Re: [atlarge-discuss] Election Management is bogus

[Jeff Williams <jwkckid1@ix.netcom.com>]

Jefsey and all fellow members,

  Jefseys diatribe below is bogus...

J-F C. (Jefsey) Morfin wrote:

> At 22:07 07/04/03, Stephen Waters wrote:
> >On Mon, 2003-04-07 at 10:19, J-F C. (Jefsey) Morfin wrote:
> > > I intend to develop that quickly in K&R C under DOS
> >ok, do it the hard way!  :)
>
> actually for me the easiest and the most portable:-)
> and the most readable for all.
>
> > > The key sequence is very simple. There is absolutely no need for anything
> > > complex (I can used MD5 but no one would be able to check I did not
> > cheat).
> > > Also the sequence is pretty long and could be folded by the email
> > > responses. Would simply send
> > >
> > > "@" as a voting ligne flag
> > > 0000 4 digit voter number
> > > 4 letters voter checker made of a simple computation on the mail name.
> > > (let say the 1st, the 3rd , the 6th and the 9th letter each plus four
> > > values modulo 26)
> > > the nr of the characters and the four values for the vote notbeing
> > disclosed.
> >
> >I am a tad concerned about this. Once I get my ballot, I will easily be
> >able to determine the sequence and could theoretically replicate it for
> >others and spoof their votes.
>
> No.
> I bet you well never be able to tell me what is the sequence I used
> to build "zldt' from sawters@luy.info and please tell me the one for
> jefsey@club-internet.fr. May be you could if you known a large nr
> of checkers, but you will only know yours.
> I suppose you forgot to consider the additional string sequence.
>
> >What I supposed you were doing was:
> >
> >1) generating a random, secret key which the watchdogs have
> >2) encrypting the mailname (or parts of it) using AES, 3DES, or similar
> >3) calculating the md5sum of the result and using that as the identifier
> >
> >With that methodology, you can generate a static linked executable for
> >each watchdog, but also release the source code without fear of giving
> >away your obscurity mechanism.
>
> Sure, but:
>
> 1. I have no time to develop that. If you can?
> 2. The documentation of the system will call for a lot of disputes
> 3. the size of the key will be large and the problem we have is that
> bnallot does not come folded before the result, or the result will be on
> another line, so we need the ID,Question,choice response to be less than 30
> chars.
>
> jfc
>
> >-s
> >
> >
> >
> >
> >---
> >Incoming mail is certified Virus Free.
> >Checked by AVG anti-virus system (http://www.grisoft.com).
> >Version: 6.0.463 / Virus Database: 262 - Release Date: 17/03/03
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
> For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de

--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 129k members/stakeholders strong!)
================================================================
CEO/DIR. Internet Network Eng. SR. Eng. Network data security
Information Network Eng. Group. INEG. INC.
E-Mail jwkckid1@ix.netcom.com
Contact Number: 214-244-4827 or 214-244-3801



---------------------------------------------------------------------
To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de