On Sat, Mar 31, 2001 at 06:01:35PM -0500, Raul Miller wrote: > On Sat, Mar 31, 2001 at 02:48:51PM -0800, John H. Robinson, IV wrote: > > user-supplied random data plus system-generated random data would > > probably be required, to prevent collision between Alice and Bob both > > supplying the same random data. > > Alternatively, the user's debian-id could be included (since this is > guaranteed to be unique for any valid voter).
i was thinking something like: ---cut here--- To: [EMAIL PROTECTED] From: Alice <[EMAIL PROTECTED]> Subject: My Vote [12345] 3125 To: Alice <[EMAIL PROTECTED]> From: [EMAIL PROTECTED] Subject: Your vote has been counted Your ID is 3125-8888 ---cut here--- where 3125 is the user supplied, and 8888 is the system supplied. and the votes would be listed as: ---cut here--- --1-- 3125-0837 12345 3125-8888 54321 7777-5433 the following people voted: alice bob charlie ---cut here--- or whatever. if you hash it, then the user can't tell if the result has been mucked with or not. and if you used debian-id (what is this? the UID on the debian systems?) then a simple lookup could tell the Thought Police who voted how. > However, you still need some source of randomness (user-supplied is best, > I think) to avoid dictionary analysis of the acknowledgement hash. only if the user could indeed verify that her salt is part of the hash. otherwise you could get into the ``everyone that votes 12345 gets the hash of 0xDEADBEEF'' -john
