> DeRobertis: Well, I guess you'll have to come up with a new password now.
Adrian: It was only a randomly generated one anyway.
> DeRobertis: But _proving_ mathematicians wrong is so much fun!
Adrian: Unless you happen to be the mathematician. :)
Adrian: After reading up on RSA and other cryptography methods even more (I
must have read over 1000 pages on cryptography so far and still don't fully
understand it.) I'm beginning to get the impression that we cannot securely
encrypt passwords while having the source code freely available.
Adrian: I say this because 1) We need to use numbers larger than HC can
deal with (100 digits or more) and 2) we need to add a few random numbers to
the start or the end of the encrypted password so that encrypting the same
text doesn't give the same answer unless you know how many digits to ignore
(which everyone would because the source code is public). Hence we need a
new way to determine if a vote should be counted.
Adrian: I would tend to look towards some kind of email verification that
is sent to the member who supposedly voted alerting them that they have
voted (if it wasn't them we can do something about it), but we also need
some kind of identification scheme before this message is sent. Otherwise
we could be swamped with emails when we haven't voted and have to keep going
back and changing things. Perhaps a password system like we have now, but
somehow preventing access to the password file to be downloaded or viewed.
> The source code can be gotten at <http://www.erols.com/derobert/break.sit.bin>
>
> If you want to use new numbers, you'll have to edit tab.pl. You'll then
> have to run "perl tab.pl > tab.cp"
Adrian: I've got it and I will try some other numbers, for now though I just
get the message "MPW does not recognise the command perl" or something to
that effect. I'd guess this means I need to find perl add-ons for MPW or
adjust a global variable in MPW somewhere.
