On Sat, Mar 29, 2003 at 06:08:43PM -0600, The Debian Project Secretary wrote: > The results were the same from both set of algorithms. The > details are presented below. As stated earlier, people can verify > details by looking at: > a) list of people voting: > http://master.debian.org/%7Esrivasta/leader2003_voters.txt
Let me start by thanking you for conducting the vote, stating that I believe your integrity has been demonstrated multiple times and I do not doubt the accuracy of the result. I believe the method for choosing the hash that allows one to identify one's vote is flawed. Since all components of the string to be fed to md5sum are chosen by the secretary or known well in advance, it would be possible for a malicious secretary to stuff the ballot box. If it is possible for the secretary to choose two strings which hash to the same value, the secretary can replace one of the votes with a vote of their choosing. This is admittedly rather hard, but the secretary has an unlimited amount of time to work in to achieve this result. I therefore recommend that this be made harder by adding a component of the voter's choice to the string which is hashed. The easiest and obvious component is their vote (ie 43251). This is a fairly limited set of choices though (in practise around 500 different possibilities). So possibly the voting form should be extended so the voter can fill in a 5-10 character salt of their choosing. Comments? -- "It's not Hollywood. War is real, war is primarily not about defeat or victory, it is about death. I've seen thousands and thousands of dead bodies. Do you think I want to have an academic debate on this subject?" -- Robert Fisk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
