[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Secret votes HOWTO

* Manoj Srivastava <srivasta@debian.org> [010403 21:58]:
> 	It is simple enough. If the passowrd string is missing, then
>  the advertised default could be to put the gpg id as the password.
>  The user supplied string is not allowed to have a `@` char..
> 	In this case, would we still need the hash?

I think the hash would be preferable since it includes the vote itself
as well as the private information. I can't put my finger on why I like
this, but I do.

Also, any voters who forget to put in random data will (perhaps against
their desire) have their name matched with their vote. The hash will
prevent disclosure -- the voter must perform extra work in order to
advertise his or her vote by supplying their secret and the server's
secret. (Or their gpg/pgp signed vote, if we like taking people at their
word, which I think we do.)

Earthlink: The #1 provider of unsolicited bulk email to the Internet.

Reply to: