[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Project Leader Election 2003 Results

On Mon, Mar 31, 2003 at 01:10:33PM -0500, Aaron M. Ucko wrote:
> Sam Hartman <hartmans@d.o>, in <tslfzp3jye6.fsf@konishi-polis.mit.edu>
> (which seems to have gone only to the list).

Well, that was fucking stupid.

> True, though I think even finding collisions on that timescale would
> be an accomplishment.

Let's try using some numbers.  An md5sum is 16 bytes -- 128 bits.
On average, you need 2^64 samples to find a collision.  So you need around
600 million samples per second to find one collision in a year (assuming
you're going for a brute-force attack and you're not exploiting some
of the weaknesses of md5).  Let's assume your 3GHz processor takes 1000
cycles to calculate an md5sum (I don't know what it really is.. a real
number wouldn't hurt at this point..), so it can do 3 million samples/s.
200 of them will do it.

It's an accomplishment, but it's affordable.  Voters supplying a salt
makes it non-doable.

> Or min(1 day, 100 votes) to deal with falloff.

Hadn't thought about falloff.  Not sure there's a way to deal with the
case where precisely one voter votes on the last day.  Another reason
for voting early, voting often.  Maybe there's a chaff solution to this?

"It's not Hollywood.  War is real, war is primarily not about defeat or
victory, it is about death.  I've seen thousands and thousands of dead bodies.
Do you think I want to have an academic debate on this subject?" -- Robert Fisk

Reply to: