Re: Debian Project Leader Election 2003 Results

To: "Aaron M. Ucko" <amu@alum.mit.edu>
Cc: Matthew Wilcox <willy@debian.org>, "Aaron M. Ucko" <ucko@debian.org>, The Debian Project Secretary <srivasta@debian.org>, debian-vote@lists.debian.org
Subject: Re: Debian Project Leader Election 2003 Results
From: Matthew Wilcox <willy@debian.org>
Date: Mon, 31 Mar 2003 19:28:57 +0100
Message-id: <[🔎] 20030331182857.GT29376@parcelfarce.linux.theplanet.co.uk>
In-reply-to: <[🔎] udlllyvz9t2.fsf@multics.mit.edu>
References: <[🔎] 87wuihpvg4.fsf@glaurung.green-gryphon.com> <[🔎] 20030331143515.GQ29376@parcelfarce.linux.theplanet.co.uk> <[🔎] udlpto7zcyx.fsf@multics.mit.edu> <[🔎] 20030331175910.GR29376@parcelfarce.linux.theplanet.co.uk> <[🔎] udlllyvz9t2.fsf@multics.mit.edu>

On Mon, Mar 31, 2003 at 01:10:33PM -0500, Aaron M. Ucko wrote:
> Sam Hartman <hartmans@d.o>, in <[🔎] tslfzp3jye6.fsf@konishi-polis.mit.edu>
> (which seems to have gone only to the list).

Well, that was fucking stupid.

> True, though I think even finding collisions on that timescale would
> be an accomplishment.

Let's try using some numbers.  An md5sum is 16 bytes -- 128 bits.
On average, you need 2^64 samples to find a collision.  So you need around
600 million samples per second to find one collision in a year (assuming
you're going for a brute-force attack and you're not exploiting some
of the weaknesses of md5).  Let's assume your 3GHz processor takes 1000
cycles to calculate an md5sum (I don't know what it really is.. a real
number wouldn't hurt at this point..), so it can do 3 million samples/s.
200 of them will do it.

It's an accomplishment, but it's affordable.  Voters supplying a salt
makes it non-doable.

> Or min(1 day, 100 votes) to deal with falloff.

Hadn't thought about falloff.  Not sure there's a way to deal with the
case where precisely one voter votes on the last day.  Another reason
for voting early, voting often.  Maybe there's a chaff solution to this?

-- 
"It's not Hollywood.  War is real, war is primarily not about defeat or
victory, it is about death.  I've seen thousands and thousands of dead bodies.
Do you think I want to have an academic debate on this subject?" -- Robert Fisk

Reply to:

Follow-Ups:
- Re: Debian Project Leader Election 2003 Results
  - From: Alain Schroeder <alain@parkautomat.net>
- Re: Debian Project Leader Election 2003 Results
  - From: Michael Goetze <mgoetze@mgoetze.net>

References:
- Debian Project Leader Election 2003 Results
  - From: The Debian Project Secretary <srivasta@debian.org>
- Re: Debian Project Leader Election 2003 Results
  - From: Matthew Wilcox <willy@debian.org>
- Re: Debian Project Leader Election 2003 Results
  - From: ucko@debian.org (Aaron M. Ucko)
- Re: Debian Project Leader Election 2003 Results
  - From: Matthew Wilcox <willy@debian.org>
- Re: Debian Project Leader Election 2003 Results
  - From: amu@alum.mit.edu (Aaron M. Ucko)

Prev by Date: Re: Debian Project Leader Election 2003 Results
Next by Date: Re: Debian Project Leader Election 2003 Results
Previous by thread: Re: Debian Project Leader Election 2003 Results
Next by thread: Re: Debian Project Leader Election 2003 Results
Index(es):
- Date
- Thread