On Thursday 12 June 2008 3:52:35 Ian Kelly wrote:
> On Thu, Jun 12, 2008 at 2:31 PM, Ben Caplan wrote:
> > > <bar>
> > "FOR /*8947521705932789*/"
> > ("AGAINST /*8947521705932789*/" hashes to <baz>.)
>
> That doesn't prove anything.
>
> Of course, all this indicates to me is that we should use something
> stronger than MD5 for this.
Ah.
Is MD5 really that easy to brute-force? hmm...
How about if each ballot also includes a proof-of-work? This should
make searching for collisions harder.
That is, instead of random noise as your salt, include the MD5 hash
of a string beginning with (say) your name and the proposal number,
and the salthash would have to begin with N zeroes.
