Hashcash (12″ Web Remix)

Sunday, 9 Jan 2005 [updated]

More on comment spam: take a look at Elliott Back’s Hashcash plugin for WordPress.

The idea as such is sound. What I don’t like is that it locks out anyone without Javascript – in some environments (corporate security policies, anyone?) that might be a show stopper. On the other hand, though, the very same reason that is a handicap might be a boon.

In a scenario were the algorithm was standardised (even if only defacto), spammers would only have to supply an implementation for that one algorithm in their bots. By leveraging zombie networks, they could reduce the effect of the extra load caused by hash calculations to neglibible levels. In contrast, the algorithmic diversity possible through the use of Javascript could seriously raise the bar. If the precise method of hash calculation varies a lot across sites, spammers would inevitably be forced to execute the site-supplied Javascript code in order to deliver their spam. Supplying a complete Javascript runtime to zombies would be far from impossible, but much harder than supplying just one or a few hashing algorithm implementations.