piece of mail a few times a month.  What's the 
problem? (yes, I know I'm being cavalier)

Custom hardware?
I can buy a network ready PC at Fry's for $199.
If it takes that machine 30 seconds to generate a stamp, and I leave
it running 24/7, and replace it after 5 months, then the cost
of a hashstamp is still less than 1/500 of a snail-mail stamp.
Granted it's a significant increase in costs over current email,
and therefore potentially a vast improvement, 
but it's still not expensive.
wrong unit of costs.  The stamps still take 15 seconds (give or take) 
which means approximately 5760 stamps per day.  Hardware acceleration is 
an attack against stamps by using dedicated hardware to shrink the cost 
in time of a given size stamp.  so, if and evil someone can build an 
ASIC to shrink the cost of a stamped by 100 times, then mercenary 
somebody else can build the same functionality and performance as well. 
 Plop it onto a USB interface chip, sell for $15 and balance is restored

---eric

--
Speech recognition in use.  Incorrect endings, words, and case is
closer than it appears
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: [camram-spam] Re: Microsoft publicly announces Penny Black PoW postage project

[Scott Nelson]

At 01:43 PM 12/29/03 -0500, Eric S. Johansson wrote:
>Bill Stewart wrote:
>
>> At 09:37 PM 12/26/2003 -0500, Adam Back wrote:
>> 
>>> The 2nd memory [3] bound paper (by Dwork, Goldber and Naor) finds a
>>> flaw in in the first memory-bound function paper (by Adabi, Burrows,
>>> Manasse, and Wobber) which admits a time-space trade-off, proposes an
>>> improved memory-bound function and also in the conclusion suggests
>>> that memory bound functions may be more vulnerable to hardware attack
>>> than computationally bound functions.  Their argument on that latter
>>> point is that the hardware attack is an economic attack and it may be
>>> that memory-bound functions are more vulnerable to hardware attack
>>> because you could in their view build cheaper hardware more []
>> 
>> 
>> Once nice thing about memory-bound functions is that,
>> while spammers could build custom hardware farms in Florida or China,
>> a large amount of spam is delivered by hijacked PCs or abused 
>> relays/proxies,
>> which run on standard PC hardware, not custom, so it'll still be slow.


The Microsoft Penny Black system (not to be confused with the 
IBM Penny Black paper) is supposedly limited by memory /speed/ not 
memory size.  The only nice thing about that is that memory speed
doesn't vary as much between machines.  About 5 to 1 vs. 100 to 1.

>
>do the math.
>
>d*b
>---
>  s
>
>where: d = stamp delay in seconds
>s = spam size in bytes
>b = bandwidth in bytes per second
>

I don't understand this equation at all.

It's the rate limiting factor that counts, not a combination of
stamp speed + bandwidth.

Assuming 128Kbps up, without a stamp it takes about .6 seconds to
send a typical 10K spam.

If it takes 15 seconds to generate the stamp, then it will take
15 seconds to send a stamped spam.  It won't even take 15.6 seconds,
because the calculation can be done in parallel with the sending.



>assuming unlimited bandwidth, if a stamp spammer compromises roughly the 
>same number of PCs as were compromised during the last worm attack 
>(350,000) at 15 seconds per stamp, you end up with 1.4 million stamps 
>per minute or 2 billion stamps per day.  When you compare that to the 
>amount of spam generated per day (high hundred billion to low trillion), 
>

Not according to the best estimates I have.
The average email address receives 20-30 spams a day (almost twice 
what it was last year) and there are only 200-400 million 
email addresses, which works out to less than 10 billion spams per day.


But there's a much easier way to do the math.

If 1% of the machines on the internet are compromised,
and a stamp takes 15 seconds to generate, then spammers can send
50-60 spams to each person.

(86400 seconds per day / 15 seconds per stamp * 1% of everybody = 57.6)

You can reduce that by factoring in the average amount of time
that a compromised machine is on per day.


I fully expect that stamps will rise in "price" to several minutes,
if camram actually gets any traction.



>they are still a few machine short of what is necessary to totally 
>render stamps useless.  Yes, maybe one spammer could muster a few 
>machines to be a nuisance but that's the extent of it.
>
>When dealing with hardware acceleration, it becomes a hardware war.  If 
>they can make a custom hardware, Taiwan can make us USB stamp 
>generators, postage goes to a period of rapid inflation, and the world 
>goes back to where was before with no advantage to spammer's.
>

Custom hardware?
I can buy a network ready PC at Fry's for $199.

If it takes that machine 30 seconds to generate a stamp, and I leave
it running 24/7, and replace it after 5 months, then the cost
of a hashstamp is still less than 1/500 of a snail-mail stamp.
Granted it's a significant increase in costs over current email,
and therefore potentially a vast improvement, 
but it's still not expensive.


Scott Nelson <[EMAIL PROTECTED]>

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: [camram-spam] Re: Microsoft publicly announces Penny Black PoW postage project

[Eric S. Johansson]

Bill Stewart wrote:

At 09:37 PM 12/26/2003 -0500, Adam Back wrote:

The 2nd memory [3] bound paper (by Dwork, Goldber and Naor) finds a
flaw in in the first memory-bound function paper (by Adabi, Burrows,
Manasse, and Wobber) which admits a time-space trade-off, proposes an
improved memory-bound function and also in the conclusion suggests
that memory bound functions may be more vulnerable to hardware attack
than computationally bound functions.  Their argument on that latter
point is that the hardware attack is an economic attack and it may be
that memory-bound functions are more vulnerable to hardware attack
because you could in their view build cheaper hardware more []


Once nice thing about memory-bound functions is that,
while spammers could build custom hardware farms in Florida or China,
a large amount of spam is delivered by hijacked PCs or abused 
relays/proxies,
which run on standard PC hardware, not custom, so it'll still be slow.
do the math.

d*b
---
 s
where: d = stamp delay in seconds
   s = spam size in bytes
   b = bandwidth in bytes per second
assuming unlimited bandwidth, if a stamp spammer compromises roughly the 
same number of PCs as were compromised during the last worm attack 
(350,000) at 15 seconds per stamp, you end up with 1.4 million stamps 
per minute or 2 billion stamps per day.  When you compare that to the 
amount of spam generated per day (high hundred billion to low trillion), 
they are still a few machine short of what is necessary to totally 
render stamps useless.  Yes, maybe one spammer could muster a few 
machines to be a nuisance but that's the extent of it.

When dealing with hardware acceleration, it becomes a hardware war.  If 
they can make a custom hardware, Taiwan can make us USB stamp 
generators, postage goes to a period of rapid inflation, and the world 
goes back to where was before with no advantage to spammer's.

Penny Black or any other system that involves tweaking the email protocols
gets a one-time win in blocking spam, because older badly-administered
mail relays won't be running the new system - if their administrators
upgrade them to support the new features, hopefully that will turn off
any relay capabilities.  That doesn't apply to cracked zombie machines,
since the crackers can install whatever features they need,
but at least all of those Korean cable-modem boxes won't run it.
again, work the numbers to figure out the basic model and where the 
threat roughly lives.  Personally, I think that any system that tweaks 
the e-mail protocols basically loses for reasons of adoption and 
backwards compatibility.  I've put a lot of effort into the camram 
implementation to create significant backwards compatibility without 
leaving someone vulnerable to spam.

also, zombied machines are a threat but the beauty of any proof of work 
system is that the machine will start overheating if it's used too much 
and the CPU load will become noticeable to the user.  So in a way, stand 
generating zombies might actually do the net some good and takeout these 
machines.  or cause another blackout in New York State...

---eric

--
Speech recognition in use.  Incorrect endings, words, and case is
closer than it appears
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]