Hashcash

Hashcash is a system of proof of work conceived to limit the spam and the denial-of-services.

Operation

The principle of the hashcash is to prove that one carried out one quantitée of work with resources CPU. This method thus obliges the spammeurs to have used much ressoures compared to the normal users who do not misuse the services, such as the sending of emails or the posting of comments in the blogs.

This method thus avoids with the user filling of the captcha or having to carry out micropayments, the share of CPU necessary being négligable for the user.

Technical details

One often uses algorythmes such as SHA-1, MD5. For the emails for example, one asks the shipper of the message to send fields of heading such as this one X-Hashcash: 1:20: 060408: destinataire@example.org:: 1QTjaYd7niiQA/sc: ePa

One asks the shipper to find a couple 1:20: date: email of the recipient: number incremented which would give a hash sha1 whose 20 bits would be to 0, which required approximately 2^20 calculations of hash, that is to say one second of calculation approximately on a processeuur with 1Ghz. The recipient does not have any more but to check than the date of sends is recent and than the couple is valid

Applications

This system is thus not limited to e-mail but can be used in any systems where one seeks to avoid attacks repeated into large quantitées for a single or multiple destinatare, such as:

sending of emails in mass
sending the large ones quantitées of comments on the blogs

Advantages and Disadvantages

One of the advantages is that it is not very constraining for the normal user: no letters to be recopied with the system of captcha, not of system of micropaiement to set up.
This system thus makes it possible to prevent that the legitimate emails does not find by errors in the undesirable files
For the mailing-lists, the user must think of putting the mailing-list in its white list for their avoiding having to calculate the hashcash

It is necessary nevertheless that the system which allows such a calculation is established, such as the support of the Javascript for the navigators, an extension or a native support in the customers emails or for the interfaces Web emails such as Gmail.
It thus remains necessary to check the mailsne not containing the X-Hashcash field, or to provide an alternative method for the visitors not having activated JavaScript

Using software/Plugins hashcash

PenyPost extension, for Thunderbird
used in Spamassassin.
plugin for Wordpress
extension for Wikini

External bonds

http://hashcash.org - banner page of Hashcash.org
http://www.hashcash.org/faq/index.fr.php - French translation of the FAQ of hashcash.org
http://linuxfr.org/~gcottenc/18682.html - Article on linuxfr.org
http://securite.reseaux-telecoms.net/actualites/lire-les-truands-la-et-xab-brute-force-et-xbb-et-le-hashcash-10892.html

Random links: