On Wed, Apr 03, 2002 at 03:17:13PM -0500, Anthony DeRobertis wrote: > On Wed, 2002-04-03 at 14:57, Pete Ryland wrote: > > > And what does that buy us over md5sum(loginid + vote + token)? > > Instead of token, why not just use the message-id of the voter's email? > Well, your message ID is: > <[🔎] 20020403195723.GC21769@pdr.cx> > ^^^^^^^^|||||| ^^^^^^^ |||||| > date ^^^^^^ ? ^^^^^^ > time domain > That ? is probably derived from the date or time. Or maybe pid. Not > sure; don't feal like reading exim and/or mutt source. > I know the vote; it's to the left of the key. I know the possible user > id's. I have some good guesses as to date/time (only a couple week > window, after all). I know which domain matches which user id. > Now I can brute force that last unknown: Which vote belongs to which > person. In addition, you don't even necessarily get protection against MITM attacks, since the Message-ID will not be part of the PGP-signed message content in most cases. Using this as the identifying token would be a step backwards in comparison with a server-generated token. (Note that you could check for message-id collisions on the server, and probably detect most attacks, but then you still either have to generate a token on the server side to replace it or invalidate the vote.) Steve Langasek postmodern programmer
Attachment:
pgpVMPhbpRkno.pgp
Description: PGP signature