I just uploaded hashcash-1.06 the main difference from 1.05 is there is
now a win32 console hashcash.exe.

As mentioned below it is a lot faster than 0.x clients (but need to wait
for the m2n or mixmaster with hashcash posting requirements to upgrade
to 1.x server -- 1.x accepts both version 0 and version 1 stamps so it
is safe to upgrade servers early).

My 1.4 Ghz celeron M gets 2.5 megahashes per second.  (1 megahash = 20
bits).  So it can generate a 20 bit stamp in 0.4s and a 28-bit stamp in
about 100 seconds.

A 3.06Ghz P4 gets about 3.7 megahashes per sec.  And an AMD athlon XP
2400+ (2Ghz clock) gets 3.4Mh/sec.

You can get them from the binaries->windows->console menu on
http://www.hashcash.org


or if impatient:


http://www.hashcash.org/binaries/win32/hashcash.exe


and pgp sig:


http://www.hashcash.org/binaries/win32/hashcash.exe.asc

To get an accurate benchmark run "hashcash -sv".

(The normal benchmark is less accurate as it runs for < 0.1s to remain
responsive).

There are some benchmarks on:

http://www.hashcash.org/benchmark/

if you or anyone you know has an AMD athlon64 or AMD opteron or any
other hardware (x86 or other that you can compile on) please send me an
email or reply in this thread.

I expect panta's GUI might work with this exe as it is a front-end that
calls hashcash.exe.

There is also the low end .. we've gone down to a 486dx 25Mhz (rather
slow) -- anyone still have a functional 386sx16Mhz?  (Was that the
slowest 386 released?)

(I ran slackware with x-windows and all on a 386sx16 many years ago).

Adam

Adam Back wrote:
> Hashcash 1.04 was just released.
>
> It supports the new version 1 format.
>
> There is no DOS / win32 console compile :-(  If anyone can figure out
> how to compile let me know, send patches.  (It will be easier to compile
> "make generic" (no assembler) and the new generic C code is already a
> fair bit faster).

[ Post a follow-up to this message ]

-----BEGIN PGP SIGNED MESSAGE-----

Adam Back wrote:

| I just uploaded hashcash-1.06 the main difference from 1.05 is there is
| now a win32 console hashcash.exe.
|
| As mentioned below it is a lot faster than 0.x clients (but need to wait
| for the m2n or mixmaster with hashcash posting requirements to upgrade
| to 1.x server -- 1.x accepts both version 0 and version 1 stamps so it
| is safe to upgrade servers early).
|
| My 1.4 Ghz celeron M gets 2.5 megahashes per second.  (1 megahash = 20
| bits).  So it can generate a 20 bit stamp in 0.4s and a 28-bit stamp in
| about 100 seconds.
|
| A 3.06Ghz P4 gets about 3.7 megahashes per sec.  And an AMD athlon XP
| 2400+ (2Ghz clock) gets 3.4Mh/sec.
|
| You can get them from the binaries->windows->console menu on
| http://www.hashcash.org

I understand from the source code for 1.06 that the random functions
under windows only rely on things like the getpid() (ProcessID?) and the
clock()/time()? Wouldn't that cause a lot of problems (double spends)
when multiple people are minting at the same time? If only you would use
a random.bin file things would be a lot better (assuming people would
run the hashcash minter at different time intervals). Maybe you could
also use OpenSSL as I see some #defines for that in the source code?

And maybe there should be an entropy warning when running under windows?

High regards,
Thomas
- --
Mean Guns, The Three Bears, Deedee: "So she is Goldilocks",
Lou: "Yeah, and you're a stupid",
Deedee: "I have just about had it with you Lou"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQB5AwUBQUL5CAEP2l8iXKAJAQECFwMeN/CiqFwm9mJHZ6hTY0xkHE7so0Uvo/Sh
 wjcUwsyAnQPRNyoFRvDOm4h0r0JxzzEoOO0XHxhW
QB+6L49NWEToy6IZc4dNT55j
 IXZh7jCWQTzZFXdvGEqTPLZBfJ+t9h7hZancZA==

=ylc2
-----END PGP SIGNATURE-----

[ Post a follow-up to this message ]

I think the correct solution would be to use the win32 crypto api
interface to call windows cryptographic random number generator.

Unfortunately I'm not really a windows programmer (unix hacker) so I
don't know how to do this directly.  But if someone could give me
pointers or sample code I'm happy to try and do this inside
#ifdef(_WIN32) in random.c.  Maybe openssl even has some code calling it
(will take a look).

Note also it should not happen all that often accidentally because two
users would have to send to the same end-recipient at the same 1/100th
second interval on the same day.  Not that this is intended as an excuse
-- I fully agree it should be fixed.

Anyone have tips or sample code I can copy to use the crypto RNG on windows?

I could use openssl, but it's not small, and adds a big dependency which
would probably make compiling with wingw harder.  But if really can't
make CAPI rng work under wingw, I can try that.

There is one other important use of random numbers in hashcash -- the -a
option which is for use with mixmaster and other remailers to hide the
send time.  From the docs:

-a period

Add (or subtract if number is negative) a random value from the
current time before minting the stamp.  This hides the time the
stamp was created, which may be useful for anonymous users.  Note
adding (rather than subtracting) a random time may be risky if the
stamp takes less than the added time to arrive as the recipient
will reject stamps with time stamps in the future.

So if you do -a -3d this mimicks what mixmaster does.  (mixmaster also
includes timestamps to allow it to expire the replay control entries; to
avoid this leaking the precise send time, it subtracts 0-3 day period
from the timestamp).  -a -3d does the same to the hashcash stamp
visibile in the header in UTC YYMMDD[hhmm[ss]] format.

Really people who are using hashcash with remailers ought to use this
feature.  That's what it was designed for.  (Of course improving the
randomness would increase the protection offered for your send time when
using -a).

Adam

Thomas J. Boschloo wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> I understand from the source code for 1.06 that the random functions
> under windows only rely on things like the getpid() (ProcessID?) and the
> clock()/time()? Wouldn't that cause a lot of problems (double spends)
> when multiple people are minting at the same time? If only you would use
> a random.bin file things would be a lot better (assuming people would
> run the hashcash minter at different time intervals). Maybe you could
> also use OpenSSL as I see some #defines for that in the source code?
>
> And maybe there should be an entropy warning when running under windows?

[ Post a follow-up to this message ]

-----BEGIN PGP SIGNED MESSAGE-----

Adam Back wrote:

<snip>

| Note also it should not happen all that often accidentally because two
| users would have to send to the same end-recipient at the same 1/100th
| second interval on the same day.  Not that this is intended as an excuse
| -- I fully agree it should be fixed.

Are you sure about this? I just created this small ansi-c program with
Borland C++ 5.5 and the output is below the program:


#include <stdio.h>
#include <time.h>

void main(void)
{
time_t t1, t2;

printf("clock()=%li\n", clock());
for(;;)
{
t1=t2;
do t2=time(0); while(t1==t2);
printf("time(0)=%li\n", t2);
}
}


C:>bcc32 rnd-test.c
Borland C++ 5.5.1 for Win32 Copyright (c) 1993, 2000 Borland
rnd-test.c:
Turbo Incremental Link 5.00 Copyright (c) 1997, 2000 Borland

C:>rnd-test.exe
clock()=0
time(0)=1094944024
time(0)=1094944025
time(0)=1094944026
time(0)=1094944027
time(0)=1094944028
^C
C:>


The time(0) only changes each second, and clock() doesn't seem to return
anything under Windows XP :-((( Changing clock() to float also doesn't
help (but I checked the include directory of Borland C++ which had it
written down as a long).

Any thoughts on this anyone?
Thomas
- --
Mean Guns, The Three Bears, Deedee: "So she is Goldilocks",
Lou: "Yeah, and you're a stupid",
Deedee: "I have just about had it with you Lou"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

 iQB5AwUBQUOG0wEP2l8iXKAJAQG2vgMdE+XlvDn6
6x6OAzLzXuXARFMnpf9gRVau
 8i3UQN3UVN8c7ZsfvQ94qeEC2LIM6uZxIj+MxxZp
PSZl9hcx6VP17/aRpq4vzlgs
Tz2LBm1UgqKYsGlYmG/u1v4yTocMc16FlW7S4Q==
=guLY
-----END PGP SIGNATURE-----

[ Post a follow-up to this message ]

-----BEGIN PGP SIGNED MESSAGE-----

Thomas J. Boschloo wrote:

| The time(0) only changes each second, and clock() doesn't seem to return
| anything under Windows XP :-((( Changing clock() to float also doesn't
| help (but I checked the include directory of Borland C++ which had it
| written down as a long).

Well, clock() does seem to work under XP, it just returns the number of
milliseconds an app has run! Only, it seems to have a resolution of
16/1000 seconds only :-( Close to 1/100 though! Only slightly worse.

Still, it is probably time to indeed kiss that code goodbye and get
something more secure..

Regards,
Thomas


#include <stdio.h>
#include <time.h>

void main(void)
{
clock_t t1, t2;

for(;;)
{
t1=clock();
do t2=clock(); while(t1==t2);
printf("t1=%li, t2=%li\n", t1, t2);
}
}
- --
Mean Guns, The Three Bears, Deedee: "So she is Goldilocks",
Lou: "Yeah, and you're a stupid",
Deedee: "I have just about had it with you Lou"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

 iQB5AwUBQUOLTAEP2l8iXKAJAQHtCwMeI3cEpu8E
DmHnWWh+TuaXPlWaCyBCI9S2
 otUnTUI2eOW7gxqePkv8YfJzM7OmfSXxReOQUQkY
+TmBJVRCc5yz5KbhUhsvoflm
 kTHYZLdxBBIeEfvL0DyhxgLnGSfbMwXmlN305w==

=Zmq0
-----END PGP SIGNATURE-----

[ Post a follow-up to this message ]