Hashcash
# Hashcash - perform hashcash verification. # loadplugin Mail::SpamAssassin::Plugin::Hashcash
Hashcash is a proof-of-work system used to limit email spam and denial-of-service attacks,
and more recently has become known for its use in bitcoin (and other cryptocurrencies) as part of the mining algorithm.
For email uses, a textual encoding of a hashcash stamp is added to the header of an email to prove the sender has expended a modest amount of CPU time calculating the stamp prior to sending the email.
In other words, as the sender has taken a certain amount of time to generate the stamp and send the email, it is unlikely that they are a spammer.
The header contains:
ver: Hashcash format version, 1 (which supersedes version 0).
bits: Number of "partial pre-image" (zero) bits in the hashed code.
date: The time that the message was sent, in the format YYMMDD[hhmm[ss]].
resource: Resource data string being transmitted, e.g., an IP address or email address.
ext: Extension (optional; ignored in version 1).
rand: String of random characters, encoded in base-64 format.
counter: Binary counter (up to 220), encoded in base-64 format.
X-Hashcash: 1:20:1303030600:[email protected]::McMybZIhxKXu57jd:ckvi
Preimage Attack:
In cryptography, a preimage attack on cryptographic hash functions tries to find a message that has a specific hash value.
原理:
It then computes the 160-bit SHA-1 hash of the header.
If the first 20 bits of the hash are all zeros, then this is an acceptable header.
If not, then the sender increments the counter and tries the hash again.
Out of 2^160 possible hash values, there are 2^140 hash values that satisfy this criterion.