[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Project Leader Election 2003 Results

>>>>> "Matthew" == Matthew Wilcox <willy@debian.org> writes:

    Matthew> I believe the method for choosing the hash that allows
    Matthew> one to identify one's vote is flawed.  Since all
    Matthew> components of the string to be fed to md5sum are chosen
    Matthew> by the secretary or known well in advance, it would be
    Matthew> possible for a malicious secretary to stuff the ballot
    Matthew> box.  If it is possible for the secretary to choose two
    Matthew> strings which hash to the same value, the secretary can
    Matthew> replace one of the votes with a vote of their choosing.
    Matthew> This is admittedly rather hard, but the secretary has an
    Matthew> unlimited amount of time to work in to achieve this
    Matthew> result.

That would be cryptographically hard.  The whole point of a good
cryptographic hash is that you cannot find two strings that hash to
the same value (or in the weaker version, that you cannot find another
string that hashes to the same thing as a given message).

If our secretary can find two strings hashing to the same value then
the secretary has much more interesting opportunities than destroying
the integrity of the Debian elections.

If you believe that md5 is too weak of a hash (there have been partial
breaks published against it), then suggest using sha-1, or one of the
newer sha variants.

Reply to: