Talk:Hashcash

comments
At 21:34, 2 June 2005, someone changed


 * ... a small puzzle involving the recipient's email address.

to
 * ... a small puzzle, often involving the recipient's email address.

with the comment
 * "Hashcash isn't only for email (even if primarily)"

Really? Tell me more.

I reluctantly reverted it back.

If the puzzle *doesn't* include the email address, then what stops the spammer from spending an entire second calculating the hashcash header just one time, then once he has "the" hashcash header, sending identical copies of that header to millions of email address?

I would be fascinated to learn more about
 * hashcash that do not involve the recipient's email address
 * hashcash used for something other than email.

I see no theoretical reason why someone couldn't do either or both of these things, but I see no reason to stick them in the encyclopedia article unless someone actually does do either or both of these things.

--DavidCary 05:48, 10 November 2005 (UTC)

Elliott Back has implemented a JavaScript-based hashcash-like scheme for protecting blogs from blog comment spam. See

I've only looked at this superficially, but I don't believe this is Hashcash per se, even though he is calling it "WP Hashcash". It's the same basic idea.

--dreish~talk 21:24, 29 November 2005 (UTC)

It's actually similar to the Hashcash spec, but more of a generic secret-sharing through computation than a proof-of-work system. The latest version can be found here.

24.90.145.31 00:28, 30 January 2007 (UTC)

On further reading, it looks like the official hashcash specification does not call for an email address, but rather a "resource string" which can be an email address, an IP address, or something else.

Also, it looks like the only place where hashcash is currently in wide use is in WP Hashcash, so actually the resource identifier is usually not an email address. Spam may have been the original motivation behind the design of hashcash, but that's not where it appears to have spread.

--dreish~talk 17:15, 2 December 2005 (UTC)

Hashcache is also used for the "stamp" in camram, an antispam system. . I created something I call hybrid-sender-pays because instead of using a proof of work stamp for every message, you only use it for introductions. If you e-mail someone that has already accepted e-mail from you, there's no need for a stamp. I also use it to heal some of the damage caused by blacklists. A very large value stamp (typically plus 3 bits over the nominal stamp value) is used to bypass a black list. The assumption being that a stamp a times larger than the standard value is large enough to discourage spammers from widespread use but small enough to allow someone to get through and alert the recipient about the blockage.

Esj 15:58, 19 March 2006 (UTC)

Re-worded the first paragraph of 'how-it-works' for reasons of clarity, as described below;

'non-spam email' implies the sender is never a spammer. But spammers can also attach stamps to their spam if they can afford the CPU time.

Replaced 'computer time' with 'CPU time'.

'...verify the sender has solved the puzzle...' implies it is the sender themselves and not their PC doing the solving.

'numerical stamp' - It's not numerical, it's textual

--Jhonan 11:32, 1 May 2006 (UTC)

There was previously a mathematical error in the article. It stated that it will take on average 219 tries to generate a valid Hashcash, but this is actually 220. The previous calculation assumed that exactly 1 in 20 SHA-1 sums will be preceded by 220 zeros, so the probability of getting a correct hash goes up after each failure, and only 219 tries are needed. Rather, this is an average value, and the probability of each trial succeeding not improved by failed trials, so on average 220 tries will be needed.

--Kerrick Staley 21:43, 10 February 2011 (UTC)

What does "Unspent" Hashcash mean? (in the section about SpamAssassin)

50.74.14.28 (talk) 15:56, 16 December 2013 (UTC)

Comment: Why Adam Back? It was proposed before by C. Dwork and M. Naor. Why everytime I see something related superficially to bitcoin and related technologies this person named Adam Back claims priority??? Please convert it to Dwork and Naor. — Preceding unsigned comment added by 78.47.72.96 (talk) 04:33, 12 June 2017 (UTC)

How does it work in case of spam (give some example)?
79.117.77.137 (talk) 17:34, 19 July 2013 (UTC)If the hash algorithm is known, aren't there databases of already computed hashes, (possibly in the so called "big-data"/"cloud")? On the other side, if the hash algorithm is receiver designed, I think, differences bitween algorithms should be some sort of change of some parameters (for example, requireing the sender that the hash-checksum, like an SHA, be XOR-ed with some receiver sent value and and then check the first n bits - the acctual number of and sequence of bits are also user sent).79.117.77.137 (talk) 17:34, 19 July 2013 (UTC) Later edit: it's true that querying a database might be more time consuming than computing the 2^20 random SHA. I also realized it depends on e-mail and current time, but, in this case spammers might be prone to precompute many stamps for a single mail and then exchange information (however, this is also a some cost79.117.77.137 (talk) 17:56, 19 July 2013 (UTC)).

- There is no point precomputing hashes because each hash can only be used once, for the actual mail that is being sent. When sending a spam email to a different address, or at a different time, a new hash must be computed. The cost of doing so is the burden that the spammer must pay for.

- I think when you talk about databases, you are thinking of big lookup tables which can be used to *reverse* hashes. That is simply not applicable or useful to this situation. (From the hashcash header you might be able to lookup the recipient email and the send date, but you have that data already!) In security applications, hashes are used to "hide" the original data, so you can prove to other people who also hold the original data that you hold it too. In this case, hiding the data is not what the hash is being used for. Instead, the hash is being used to prove that some processor-intensive work was done to *find* the hash. (In fact, many hashes are computed, but only one meets the requirement of have many leading 0s, effectively proving that work was done to find it.) 103.1.70.105 (talk) 16:17, 10 January 2014 (UTC)

Bitcoin
Guys, bitcoin is NOT using hashcash. Bitcoin uses double SHA-256 with variable difficulty. The idea is superficially similar but it is NOT hashcash. JorisVR (talk) 09:44, 15 September 2013 (UTC)

-- Really? Even the hashcash creator says bitcoin uses hash cash:

- Good to know. That should go in the article, and also in the Adam Back page.

Is there any source other than Adam Back for that claim? They definitely use the same system(i.e. looking for long strings of zeros), but is that enough to say that Bitcoin "uses" hashcash? Inicholson (talk) 15:28, 2 December 2014 (UTC)

Nomenclature
I am curious how "Hashcash" originally got its name. It seems ironic that it is now famous because of Bitcoin, yet its original purpose had nothing to do with monetary cash!

Average hashing attempts
The article states that the sender will need to try 220 hashes on average until a hash value with 20 initial zeros will be found. Since the odds of any given hash being successful is 1 in 220, shouldn't 220 hashing attempts be the worst case, and therefore the average number of attempts be only half of that (i.e., 219 attempts)? — Loadmaster (talk) 20:24, 12 April 2016 (UTC)
 * Agreed. I have edited it. Blooteuth (talk) 18:59, 28 August 2017 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified 2 external links on Hashcash. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Added archive https://web.archive.org/web/20131021195822/http://download.microsoft.com/download/7/6/b/76b1a9e6-e240-4678-bcc7-fa2d4c1142ea/csri.pdf to http://download.microsoft.com/download/7/6/b/76b1a9e6-e240-4678-bcc7-fa2d4c1142ea/csri.pdf
 * Added archive https://web.archive.org/web/20051027033442/http://elliottback.com/wp/archives/2005/10/23/wordpress-hashcash-30-beta/ to http://elliottback.com/wp/archives/2005/10/23/wordpress-hashcash-30-beta/

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

Cheers.— InternetArchiveBot  (Report bug) 02:38, 31 October 2017 (UTC)

Idea proposed in 1992
I have moved the earlier author claim to its own section, and out of the lede. Putting it in the lede gives too much WP:UNDUE WEIGHT to this content that appears to be WP:OR. But I thought I would leave the content for now. We need an WP:RS that states that Adam Back's work was based on this earlier work, not just a link to the earlier work and then the wikipedia editor does his own WP:OR to determine the connection. We just dont do that, especially as the content seems to call into question the validity of Back's invention, and is thus a WP:BLP issues. Jtbobwaysf (talk) 16:51, 15 May 2018 (UTC)

Citations for the Hash Cash Creation Discrepancy (Give credit where credit is due)
Have a listen to a discussion about this topic from Professor Emin Gun Sirer at Cornell.

A few important things to note:
 * Adam Back's Hash Cash is not used in bitcoin, though it is cited by Satoshi. Bitcoin uses the core proof of work idea.
 * The core proof of work idea came from Cynthia Dwork and Mani Noar 5 or 6 years prior to Adam Back.
 * Adam Back's page says a similar system is used in bitcoin, not hash cash Adam Back

Y3sh (talk) 05:20, 1 June 2018 (UTC)
 * please link to the page in google books if possible. Jtbobwaysf (talk) 12:58, 1 June 2018 (UTC)
 * updated Y3sh (talk) 18:04, 10 June 2018 (UTC).
 * Cool, thanks. I thought maybe this link would say that Back's work came later. I think we need a source to tell us that Backs work was based on this, we editors can't do our own WP:OR to determine that this source came first (even it appears to me it does). Jtbobwaysf (talk) 18:44, 10 June 2018 (UTC)

Why initialize the counter to a random value?
I propose the following change to the algorithm: the counter must always start at zero. Therefore it represents the number of unsuccessful attempts.

This provides two distinct benefits:

1) The recipient can maintain global stats on the number of attempts. They should converge towards half the worst-case number of tries in a nice bell. If a sender sends several outliers, they are likely cheating.

2) The recipient can elect to perform the work occasionally or in case of doubts about the sender. It can redo the exact same sequence of tries. If it finds a matching hash sooner than they said, they would have found it too, therefore the are almost surely cheating. Axelriet (talk) 05:49, 28 February 2023 (UTC)