Re: Secret votes HOWTO
On Sat, Mar 31, 2001 at 06:01:35PM -0500, Raul Miller wrote:
> On Sat, Mar 31, 2001 at 02:48:51PM -0800, John H. Robinson, IV wrote:
> > user-supplied random data plus system-generated random data would
> > probably be required, to prevent collision between Alice and Bob both
> > supplying the same random data.
> Alternatively, the user's debian-id could be included (since this is
> guaranteed to be unique for any valid voter).
i was thinking something like:
From: Alice <firstname.lastname@example.org>
Subject: My Vote
To: Alice <email@example.com>
Subject: Your vote has been counted
Your ID is 3125-8888
where 3125 is the user supplied, and 8888 is the system supplied.
and the votes would be listed as:
the following people voted:
alice bob charlie
or whatever. if you hash it, then the user can't tell if the result has
been mucked with or not.
and if you used debian-id (what is this? the UID on the debian systems?)
then a simple lookup could tell the Thought Police who voted how.
> However, you still need some source of randomness (user-supplied is best,
> I think) to avoid dictionary analysis of the acknowledgement hash.
only if the user could indeed verify that her salt is part of the hash.
otherwise you could get into the ``everyone that votes 12345 gets the
hash of 0xDEADBEEF''