On Mon, Jan 07, 2002 at 09:23:06PM -0500, Travis Bemann wrote: > Think-cash cannot be perfect, will unnecessarily burden users (people > don't like having to figure out puzzles every time they post things),
Reading some characters isn't that onerous, and think-cash would be optional and, for example, could be switched off by default and only switched on during an attack. The problem is that, as MRJ is fond of pointing out, anyone who is motivated can make any or all frost channels unusable at any time they desire with complete anonymity. Of course, think-cash is far from perfect, but at least it would prevent casual script-kiddies (like mjr) from screwing things up. > is hard to implement securely (for its reliance upon the client side), Please explain? > and will be likely to defeat if one has access to the source code for > it. I don't agree that think-cash need nescessarily rely on security by obscurity any more than cryptography does. GJ implemented a very simple form of think-cash which would require quite sophisticated OCR to break automatically, open source or no open source, and which can be arbitrarily enhanced by making improvements at the server-side to thwart any attack. I think that Oskar's observation that you could employ thousands of his Indonesian economic slaves is probably a more valid criticism of think-cash, but how many script-kiddies (except Oskar) have access to Indonesian slaves? Thinkcash is a security *measure*, it makes an attack significiantly more difficult, but it certainly won't make an attack impossible. Ian. -- Ian Clarke ian at freenetproject.org Founder & Coordinator, The Freenet Project http://freenetproject.org/ Chief Technology Officer, Uprizer Inc. http://www.uprizer.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20020107/c0da0500/attachment.pgp>
