[ILUG] Re: spam: requiring signed email
Paul Jakma
paul at clubi.ie
Mon Feb 9 15:39:57 GMT 2004
On Mon, 9 Feb 2004, Paul Jakma wrote:
> The more expensive, computationally, the algorithm and key size
> mandated for this pgp-sender-effort part is, the better.
The only problem is... are common PGP public-key algo's expensive
enough? CPU time is cheap compared to bandwidth. Eg:
$ ls -lh test.txt
-rw-rw-r-- 1 paul paul 955 Feb 9 15:29 test.txt
$ wc -l test.txt
32 test.txt
about 30 Recipient lines, if i encrypt this to a 1024bit DSA key (i
think DSA):
$ time gpg -e -a -r kevin test.txt
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
real 0m1.402s
user 0m0.620s
sys 0m0.120s
less than a second of computational time, and that on a 600MHz
athlon. If a faster cpu could do it in 0.1s, 5000 messages[1] would
take only 500s - so it would just add a small initial 'ramp' cost
to the existing cost of bandwidth, tcp handshake, reverse lookups by
remote MTA, etc.
Ie the computational cost would need to be significantly greater than
the latency costs of, eg TCP handshake, ie 150ms (3x 50ms -
typicalish latency) to slow down spammers.
1. each to 200 recipients, hence 1M mails in total. Though, 50 is
more reasonably, in which case it'd be equivalent to 250k messages.
regards,
--
Paul Jakma paul at clubi.ie paul at jakma.org Key ID: 64A2FF6A
warning: do not ever send email to spam at dishone.st
Fortune:
You can fool some of the people all of the time,
and all of the people some of the time,
but you can never fool your Mom.
More information about the ILUG
mailing list