|
| |
| | Hashcash - Wikipedia, the free encyclopedia |
 | | Hashcash is a method of adding a textual stamp to the header of an email to prove the sender has expended a modest amount of CPU time calculating the stamp prior to sending the email. | | | Hashcash is also fairly simple to implement in mail user agents and spam filters. | | | Hashcash can be incrementally deployed -- the extra Hashcash header is ignored when it is received by mail clients that do not understand it. |
|
http://en.wikipedia.org/wiki/Hashcash
(988 words)
|
|
| |
| | RPOW Theory |
| | Hashcash is a textual string in a particular format which has a special property: when run through the SHA-1 hash algorithm (the same algorithm used in the sha1sum utility often used to validate downloaded files) the result has the first N of its initial bits equal to zero, where N is typically around 20-30. | | | A piece of hashcash with a value of 30 is actualy 1024 times more valuable (in terms of difficulty of creation) as one of value 20, because it is 10 bits higher value and 2 to the 10th power is 1024. | | | Hashcash therefore serves as evidence of effort, and in many contexts can be used to demonstrate a level of importance or significance to a message or some other kind of data. |
|
http://www.rpow.net/theory.html
(2433 words)
|
|
| |
| | Papers -- Anti Brute Force Resource Metering -- TechnicalInfo.net |
| | Extending the lessons learned in implementing anti-spam “hashcash” solutions, it is a trivial task to adopt similar formatting and cryptographic algorithms and use them as the key resource metering process for web-based application authentication systems. | | | As mentioned previously, there are a number of mathematical problems that are far easier to verify than they are to initially compute. | | | This can also be complicated by the fact that the server may also require a different hashing algorithm or computational code segment be used to calculate the “Hashcash”. |
|
http://www.technicalinfo.net/papers/AntiBruteForceResourceMetering.html
(4231 words)
|
|
| |
| | Bananasplit Website - Mail2News Hashcash |
| | This is the complete Hashcash header and to use it, all you have to do is Copy and Paste this line into the header of the anonymous message you are creating. | | | In essence this is how Hashcash works, except that computers are very fast and the question is considerably harder. | | | Hashcash is now working on your token and will take some seconds (minutes on old hardware) to calculate it before returning something like this: |
|
http://www.bananasplit.info/hashcash.html
(628 words)
|
|
| |
| | The Vaults of Parnassus |
| | Hashcash is a system of creating and verifying tokens against input strings. |
|
http://py.vaults.ca/parnassus/apyllo.py?i=181399312
(45 words)
|
|
| |
| | Charming Python: Beat spam using hashcash |
| | Built on the widely available SHA-1 algorithm, hashcash is a clever system that requires a parameterizable amount of work on the part of a requester while staying "cheap" for an evaluator to check. | | | An interactive use for hashcash might be in distributed processing tasks. | | | For example, if Thunderbird mailer gains API calls for hashcash computations, it should be straightforward to let its sibling Firefox Web browser respond to interactive challenges using the same API to produce hashcash stamps. |
|
http://www-128.ibm.com/developerworks/linux/library/l-hashcash.html
(3420 words)
|
|
| |
| | Stamps vs SPAM |
| | Hashcash has many problems: first it won't stop robots, it will only slows them down (and users of good old machines will be more annoyed than spammers with brand new spamming farms). | | | In contrast, paying in human time could be fully automated (given a proper RFC for robot responders), and would require no content filtering by the recipient. | | | But most importantly, it requires the sender to install new software, and thus either cuts you from many correspondants, or else forces you to fallback to another system for all the rest of the mail. |
|
http://www.advogato.org/article/543.html
(1331 words)
|
|
| |
| | Position: "Horizontal" |
| | Another possibility is that when hashcash is computed, it is computed twice - the second computation would only be to 16 bits and would include all of the first hashcash and a random number - this random number could be retrieved by a unique key. | | | I might just recompute one every ten minutes - use 28-30 bit hashcashes and as soon as I compute one (the actual time it takes to compute one has a very high variance since it is essentially a random process) I start using that one on the mail I send out. | | | In fact, it might not be in the header, it might be a bcc entry - which means that the MTA has to understand that this hashcash entry is associated with a BCC, and it has to be somehow removed from every entry that is not going to the blind address. |
|
http://majordomo.squawk.com/njs/blog/blogger.html
(14376 words)
|
|
| |
| | HashCash |
| | HashCash lets an email sender demonstrate that they committed a certain amount of computing time in order to send an email. | | | Messages with a HashCash signature could bypass spam software, while other messages would be scrutinized more rigorously. | | | HashCash is frankly a better thought out implementation though. |
|
http://www.spambutcher.com/press0/414859
(378 words)
|
|
| |
| | [No title] |
| | A 'generalized hashcash' is implemented in the '_mint()' function, with the public function 'mint()' providing a wrapper for actual hashcash protocol. | | | Future protocol version are treated as generalized tokens (should a future version be published w/o this module being correspondingly updated). | | | Specify an extension as a string of form 'name1=2,3;name2;name3=var1=2,2,val' FWIW, urllib.urlencode(dct).replace('&',';') comes close to the hashcash extension format. |
|
http://www.gnosis.cx/download/gnosis/util/hashcash.py
(336 words)
|
|
| |
| | Hashcash FAQ |
| | With hashcash you the sender can choose the string to compute partial-hash collisions on, so no interaction is required. | | | Spammers can use hashcash too, however hashcash is bad news for spammers because the hashcash stamp takes your CPU some work to compute. | | | One example is the CAMRAM hashcash based system which does auto white-listing. |
|
http://www.hashcash.org/faq
(6008 words)
|
|
| |
| | The Shoestring Foundation Weblog |
| | HashCash is used to prove expenditure of computing power. | | | Adam Back has a similiar scheme with shorter messages intended to be embedded in headers of other protocols. | | | value and compare incoming Hashcash Checks against the list of received checks. |
|
http://pestilenz.org/cgi-bin/blosxom.cgi/2004/06/28
(286 words)
|
|
| |
| | TmdaHashCashHowto - TmdaWiki |
| | A hashcash token constitutes a proof-of-work which takes a parameterizable amount of time to compute for the sender. | | | Essentially the headers of each incoming message are fed to the hashcash command string which checks for a valid token in X-Hashcash. | | | E-mail senders attach hashcash tokens to their messages with the X-Hashcash header. |
|
http://wiki.tmda.net/TmdaHashCashHowto
(444 words)
|
|
| |
| | Ending Spam with An MTA Acquaintance Protocol |
| | HashCash operates at the MUA level, where this acquaintance protocol operates between MTAs. | | | Perhaps that biggest difference in effect is that with HashCash the sender's machine will need to perform many calculations which would not be needed by the MTA Acquainance Protocol, since it needs to solve a new problem with every e-mail, not just when meeting a "stranger". | | | In the MTA protocol, this "turning away" is immediately known on the sender's machine; it occurs when the receiver presents a problem that is too hard and the sender is alerted. |
|
http://www.w3.org/2003/10/acquaintance-protocol
(1692 words)
|
|
| |
| | notgartner.com: Mitch Denny's Blog |
| | One mechanism that has been discussed for e-mail is Hashcash which I found whilst searching for literature related to Microsoft Research's Penny Black project. | | | We implement a hashcash minting algorithm in JavaScript that can be embedded in the comment submission forms. | | | Details like the resource name and stamp value (from v1 format of Hashcash) would be provided by the server when it renders the page that contains the javascript implementation of the hashcash algorithm. |
|
http://notgartner.com/posts/572.aspx
(1087 words)
|
|
| |
| | RPOW Download |
| | but the hashcash program may have optimizations which have not made it into the RPOW client, so it might be faster. | | | Exchanging the token at the server is the mechanism by which the RPOW client verifies that the incoming token is legal: properly formatted, and not used before. | | | However, there is a bug in version 1.16 which causes occasional errors on generating large hashcash tokens. |
|
http://www.rpow.net/download.html
(2030 words)
|
|
| |
| | Mail::SpamAssassin::Plugin::Hashcash - perform hashcash verification tests |
| | Note that once a token is 'spent' it is written to this file, and double-spending of a hashcash token makes it invalid, so this is not suitable for sharing between multiple users. | | | The file mode bits used for the HashCash double-spend database file. | | | You should set it to match all the addresses that you may receive mail at. |
|
http://spamassassin.apache.org/dist/doc/Mail_SpamAssassin_Plugin_Hashcash.html
(235 words)
|
|
| |
| | Hashcash sendmail wrapper |
| | I use this program to add hashcash to my outgoing mail. | | | where regexp matches email addresses, bits is how many bits to create for those recipients and nice is nice level to use on the hashcash process so it doesn't slow down other processes. | | | The first line that matches the outgoing email address is what's used. |
|
http://www.toehold.com/~kyle/hashcash
(624 words)
|
|
| |
| | Hashcash spam prevention system. (tummy.com, ltd. Journal Entry) |
| | For the Linux users among us, there are some wrappers to the "/usr/sbin/sendmail" program which will allow your messages to be Hashcashed while preserving the standard API. | | | You can also configure how hard you want the problem to be, and give higher weights to those that work harder. | | | For those of you who are interested in what a Hashcash stamp looks like, it adds a header such as the following to your outgoing messages: |
|
http://www.tummy.com/journals/entries/jafo_20041129_003131
(540 words)
|
|
| |
| | Simple hashcash implementation Python Python |
| | The make_cluster() function concatenates 16 hashcash tokens to even | | | """Hashcash value of the given cluster against basestring 's'.""" | | | Looks like you've spent a bit of time on this. |
|
http://www.gossamer-threads.com/lists/python/python/341244
(240 words)
|
|
| |
| | Charming Python: Pyrex extends and speeds Python apps |
| | I recently created a pure-Python implementation of hashcash for the developerWorks article Beat spam using hashcash, but basically, hashcash is a technique for proving CPU work using SHA-1 challenges. | | | I will note that the efforts with hashcash in this article are not the best you might do. | | | Learn more about David's pure-Python implementation of hashcash in Beat spam using hashcash (developerWorks, November 2004). |
|
http://www-128.ibm.com/developerworks/library/l-cppyrex.html?ca=dnt-64
(2557 words)
|
|
| |
| | Hashcash.org |
| | A hashcash stamp constitutes a proof-of-work which takes a parameterizable amount of work to compute for the sender. | | | Its main current use is to help hashcash users avoid losing email due to content based and blacklist based anti-spam systems. | | | If you have questions are interested to port to different systems, integrate into different email clients (MUAs), anti-spam systems, or MTAs email Adam Back adam@cypherspace.org or post on the hashcash-list. |
|
http://www.hashcash.org
(114 words)
|
|
| |
| | How to keep your WordPress 1.5 Blog Spam Free -Simple Thoughts - Java and Web Technology Blog |
| | You can use this link (for Hashcash) which will directly download the php file to your computer - http://dev.wp-plugins.org/file/wp-hashcash/trunk/wp-hashcash.php?rev=440andformat=raw | | | I don’t know why some aol users had a problem, I just know that when I changed it, the aol users were then able to post comments without a problem. | | | In case you want to add your own entries, you can easily do so too. |
|
http://blog.taragana.com/index.php/archive/how-to-keep-your-wordpress-15-blog-spam-free
(989 words)
|
|
| |
| | pivot-blacklist:extra_features [i-marco Wiki] |
| | Copy all hashcash snippets to extensions/snippets (they are in the snippets dir provided in the Pivot-Blacklist archive but need to be moved to YOUR snippet’s dir) | | | Each feature has it’s own set of associated files and instructions on how to enable it. | | | Apart from basic (classic) spam scanning against the MT-Blacklist datafile Pivot Blacklist offers a lot more than just that. |
|
http://www.i-marco.nl/wiki/pivot-blacklist/extra_features?DokuWiki=49c027bcff60d7f26b1cc39491b9efdc
(1722 words)
|
|
| |
| | Re: Web Ads Are Intrusive |
| | So you have to run a program on your computer that generates hashcash, and you send the hashcash with the email. | | | Spammers would have to have huge render farms of computers to generate enough postage for their mail. | | | Hashcash has no value in the real world, but to generate a certain amount of hashcash requires a certain amount of processing time. |
|
http://www.scripting.com/stories/felter/rewebadsareintrusive.html
(298 words)
|
|
| |
| | Info: (gnus.info) Hashcash |
| | The resulting hashcash cookie is inserted in a `X-Hashcash:' header. | | | The "something costly" is to burn CPU time, more specifically to compute a hash collision up to a certain number of bits. | | | Hashcash avoids that, but instead requires that everyone you communicate with supports the scheme. |
|
http://www.cims.nyu.edu/cgi-comment/info2html?(gnus.info)Hashcash
(413 words)
|
|
| |
| | hashcash |
| | Resolution ========== All Hashcash users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/hashcash-1.16-r1" Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200503-12.xml Concerns? | | | Background ========== Hashcash is a utility for generating Hashcash tokens, a proof-of-work system to reduce the impact of spam. |
|
http://www.icetalk.com/hashcash-N3804.html
(446 words)
|
|
| |
| | Hashcash won't allow comments - Javasript enabled! « WordPress Support |
| | I am guessing either I have some file in the wrong folder, or I have altered some file in a small way making the hash fail. | | | Where would I *start* to look in order to determine why it isn't working? | | | Since this option requires a human to registers and a human to login, thus preventing bots from posting comments, you do not need Hashcash. |
|
http://wordpress.org/support/topic/42101
(193 words)
|
|
| |
| | Hashcash: Facts and details from Encyclopedia Topic |
| | A proof-of-work system is a system used to prove that a device, like a computer, has done some work, usually meaning processing time.... | | | Hashcash is a proof-of-work system proof-of-work system quick summary: | | | [For more, click on this link]'s article on hashcash, EHandler: no quick summary. |
|
http://www.absoluteastronomy.com/encyclopedia/h/ha/hashcash.htm
(1366 words)
|
|
| |
| | Secunia - Advisories - Hashcash "From:" Format String Vulnerability |
| | The vulnerability is caused due to a format string error in the handling of the "From:" mail header. | | | Secunia - Advisories - Hashcash "From:" Format String Vulnerability | | | Tavis Ormandy has reported a vulnerability in Hashcash, which potentially can be exploited by malicious people to compromise a user's system. |
|
http://secunia.com/advisories/14487
(261 words)
|
|
| |
| | 14566: Hashcash Malformed Reply Address Format String |
| | The issue is triggered when a format string in the way HashCash handles the "From:" Email header occurs. | | | HashCash contains a flaw that may allow a malicious user to execute arbitrary code. | | | It is possible that the flaw may allow remote system access resulting in a loss of confidentiality, integrity, and/or availability. |
|
http://www.osvdb.org/14566
(259 words)
|
|
| |
| | Hashcash for e-mail. (tummy.com, ltd. Journal Entry) |
| | The idea being that you try a bunch of strings until you find one that has more than your threshold of zero bits. | | | Hashcash is a nice idea -- it's a "proof of work" system where the sender demonstrates that they've spend some amount of CPU time as part of the mail delivery. | | | I was running 20 bits (the default) because many more bits was delaying our outgoing e-mail for what I thought was little benefit. |
|
http://www.tummy.com/journals/entries/jafo_20050424_163601
(309 words)
|
|
| |
| | Simmons Consulting » Hashcash, Bad Behavior, and the depravity of man |
| | I’m currently developing a new version which should require that users really have javascript this time… but again, there will always be possible attacks against this. | | | Hashcash, Bad Behavior, and the depravity of man | | | Sadly, the old version of Wordpress Hashcash is vulnerable to a brute-force attack which I have plugged. |
|
http://www.simmonsconsulting.com/wordpress?p=197
(986 words)
|
|
| |
| | HashCash |
| | Mathias Bauer perl HashCheck module (different hashcash format) hashcheck | | | Sebastian Gesemann java hashcash implementation | | | Alternatively the user could use the hashcash client as part of incoming mail filtering. |
|
http://www.cypherspace.org/adam/hashcash
(1285 words)
|
|
| |
| | Wordpress Plugin Competition Blog » Wordpress Hashcash 2.2 |
| | I’ve just released Wordpress Hashcash 2.2, which adds a nearly complete rewrite of the basic codebase, new obfuscation features, better style, better support for browsers without javascript, and better usability for “false positives,” that is the rare case of a person w/o javascript. | | | You can leave a response, or trackback from your own site. | | | Wordpress Plugin Competition Blog » Wordpress Hashcash 2.2 |
|
http://weblogtoolscollection.com/pluginblog/2005/05/12/wordpress-hashcash-20
(164 words)
|
|
| |
| | zestyping: [idea] Anti-spam measures. |
| | To prevent spammers from filling out the form, I would instead add a javascript that computes a salt appended to their email address that makes the SHA-1 hash start with n 0's. | | | I was going to object that setting up hashcash is much too high a barrier to entry for random people who want to send e-mail. | | | But most people have Javascript enabled in their browsers, so your suggestion would be a nice deployment technique. |
|
http://zestyping.livejournal.com/83735.html
(2196 words)
|
|
| |
| | sci.crypt: Hashcash |
| | a) Pre-computation of email address Hashcash DBs becomes possible, even | | | Next in thread: Tom St Denis: "Re: Hashcash" |
|
http://www.derkeiler.com/Newsgroups/sci.crypt/2004-07/0638.html
(206 words)
|
|
| |
| | sci.crypt: Re: Hashcash function... |
| | > You are correct, there is no problem with hashcash in that sense. | | | In reply to: Anton Stiglic: "Re: Hashcash function..." |
|
http://www.derkeiler.com/Newsgroups/sci.crypt/2003-11/0457.html
(345 words)
|
|
| |
| | NOVELL: Cool Solutions: HashCash Agent for Novell NetMail |
| | NOVELL: Cool Solutions: HashCash Agent for Novell NetMail | | | The agent can be launched with the command "java -jar hashcash.jar". | | | Add hashcash to messages passing through a NetMail server from specified users. |
|
http://www.novell.com/coolsolutions/d3.php?s=tools.14372.netmail.xml
(138 words)
|
|
| |
| | HashCash Python Implementation |
| | HashCash is a technique with several uses, such as spam deterrence and DoS resistance. | | | genToken(s, quality) - generate a hashcash token against string s of quality quality | | | Last modified: Sun Aug 8 23:42:13 NZST 2004 |
|
http://www.freenet.org.nz/python/hashcash
(61 words)
|
|
| |
| | Hashcash - A Denial of Service Counter-Measure - Back (ResearchIndex) |
| | 1 Hashcash - amortizable publicly auditable cost functions - Back - 2000 | | | Five years on, this paper captures in one place the various applications, improvements suggested and related subsequent publications, and describes initial experience from experiments using hashcash. | | | Abstract: Hashcash was originally proposed as a mechanism to throttle systematic abuse of un-metered internet resources such as email, and anonymous remailers in May 1997. |
|
http://citeseer.ist.psu.edu/back02hashcash.html
(436 words)
|
|
| |
| | Gnus Manual: Anti-spam Hashcash Payments |
| | (see section 8.18.5.1 Blacklists and Whitelists), but uses hashcash tokens for whitelisting messages instead of the sender address. | | | This document was generated on October, 20 2003 using | | | This is an explicit filter, meaning that unless a hashcash token is found, the messages are not assumed to be spam or ham. |
|
http://www.gnus.org/manual/gnus_301.html
(64 words)
|
|
| |
| | [No title] |
| | This is a problem with the hashcash specification, which specifies years as 2 digits :(Though it hardly matters -- after 100 years of Moore's law a 20 bit stamp will be tiny and not worth storing. | | | NAME Digest::Hashcash - generate Hashcash stamps (http://www.hashcash.org) SYNOPSIS use Digest::Hashcash; DESCRIPTION This module implements the hashcash hash (or digest, although it's not clearly a digest). |
|
http://www.cpan.org/authors/id/A/AD/ADAMBACK/Digest-Hashcash-0.04.readme
(633 words)
|
|
| |
| | board.neverhost.net :: View topic - MDaemon 8.0.0B upgrade! |
| | For more information on HashCash and to support the HashCash concept | | | To see how it is done for other domains just open the file with | | | In order to honor hashcash stamps for incoming messages your domains |
|
http://board.neverhost.net/viewtopic.php?p=17&sid=79a6ae89a9985354f1af84f8549c0356
(3213 words)
|
|
| |
| | Technorati Tag: hashcash |
| | The ultimate Wordpress HashCash 3.0 BETA has been released. | | | To contribute to this page, just post to your blog and include this code. | | | Become a member to save searches in a Watchlist. |
|
http://www.technorati.com/tag/hashcash
(523 words)
|
|
| |
| | Trackback Spam Resources » Blog Archive » WP Hashcash |
| | Not a trackback spam solution, of course, but WP Hashcash is a cute defense against comment spam by requiring a proof of work from the client. | | | Of course, as soon as comment spammers bake a JavaScript engine into their spambots, it’s all over, so Hashcash isn’t really breaking out of the “arms race” model of spam prevention. | | | Trackback Spam Resources » Blog Archive » WP Hashcash |
|
http://seclab.cs.rice.edu/proj/trackback/2005/06/16/wp-hashcash
(174 words)
|
|
| |
| | RazorsKiss.net » A Clarification |
| | Starting to have spam-comment problems, so I tried the newest version, seeing as I just upgraded to WP 2.0, and it may have had an effect. | | | ⊗ …Added Akismet to my spam-fighting software - even Hashcash alone can’t keep up with the bots now, as they’re getting me with “insurance” related comments - sorry, Elliott! | | | I still love Hashcash, though - it gets *almost* everything :D — no comments |
|
http://razorskiss.net/wp/2006/03/31/a-clarification
(1305 words)
|
|
| |
| | LAPO.it - HashCash |
| | Download the Java ARchive itself to use it locally or to see source code (and its PGP signature). | | | Please check Adam Back's homepage to get some info about HashCash (I'll put something here, someday). |
|
http://www.lapo.it/HashCash.html
(34 words)
|
|
|
