Ross Golder wrote: >On Wed, 2005-06-01 at 20:38 +0200, David Neary wrote: > > >>The hash is then encrypted with the election committee private key, to >>prevent just anyone from generating a voting token, but to allow the >>election committee to generate one at will for a user [4,5]. >> >> > >Wouldn't encrypting the hash require that the recipient has d/led and >installed the election committee's public key, and that the user has >some basic knowledge of public key encryption such that they can decrypt >their token (user #3 may have trouble here). > >Did you mean that the hash would be 'signed' with the elections >committee private key? > > >From my reading of the document, the intent was to encrypt the hash, and use the encrypted hash as the token.
This is so that people can't generate new voting tokens in order to vote as other people, however it isn't clear from the description how this is better than using randomly generated tokens. In fact, it seems less anonymous than randomly generated tokens: assuming the tokens are published along with the election ballots (which would be required in order for a member to verify their vote), you could find out how someone voted by doing the following: 1. hash their (firstname, surname, email) triple 2. decrypt all the voting tokens using the election committee public key 3. see which voting token matches the hash James. _______________________________________________ foundation-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/foundation-list
