Talk:Hashcash

Guys, bitcoin is NOT using hashcash. Bitcoin uses double SHA-256 with variable difficulty. The idea is superficially similar but it is NOT hashcash. JorisVR (talk) 09:44, 15 September 2013 (UTC)

-- Really? Even the hashcash creator says bitcoin uses hash cash: ^[1]

- Good to know. That should go in the article, and also in the Adam Back page.

Is there any source other than Adam Back for that claim? They definitely use the same system(i.e. looking for long strings of zeros), but is that enough to say that Bitcoin "uses" hashcash? Inicholson (talk) 15:28, 2 December 2014 (UTC)

I am curious how "Hashcash" originally got its name. It seems ironic that it is now famous because of Bitcoin, yet its original purpose had nothing to do with monetary cash!

The article states that the sender will need to try 2²⁰ hashes on average until a hash value with 20 initial zeros will be found. Since the odds of any given hash being successful is 1 in 2²⁰, shouldn't 2²⁰ hashing attempts be the worst case, and therefore the average number of attempts be only half of that (i.e., 2¹⁹ attempts)? — Loadmaster (talk) 20:24, 12 April 2016 (UTC)

Agreed. I have edited it. Blooteuth (talk) 18:59, 28 August 2017 (UTC)

Hello fellow Wikipedians,

I have just modified 2 external links on Hashcash. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

• Added archive https://web.archive.org/web/20131021195822/http://download.microsoft.com/download/7/6/b/76b1a9e6-e240-4678-bcc7-fa2d4c1142ea/csri.pdf to http://download.microsoft.com/download/7/6/b/76b1a9e6-e240-4678-bcc7-fa2d4c1142ea/csri.pdf
• Added archive https://web.archive.org/web/20051027033442/http://elliottback.com/wp/archives/2005/10/23/wordpress-hashcash-30-beta/ to http://elliottback.com/wp/archives/2005/10/23/wordpress-hashcash-30-beta/

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 5 June 2024).

• If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
• If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 02:38, 31 October 2017 (UTC)

I have moved the earlier author claim to its own section, and out of the lede. Putting it in the lede gives too much WP:UNDUE WEIGHT to this content that appears to be WP:OR. But I thought I would leave the content for now. We need an WP:RS that states that Adam Back's work was based on this earlier work, not just a link to the earlier work and then the wikipedia editor does his own WP:OR to determine the connection. We just dont do that, especially as the content seems to call into question the validity of Back's invention, and is thus a WP:BLP issues. Jtbobwaysf (talk) 16:51, 15 May 2018 (UTC)

Have a listen to a discussion about this topic from Professor Emin Gun Sirer at Cornell .

A few important things to note:

• Adam Back's Hash Cash is not used in bitcoin, though it is cited by Satoshi. Bitcoin uses the core proof of work idea.
• The core proof of work idea came from Cynthia Dwork and Mani Noar 5 or 6 years prior to Adam Back ^[1].
• Adam Back's page says a similar system is used in bitcoin, not hash cash Adam Back

Y3sh (talk) 05:20, 1 June 2018 (UTC)

@Y3sh: please link to the page in google books if possible. Jtbobwaysf (talk) 12:58, 1 June 2018 (UTC)

@Jtbobwaysf: updated Y3sh (talk) 18:04, 10 June 2018 (UTC).

Cool, thanks. I thought maybe this link would say that Back's work came later. I think we need a source to tell us that Backs work was based on this, we editors can't do our own WP:OR to determine that this source came first (even it appears to me it does). Jtbobwaysf (talk) 18:44, 10 June 2018 (UTC)

I propose the following change to the algorithm: the counter must always start at zero. Therefore it represents the number of unsuccessful attempts.

This provides two distinct benefits:

1) The recipient can maintain global stats on the number of attempts. They should converge towards half the worst-case number of tries in a nice bell. If a sender sends several outliers, they are likely cheating.

2) The recipient can elect to perform the work occasionally or in case of doubts about the sender. It can redo the exact same sequence of tries. If it finds a matching hash sooner than they said, they would have found it too, therefore the are almost surely cheating. Axelriet (talk) 05:49, 28 February 2023 (UTC)

There’s a discrepancy between the lead and the rest of the article. The lead says, “Hashcash was proposed in 1997 by Adam Back…” but the Background section says, “The idea...was proposed by Cynthia Dwork and Moni Naor” in 1992. Is there consensus among reliable sources as to which of these is true? Stonkaments (talk) 06:07, 4 November 2024 (UTC)

Evidently hashcash has not been adopted as a widely used means of spam prevention, but it would be interesting to know and note if any email providers recognize hashcash headers and factor them into spam classification at all. JohnLorentzson (talk) 09:30, 17 November 2025 (UTC)

The article discusses JavaScript-based applications of hashcash in blogging/comment systems, including criticism of implementations (e.g., wp-hashcash) that use obfuscation rather than the actual algorithm or verifiable stamps.

To improve neutrality and reflect contemporary usage, it could be useful to note a modern example that adheres more closely to the hashcash proof-of-work principles: client-side brute-force nonce search via cryptographic hashing (Web Crypto API), producing a verifiable nonce/stamp checked server-side, with no user-visible challenge or third-party dependencies.

The Joomla plugin "Captcha - HashCash" (by Michael Richey, first released circa 2014, actively maintained as of 2025) is one such implementation. It uses SHA-256/PBKDF2 hashing on a string including client IP and timestamp, offloaded to a Web Worker for performance, with optional memory-hard modes for GPU resistance.

Suggested concise addition (to the relevant paragraph):

"In contrast, some modern implementations, such as the Joomla plugin Captcha - HashCash, employ genuine client-side proof-of-work using the Web Cryptography API to generate verifiable nonces, validated server-side without obfuscation."^[1][2][3][4]

Additional supporting discussions: https://forum.joomla.org/viewtopic.php?t=986289, https://forum.joomla.org/viewtopic.php?p=3632133.

This would provide balance to the existing criticism while keeping the section focused. Comments welcome.

Disclosure: I am the developer of the Captcha - HashCash plugin.

Stutteringp0et (talk) 01:22, 16 December 2025 (UTC) Stutteringp0et (talk) 01:22, 16 December 2025 (UTC)