Hashcash
--- Email DDoS ---
Email is an essential tool in both business and personal life. XX% of small businesses still use email for order management (because they don’t want to setup an e-commerce site using Shopify, etc). And YY% of people use email as the primary mode of communication.
Email inbox can be flooded to the point it is full and cannot receive any more new email. So an email inbox that is full can disrupt business (orders are not received), disrupt personal lives (invitation to a birthday party is not received).
Evil people can easily disrupt a business or person by flooding their email inbox. So from a single computer, the evil person can automate sending thousands of emails an hour, with the goal of flooding the email inbox of the business or person. This is essentially free – there is no cost to create and send email. In the cybersecurity world, this is considered a Denial of Service (DoS) attack. If the evil person uses multiple computers to simultaneously send out thousands of emails per hour, this type of attack is call ed Distributed of Denial of Service (DDoS).
There are several ways to reduce email inbox DDoS attack. 1) A firewall into the receipient’s email can be used to block a flood of email that is coming from the same email address. 2) Another method is to use a novel scheme created 30 years ago before firewalls became popular. It is called “Hashcash”. Hashcash, proposed by Adam Black in 1997, is a method that requires the sender to do some work before the sender can send an email. Here is how it works (I think!)
- Sender sends email to recipient
- Before sender accept recipient’s email, recipient sends a number (say 10) to the sender
- The sender takes the number (10), creates a random number (called nonce), computes the hash digest of the noonce, checks to see if the first 10 digits of the hash digest are 0s... if not, randomly create another nonce... until the first 10 digits of the hash digest are 0s
- guess NONCE1 -> HASH -> HASH_DIGEST_1; compare 1st 10 digits of HASH_DIGEST_1 to recipients request of 10 zeros; results is no
- guess NONCE2 -> HASH -> HASH_DIGEST_2; compare 1st 10 digits of HASH_DIGEST_2 to recipients request of 10 zeros; results is no
- This will take a while… and CPU resources … for the sender to compute
- Sender sends the output (hash of data ABCD) to the recipient
- The recipient can easily verify that the hash is correct, and that the sender did do work
- The recipients accepts sender’s email
So asking the sender to do work before the recipient will accept the email should and will reduce spam.
--- Bitcoin Proof of Work ---
--- Amazon Retail E-commerce ---
No comments :
Post a Comment