[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Project Leader Election 2003 Results

Manoj Srivastava wrote:
On Mon, 31 Mar 2003 15:35:15 +0100,
Matthew Wilcox <willy@debian.org> said:

 > I believe the method for choosing the hash that allows one to
 > identify one's vote is flawed.  Since all components of the string
 > to be fed to md5sum are chosen by the secretary or known well in
 > advance, it would be possible for a malicious secretary to stuff
 > the ballot box.  If it is possible for the secretary to choose two
 > strings which hash to the same value, the secretary can replace one
 > of the votes with a vote of their choosing.  This is admittedly
 > rather hard, but the secretary has an unlimited amount of time to
 > work in to achieve this result.

	If I could find a means of two strings (of the same size) that
 gasg to the same vlaue in md5sum, I'd be too busy raking in money to
 bother stuffing debian ballots.

	If you voted, please take the rest of the year trying to come
 up with another string that would hash to _your_ md5sum. If you can
 come up with something even remotely reproducible, we'll have a majot
 math paper on out hands, and I;ll happily change things around.

Speaking hypothetically, I'd like to point out that the FAQ on the RSA.com web site about various hash algorithms, including MD5, cites a 1994 paper estimating that a machine built for brute-forcing MD5 hash collisions could probably be made for US$10M out of 1994 technology and 1994 dollars that would find a hash collision in 24 days on average.

Moore's Law would suggest that such a machine would cost on the order of US$150K.

Doing some quick orders-of-magnitude calculations, I can't see how they would do it in that time-frame as "brute force", though.


Reply to: