Re: Secret votes HOWTO
* Manoj Srivastava <srivasta@debian.org> [010403 21:58]:
> It is simple enough. If the passowrd string is missing, then
> the advertised default could be to put the gpg id as the password.
> The user supplied string is not allowed to have a `@` char..
>
> In this case, would we still need the hash?
I think the hash would be preferable since it includes the vote itself
as well as the private information. I can't put my finger on why I like
this, but I do.
Also, any voters who forget to put in random data will (perhaps against
their desire) have their name matched with their vote. The hash will
prevent disclosure -- the voter must perform extra work in order to
advertise his or her vote by supplying their secret and the server's
secret. (Or their gpg/pgp signed vote, if we like taking people at their
word, which I think we do.)
--
Earthlink: The #1 provider of unsolicited bulk email to the Internet.
Reply to: