On Mon, 2003-04-07 at 10:19, J-F C. (Jefsey) Morfin wrote: > On 15:59 07/04/03, Stephen Waters said: > >Can you post the code to the list -- or at least give a link to it > >somewhere so we can review the code? > > > >What secret key algorithm, padding, or chaining (if more than 1 block) > >do you plan to use? If you're planning on using Perl, Crypt::CBC makes > >this stuff pretty easy, including md5sum of cryptext. > > I intend to develop that quickly in K&R C under DOS ok, do it the hard way! :) > The key sequence is very simple. There is absolutely no need for anything > complex (I can used MD5 but no one would be able to check I did not cheat). > Also the sequence is pretty long and could be folded by the email > responses. Would simply send > > "@" as a voting ligne flag > 0000 4 digit voter number > 4 letters voter checker made of a simple computation on the mail name. > (let say the 1st, the 3rd , the 6th and the 9th letter each plus four > values modulo 26) > the nr of the characters and the four values for the vote notbeing disclosed. I am a tad concerned about this. Once I get my ballot, I will easily be able to determine the sequence and could theoretically replicate it for others and spoof their votes. What I supposed you were doing was: 1) generating a random, secret key which the watchdogs have 2) encrypting the mailname (or parts of it) using AES, 3DES, or similar 3) calculating the md5sum of the result and using that as the identifier With that methodology, you can generate a static linked executable for each watchdog, but also release the source code without fear of giving away your obscurity mechanism. -s
Attachment:
signature.asc
Description: This is a digitally signed message part