Re: Debian Project Leader Election 2003 Results

To: Matthew Wilcox <willy@debian.org>
Cc: The Debian Project Secretary <srivasta@debian.org>, debian-vote@lists.debian.org
Subject: Re: Debian Project Leader Election 2003 Results
From: ucko@debian.org (Aaron M. Ucko)
Date: 31 Mar 2003 12:02:14 -0500
Message-id: <[🔎] udlpto7zcyx.fsf@multics.mit.edu>
In-reply-to: <[🔎] 20030331143515.GQ29376@parcelfarce.linux.theplanet.co.uk>
References: <[🔎] 87wuihpvg4.fsf@glaurung.green-gryphon.com> <[🔎] 20030331143515.GQ29376@parcelfarce.linux.theplanet.co.uk>

Like Sam, I see no particular need for salt beyond the username.
However, I did notice a potential anonymity attack: the presence of
consistent partial voter lists and dummy tally sheets leaked some
information about which voters could have which hashes.  (Batching
obviously alleviated this, but there were probably hours when very few
initial votes came in.)

One remedy would be not to post the list of who had voted until after
the election.

-- 
Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org)
Finger amu@monk.mit.edu (NOT a valid e-mail address) for more info.

Reply to:

Follow-Ups:
- Re: Debian Project Leader Election 2003 Results
  - From: Matthew Wilcox <willy@debian.org>
- Re: Debian Project Leader Election 2003 Results
  - From: Manoj Srivastava <srivasta@debian.org>

References:
- Debian Project Leader Election 2003 Results
  - From: The Debian Project Secretary <srivasta@debian.org>
- Re: Debian Project Leader Election 2003 Results
  - From: Matthew Wilcox <willy@debian.org>

Prev by Date: Re: Debian Project Leader Election 2003 Results
Next by Date: Re: Debian Project Leader Election 2003 Results
Previous by thread: Re: Debian Project Leader Election 2003 Results
Next by thread: Re: Debian Project Leader Election 2003 Results
Index(es):
- Date
- Thread