Ballots and one way hashes

[Robert Woodcock <rcw@debian.org>]

On Fri, Mar 25, 2005 at 12:27:11AM +0100, Jeroen van Wolffelaar wrote:
> Eh, the buyer can demand proof, the same proof a voter has to verify his
> vote is tallied: ask the secret token.  Assuming md5 is a strong hash,
> this way a voter can prove his/her ballot if (s)he wishes to publicly
> (or privately) show to have voted in a given way.

One-way hashes of whatever algorithm are quite pointless with only a couple
million combinations (only 5040 combinations if you don't mark any choices
equally and don't leave any choices blank).

You'd want to also include a significant amount of salt (say, a paragraph of
your own free-form text to go with it) to make it worth bothering with a
one-way hash. Or (and I don't know if the voting system allows it) use
random moderately large numbers instead of 1 through 7. For example instead
of voting 1, 2, 3, 4, 5, 6, 7, vote 14252017, 75124742, 135250896,
207909366, 242590248, 315188948, 562712955.
--
Robert Woodcock - rcw@debian.org
perl -e '$a-=($_%4-2)*4/$_++while++$_<2e6;print"$a\n"'