Re: [atlarge-discuss] Election Management - More DOS bable...

[Jeff Williams <jwkckid1@ix.netcom.com>]

Stephen and all fellow members,

  It is obvious that Jefsey doesn't know what he means here.  He
is just babbling on.  DOS will never work.  He knows that, or should.
DOS is the most spoofed OS sense CMS...

Stephen Waters wrote:

> On Tue, 2003-04-08 at 04:10, J-F C. (Jefsey) Morfin wrote:
> >
> > > > The key sequence is very simple. There is absolutely no need for anything
> > > > complex (I can used MD5 but no one would be able to check I did not
> > > cheat).
> > > > Also the sequence is pretty long and could be folded by the email
> > > > responses. Would simply send
> > > >
> > > > "@" as a voting ligne flag
> > > > 0000 4 digit voter number
> > > > 4 letters voter checker made of a simple computation on the mail name.
> > > > (let say the 1st, the 3rd , the 6th and the 9th letter each plus four
> > > > values modulo 26)
> > > > the nr of the characters and the four values for the vote notbeing
> > > disclosed.
> > >
> > >I am a tad concerned about this. Once I get my ballot, I will easily be
> > >able to determine the sequence and could theoretically replicate it for
> > >others and spoof their votes.
> >
> > No.
> > I bet you well never be able to tell me what is the sequence I used
> > to build "zldt' from sawters@luy.info and please tell me the one for
> > jefsey@club-internet.fr. May be you could if you known a large nr
> > of checkers, but you will only know yours.
> > I suppose you forgot to consider the additional string sequence.
>
> Just clarify, do you mean:
>
> 1) @ xxxx yyyy
>
> Where: xxxx = a unique, randomly assigned number
>        yyyy = obfuscated mail digits
>
> Or:
>
> 2) @ zzzz
>
> Where: zzzz = obfuscated mail digits
>
> Sorry if this seems redundant, but I want to make sure I understand you.
> [1] is acceptable to me, [2] is not.
>
> > >What I supposed you were doing was:
> > >
> > >1) generating a random, secret key which the watchdogs have
> > >2) encrypting the mailname (or parts of it) using AES, 3DES, or similar
> > >3) calculating the md5sum of the result and using that as the identifier
> > >
> > >With that methodology, you can generate a static linked executable for
> > >each watchdog, but also release the source code without fear of giving
> > >away your obscurity mechanism.
> >
> > Sure, but:
> >
> > 1. I have no time to develop that. If you can?
>
> I could, but not in C. Perl runs everywhere, though Crypt::Rijndael
> might not.
>
> > 2. The documentation of the system will call for a lot of disputes
>
> Nah. Maybe in C, but this process is maybe 200-300 lines of Perl and
> using some relatively standard modules/libraries. Of course, I can't
> make a staticly compiled version of the Perl code that will run
> everywhere.
>
> > 3. the size of the key will be large and the problem we have is that
> > bnallot does not come folded before the result, or the result will be on
> > another line, so we need the ID,Question,choice response to be less than 30
> > chars.
>
> The key is distributed shortly before ballots are sent out. The smallest
> blocksize for AES is 128 bit -> 16 bytes -> 22 base64 chars. Besides,
> you will probably have to do line folding anyway. You could always put
> an ending character after the response/answer.
>
> --start ballot--
>
> Question 00: Please answer us this very long question on the line below.
> It is pertinent that you think about this very important issue.
>
> @MDEyMzQ1Njc4OUFCQ0RFRg 00 [ ] Yes %
>
> Question 01: The following candidates are running for panel. Please
> ensure that you rank no more than 5 candidates.
>
> @MDEyMzQ1Njc4OUFCQ0RFRg 01 [ ] Myea Theau Tovau Vodauualskthay Tmua %
> @MDEyMzQ1Njc4OUFCQ0RFRg 01 [ ] Bob Smith %
> @MDEyMzQ1Njc4OUFCQ0RFRg 01 [ ] Gérard Dupont %
> @MDEyMzQ1Njc4OUFCQ0RFRg 01 [ ] Gandalf the Grey %
> @MDEyMzQ1Njc4OUFCQ0RFRg 01 [ ] Slartibartfast, Maker of Fjords %
> @MDEyMzQ1Njc4OUFCQ0RFRg 01 [ ] Ooops I did it again %
>
> Question 02: Hey Papa Smurf, how many smurfs does it take to run a
> smurfing panel?
>
> @MDEyMzQ1Njc4OUFCQ0RFRg 02 [ ] 5 smurf %
> @MDEyMzQ1Njc4OUFCQ0RFRg 02 [ ] 7 smurfs %
> @MDEyMzQ1Njc4OUFCQ0RFRg 02 [ ] 11 smurfs %
>
> ---end ballot--
>
>   ------------------------------------------------------------------------
>
>                           Name: signature.asc
>    signature.asc          Type: application/pgp-signature
>                    Description: This is a digitally signed message part

Regards,

--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 129k members/stakeholders strong!)
================================================================
CEO/DIR. Internet Network Eng. SR. Eng. Network data security
Information Network Eng. Group. INEG. INC.
E-Mail jwkckid1@ix.netcom.com
Contact Number: 214-244-4827 or 214-244-3801



---------------------------------------------------------------------
To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de