On Wed, 2002-04-03 at 14:57, Pete Ryland wrote:
> > And what does that buy us over md5sum(loginid + vote + token)?
>
> Instead of token, why not just use the message-id of the voter's email?
Well, your message ID is:
<[EMAIL PROTECTED]>
^^^^^^^^|||||| ^^^^^^^ ||||||
date ^^^^^^ ? ^^^^^^
time domain
That ? is probably derived from the date or time. Or maybe pid. Not
sure; don't feal like reading exim and/or mutt source.
I know the vote; it's to the left of the key. I know the possible user
id's. I have some good guesses as to date/time (only a couple week
window, after all). I know which domain matches which user id.
Now I can brute force that last unknown: Which vote belongs to which
person.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
