On Mon, 31 Mar 2003 19:28:57 +0100,
Matthew Wilcox [EMAIL PROTECTED] said:
On Mon, Mar 31, 2003 at 01:10:33PM -0500, Aaron M. Ucko wrote:
Sam Hartman [EMAIL PROTECTED], in
[EMAIL PROTECTED] (which seems to have gone
only to the list).
Well, that was fucking stupid.
True, though I
On Mon, 31 Mar 2003 19:28:57 +0100,
Matthew Wilcox [EMAIL PROTECTED] said:
On Mon, Mar 31, 2003 at 01:10:33PM -0500, Aaron M. Ucko wrote:
Sam Hartman [EMAIL PROTECTED], in
[EMAIL PROTECTED] (which seems to have gone
only to the list).
Well, that was fucking stupid.
True, though I
Matthew == Matthew Wilcox [EMAIL PROTECTED] writes:
Matthew I believe the method for choosing the hash that allows
Matthew one to identify one's vote is flawed. Since all
Matthew components of the string to be fed to md5sum are chosen
Matthew by the secretary or known well in
Like Sam, I see no particular need for salt beyond the username.
However, I did notice a potential anonymity attack: the presence of
consistent partial voter lists and dummy tally sheets leaked some
information about which voters could have which hashes. (Batching
obviously alleviated this, but
On 31 Mar 2003 12:02:14 -0500,
Aaron M Ucko [EMAIL PROTECTED] said:
Like Sam, I see no particular need for salt beyond the
username. However, I did notice a potential anonymity attack: the
presence of consistent partial voter lists and dummy tally sheets
leaked some information about
Matthew Wilcox wrote:
On Mon, Mar 31, 2003 at 12:02:14PM -0500, Aaron M. Ucko wrote:
Like Sam, I see no particular need for salt beyond the username.
Uh.. Sam who? I saw no email.
Sam Hartman:
http://lists.debian.org/debian-vote/2003/debian-vote-200303/msg00115.html
--
To UNSUBSCRIBE,
Manoj Srivastava [EMAIL PROTECTED] writes:
Have you actually tried this? the dummy tally sheet is
When I originally voted (in the first few hours), my md5sum appeared
in the dummy tally sheet.
The dummy tally sheet, is just that, a dummy.
Ah, so it is. My apologies for not
On Mon, 2003-03-31 at 20:28, Matthew Wilcox wrote:
On Mon, Mar 31, 2003 at 01:10:33PM -0500, Aaron M. Ucko wrote:
It's an accomplishment, but it's affordable. Voters supplying a salt
makes it non-doable.
What about using the Message-ID ? Or are those to short?
Everyone can compare the
On Mon, Mar 31, 2003 at 07:28:57PM +0100, Matthew Wilcox wrote:
Let's try using some numbers. An md5sum is 16 bytes -- 128 bits.
On average, you need 2^64 samples to find a collision. So you need around
600 million samples per second to find one collision in a year (assuming
you're going for
On Sat, Mar 29, 2003 at 06:08:43PM -0600, The Debian Project Secretary wrote:
The results were the same from both set of algorithms. The
details are presented below. As stated earlier, people can verify
details by looking at:
a) list of people voting:
Matthew == Matthew Wilcox [EMAIL PROTECTED] writes:
Matthew I believe the method for choosing the hash that allows
Matthew one to identify one's vote is flawed. Since all
Matthew components of the string to be fed to md5sum are chosen
Matthew by the secretary or known well in
On Mon, 31 Mar 2003 15:35:15 +0100,
Matthew Wilcox [EMAIL PROTECTED] said:
I believe the method for choosing the hash that allows one to
identify one's vote is flawed. Since all components of the string
to be fed to md5sum are chosen by the secretary or known well in
advance, it would
On 31 Mar 2003 12:02:14 -0500,
Aaron M Ucko [EMAIL PROTECTED] said:
Like Sam, I see no particular need for salt beyond the
username. However, I did notice a potential anonymity attack: the
presence of consistent partial voter lists and dummy tally sheets
leaked some information about
Matthew Wilcox [EMAIL PROTECTED] writes:
On Mon, Mar 31, 2003 at 12:02:14PM -0500, Aaron M. Ucko wrote:
Like Sam, I see no particular need for salt beyond the username.
Uh.. Sam who? I saw no email. The username is insufficient salt; the
Sam Hartman [EMAIL PROTECTED], in [EMAIL
Matthew Wilcox wrote:
On Mon, Mar 31, 2003 at 12:02:14PM -0500, Aaron M. Ucko wrote:
Like Sam, I see no particular need for salt beyond the username.
Uh.. Sam who? I saw no email.
Sam Hartman:
http://lists.debian.org/debian-vote/2003/debian-vote-200303/msg00115.html
On Mon, Mar 31, 2003 at 01:10:33PM -0500, Aaron M. Ucko wrote:
Sam Hartman [EMAIL PROTECTED], in [EMAIL PROTECTED]
(which seems to have gone only to the list).
Well, that was fucking stupid.
True, though I think even finding collisions on that timescale would
be an accomplishment.
Let's try
Manoj Srivastava wrote:
On Mon, 31 Mar 2003 15:35:15 +0100,
Matthew Wilcox [EMAIL PROTECTED] said:
I believe the method for choosing the hash that allows one to
identify one's vote is flawed. Since all components of the string
to be fed to md5sum are chosen by the secretary or known
Manoj Srivastava [EMAIL PROTECTED] writes:
Have you actually tried this? the dummy tally sheet is
When I originally voted (in the first few hours), my md5sum appeared
in the dummy tally sheet.
The dummy tally sheet, is just that, a dummy.
Ah, so it is. My apologies for not
On Mon, 2003-03-31 at 20:28, Matthew Wilcox wrote:
On Mon, Mar 31, 2003 at 01:10:33PM -0500, Aaron M. Ucko wrote:
It's an accomplishment, but it's affordable. Voters supplying a salt
makes it non-doable.
What about using the Message-ID ? Or are those to short?
Everyone can compare the
On Mon, Mar 31, 2003 at 07:28:57PM +0100, Matthew Wilcox wrote:
Let's try using some numbers. An md5sum is 16 bytes -- 128 bits.
On average, you need 2^64 samples to find a collision. So you need around
600 million samples per second to find one collision in a year (assuming
you're going for
Hi,
The winner of the election is Martin Michlmayr.
I would like to thank Moshe Zadka, Branden Robinson and
Bdale Garbee for their service to the project, for standing for the
post of project leader, and for offering the developers a strong and
viable group of candidates.
Hi,
The winner of the election is Martin Michlmayr.
I would like to thank Moshe Zadka, Branden Robinson and
Bdale Garbee for their service to the project, for standing for the
post of project leader, and for offering the developers a strong and
viable group of candidates.
22 matches
Mail list logo