| Sounds like a start anyway Whine, whine, whine...
I know you MS-haters have your reasons, just like I have my own misgivings about them.
But so far it sounds like something that might actually work. Maybe something on the order of:
-> I want to send mail.
<- Ok, here's a hashed random number, tell me the original value.
-> *grind grind* Is it x?
<- Nope, two more tries.
-> *grind grind* Is it y?
<- You got it! Go ahead and send your email message.
-> Here it comes...
Of course the "hashing" needs to be something special, maybe several hashes would be provided. You'd need to try any of several selections that would each be reversed until they come out to the same result for each hashed value provided.
This would mean some wheel-spinning as you try different "puzzles" (hash reversals) until the answers come out the same. Sort of like a slot machine or something.
The trick would be to develop "puzzles" that are fast to create and slow to solve, and that don't have "cheat" weaknesses.
This doesn't sound so bad, and I doubt spammers use supercomputers. I suppose there is a risk of this though and in any case as processor speed increases you'd need a way for the difficulty to ramp up without requiring new software at each end. Maybe just gradually increase the size of the random numbers (the penny?) over time?
I suppose I'll need to read up on it to be informed, but I can't imagine why there are so many negative knee-jerks going on here about it. |
 ksw_92
join:2001-05-13
La Verne, CA | I'm not an MS hater...i just think that this proposal sucks dead wombat guts.
* It means a change to SMTP which'll take forever to implement, or it'll be another optional extention (EHLO PUZZLE-PALACE?)
* It does not authenticate either the sender nor the message being sent.
* Moore's law will get the solution time down into the noise level after a few years. Need I go on?
I think Yahoo's idea of using certs is a start, but I'd like to see S/MIME signed mail become the norm. |
