Re: Debian Project Leader Election 2003 Results
>>>>> "Matthew" == Matthew Wilcox <firstname.lastname@example.org> writes:
Matthew> I believe the method for choosing the hash that allows
Matthew> one to identify one's vote is flawed. Since all
Matthew> components of the string to be fed to md5sum are chosen
Matthew> by the secretary or known well in advance, it would be
Matthew> possible for a malicious secretary to stuff the ballot
Matthew> box. If it is possible for the secretary to choose two
Matthew> strings which hash to the same value, the secretary can
Matthew> replace one of the votes with a vote of their choosing.
Matthew> This is admittedly rather hard, but the secretary has an
Matthew> unlimited amount of time to work in to achieve this
That would be cryptographically hard. The whole point of a good
cryptographic hash is that you cannot find two strings that hash to
the same value (or in the weaker version, that you cannot find another
string that hashes to the same thing as a given message).
If our secretary can find two strings hashing to the same value then
the secretary has much more interesting opportunities than destroying
the integrity of the Debian elections.
If you believe that md5 is too weak of a hash (there have been partial
breaks published against it), then suggest using sha-1, or one of the
newer sha variants.