[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [atlarge-discuss] Election Management

At 22:07 07/04/03, Stephen Waters wrote:

On Mon, 2003-04-07 at 10:19, J-F C. (Jefsey) Morfin wrote:
> I intend to develop that quickly in K&R C under DOS
ok, do it the hard way!  :)

actually for me the easiest and the most portable:-)
and the most readable for all.
> The key sequence is very simple. There is absolutely no need for anything
> complex (I can used MD5 but no one would be able to check I did not cheat).
> Also the sequence is pretty long and could be folded by the email
> responses. Would simply send
>
> "@" as a voting ligne flag
> 0000 4 digit voter number
> 4 letters voter checker made of a simple computation on the mail name.
> (let say the 1st, the 3rd , the 6th and the 9th letter each plus four
> values modulo 26)
> the nr of the characters and the four values for the vote notbeing disclosed.

I am a tad concerned about this. Once I get my ballot, I will easily be
able to determine the sequence and could theoretically replicate it for
others and spoof their votes.
No.
I bet you well never be able to tell me what is the sequence I used
to build "zldt' from sawters@luy.info and please tell me the one for
jefsey@club-internet.fr. May be you could if you known a large nr
of checkers, but you will only know yours.
I suppose you forgot to consider the additional string sequence.


What I supposed you were doing was:

1) generating a random, secret key which the watchdogs have
2) encrypting the mailname (or parts of it) using AES, 3DES, or similar
3) calculating the md5sum of the result and using that as the identifier

With that methodology, you can generate a static linked executable for
each watchdog, but also release the source code without fear of giving
away your obscurity mechanism.
Sure, but:

1. I have no time to develop that. If you can?
2. The documentation of the system will call for a lot of disputes
3. the size of the key will be large and the problem we have is that bnallot does not come folded before the result, or the result will be on another line, so we need the ID,Question,choice response to be less than 30 chars.

jfc






-s




---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.463 / Virus Database: 262 - Release Date: 17/03/03


---------------------------------------------------------------------
To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de