Mail2News - Hashcash

Introduction

Hashcash is a method of charging people for the privilage of using a service. The charge doesn't come in the form of money, but in CPU time instead. Placing such a charge on services like Email and Usenet makes it harder to abuse that service for flooding or trolling purposes as each message must include proof that the originator has burnt a significant number of CPU cycles in order to send the message.

Tokens and Minting

As stated above, in order for someone to use a hashcash controlled service, they are obliged to burn CPU cycles and include proof with their message that they have done so. This proof is given by way of a Token that is in effect the answer to a question that the service has asked. The question is such that it is very complicated and time consuming to answer, but the answer can be checked very quickly and easily. The process of working out the answer to the question is known as Minting a Token.

As a rough analogy, consider being asked the question, "What 2 numbers multiplied together will equal 31861?". For you to work this out would take considerable time and effort even with a calculator. However, if you presented your answer (151 x 211) to someone else, they could check it very quickly and easily. In essence this is how Hashcash works, except that computers are very fast and the question is considerably harder. In fact the question the service asks the user is so incredibly difficult that no computer in the world can find the answer without spending years trying to work it out. The provider of the service understands this and lets the user off lightly by only having to partially answer the question. The accuracy with which the question must be answered is what governs how many CPU cycles the user must burn in order to reach an acceptable answer.

The Hashcash problem

Hashcash has one major drawback; it cannot be tuned to ensure that all users must spend the same amount of time minting a token. Due to the huge variation in computer performance, a token that takes seconds on a modern PC is likely to take hours on a 386. There is no real solution to this problem, so users of older PC's may prefer to use non-hashcash services.

Bananasplit Specifics

In order to use any Hashcash based service, the first thing you will need is a client that can mint tokens for you. A selection for a variety of platforms can be downloaded from www.hashcash.org. Once your client is up and running, you are ready to begin minting tokens.

For console (or command line) based hascash clients, try typing the following command:

hashcash -b24 -mXr banana

This instructs Hashcash to mint a 24bit token for the Bananasplit Mail2News service.

Hashcash is now working on your token and will take some seconds (minutes on old hardware) to calculate it before returning something like this:

X-Hashcash: 1:24:040921:banana::BEqy54Fl+fS3xNhG:000000000007zEp

This is the complete Hashcash header and to use it, all you have to do is Copy and Paste this line into the header of the anonymous message you are creating. The example below shows how a complete header might look within Quicksilver:

Fcc: outbox
Host: smtp.host.com
From: myemail@mydomain.com
Chain: *,*,*; Copies=2
Newsgroups: alt.testing.testing
To: mail2news@bananasplit.info
Subject: Hashcash Test
X-Hashcash: 1:24:040921:banana::BEqy54Fl+fS3xNhG:000000000007zEp

When to use Hashcash

The Bananasplit Mail2News Gateway does not enforce the use of Hashcash in every circumstance, the rules are as follows and checked in this sequence:

Condition	Action	Description
Does the message contain a Comments header?	NO = Posting accepted	This checks to see if the message is being sent anonymously. non-Anonymous and Nym messages are accepted without a Hashcash token.
Is the destination alt.anonymous.messages?	YES = Posting accepted	All messages to alt.anonymous.messages are accepted without a Hashcash token. This allows for Nym users to post via Reply-Blocks.
Is there a valid Hashcash token?	YES = Posting accepted	If the above conditions aren't met, finally check for a valid Hashcash token
Reject Message	Reject	If none of the above conditions are met, reject the message

Messages can also be sent to mail2news-hashcash@bananasplit.info. In this instance a valid Hashcash token is mandatory on all messages.

Home