[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Project Leader Election 2003 Results

>> On Mon, 31 Mar 2003 15:35:15 +0100,
>> Matthew Wilcox <willy@debian.org> said: 

 > I believe the method for choosing the hash that allows one to
 > identify one's vote is flawed.  Since all components of the string
 > to be fed to md5sum are chosen by the secretary or known well in
 > advance, it would be possible for a malicious secretary to stuff
 > the ballot box.  If it is possible for the secretary to choose two
 > strings which hash to the same value, the secretary can replace one
 > of the votes with a vote of their choosing.  This is admittedly
 > rather hard, but the secretary has an unlimited amount of time to
 > work in to achieve this result.

	If I could find a means of two strings (of the same size) that
 gasg to the same vlaue in md5sum, I'd be too busy raking in money to
 bother stuffing debian ballots.

	If you voted, please take the rest of the year trying to come
 up with another string that would hash to _your_ md5sum. If you can
 come up with something even remotely reproducible, we'll have a majot
 math paper on out hands, and I;ll happily change things around.

 Fools ignore complexity.  Pragmatists suffer it. Some can avoid it.
 Geniuses remove it. Perlis's Programming Proverb #58, SIGPLAN
 Notices, Sept.  1982
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to: