Re: Debian Project Leader Election 2003 Results

["Buddha Buck" <bmbuck@14850.com>]

Manoj Srivastava wrote:
> > > On Mon, 31 Mar 2003 15:35:15 +0100,
> > > Matthew Wilcox <willy@debian.org> said: 
>
>
>  > I believe the method for choosing the hash that allows one to
>  > identify one's vote is flawed.  Since all components of the string
>  > to be fed to md5sum are chosen by the secretary or known well in
>  > advance, it would be possible for a malicious secretary to stuff
>  > the ballot box.  If it is possible for the secretary to choose two
>  > strings which hash to the same value, the secretary can replace one
>  > of the votes with a vote of their choosing.  This is admittedly
>  > rather hard, but the secretary has an unlimited amount of time to
>  > work in to achieve this result.
>
> 	If I could find a means of two strings (of the same size) that
>  gasg to the same vlaue in md5sum, I'd be too busy raking in money to
>  bother stuffing debian ballots.
>
> 	If you voted, please take the rest of the year trying to come
>  up with another string that would hash to _your_ md5sum. If you can
>  come up with something even remotely reproducible, we'll have a majot
>  math paper on out hands, and I;ll happily change things around.

Speaking hypothetically, I'd like to point out that the FAQ on the 
RSA.com web site about various hash algorithms, including MD5, cites a 
1994 paper estimating that a machine built for brute-forcing MD5 hash 
collisions could probably be made for US$10M out of 1994 technology and 
1994 dollars that would find a hash collision in 24 days on average.

Moore's Law would suggest that such a machine would cost on the order of 
US$150K.

Doing some quick orders-of-magnitude calculations, I can't see how they 
would do it in that time-frame as "brute force", though.



> 	manoj