-
Notifications
You must be signed in to change notification settings - Fork 4
dpk/hashcash.js
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
_-_-_-_-_-_-_-_-_-_-_-_-_ ) ) /\ bits ( ( /_ \/ ) ) ( ( ) ) ( ( _ _ _ ___ _ _ ) ___ _ ___ _ _ ) | || | /_\ / __| || | ( / __| /_\ / __| || | ( | __ |/ _ \\__ \ __ | ) | (__ / _ \\__ \ __ | ) |_||_/_/ \_\___/_||_| ( \___/_/ \_\___/_||_| ( ) ) ( for JavaScript ( ) ) 2012/04/20 ( (-_-_-_-_-_-_-_-_-_-_-_-_-) Hashcash is an email anti-spam system used to verify that the sender of a message is not trying to deliver it in bulk to many recipients at once. If spam is Unsolicited Bulk Mail, then Hashcash is a system to make the Bulk part of spamming more difficult. (Systems like DKIM and PGP will help with the "unsolicited" part.) Hashcash exploits the fact that the average spammer is trying to send messages to thousands of recipients at once, whereas normal email users are only trying to send it to perhaps a dozen people. It uses this assumption to require that senders 'pay' for the delivery of messages in CPU time, by requiring a 'stamp' to be generated for each recipient, each at great computational cost. If an email lands in someone's inbox with a valid stamp for their email address (validation is very cheap), it's almost certainly not spam. The fact that generating Hashcash stamps is expensive is a significant obstacle to webmail services, though. You can generate them on the server, but this will just take up CPU that could be used to serve more requests. In addition, an attacker could use your server to generate Hashcash stamps and send spam for him, using your CPU time to do his dirty expensive work and have a near guarantee that email will land in the inboxes of recipients with Hashcash-aware spam filters. The solution is to generate Hashcash stamps on the client side, using JavaScript to do this work for us. _ _ _____ _______ ___ | || |/ _ \ \ / /_ _/ _ \ | __ | (_) \ \/\/ / | || (_) | |_||_|\___/ \_/\_/ |_| \___/ Hashcash.js uses Web workers so that the computer time required to create a Hashcash stamp doesn't affect the responsiveness of your front-end. It presents an asynchronous interface much like XMLHTTPRequest. The reference implementation of Hashcash refers to the process of creating stamps as 'minting,' and Hashcash.js follows suit. You need a 'resource' (usually a recipient address) and a 'bit-cost' (I recommend 16 for testing and 20 in production): Hashcash.mint('God@heaven.af.mil', 16, function(stamp) { console.log(stamp); }); This will print eg. '1:16:120705:God@heaven.af.mil::nRkBfzPP:70895' in your JavaScript console. Note that bit-costs can be up to 160 in Hashcash, but Hashcash.js only supports up to 31 for speed reasons. Beware that stamps contain the date they were generated on, and are supposed to 'expire' after ~30 days. If you pre-generate stamps for future messages, be sure to throw them out within about a week. ___ _ _ ___ ___ |_ _| \| | __/ _ \ | || .` | _| (_) | |___|_|\_|_| \___/ Hashcash works by calculating the stamp's SHA-1 hash, the first n bits of which must be 0. To achieve this in JavaScript, an implementation of the SHA-1 hash algorithm is needed, and this comes from Jeff Mott's CryptoJS collection. <http://code.google.com/p/crypto-js/> (It is included directly to save the load-time of another file. It will be updated frequently when new versions are available.) Hashcash was invented by Adam Back. For information on the format and other implementations, including verification tools, see <http://www.hashcash.org> and the Hashcash man page at <http://www.hashcash.org/docs/hashcash.html>. An example of usage for Hashcash.js is available in index.html, an example of a Hashcash generator on the client-side. (Legalese: Hashcash.js is Copyright © David Kendal, 2012. Portions copyright Jeff Mott, 2009–2012, released under the BSD license. Permission is hereby granted to distribute this software, modified or unmodified.)
About
Hashcash minting for JavaScript.
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published