On Mon, Mar 31, 2003 at 12:02:14PM -0500, Aaron M. Ucko wrote: > Like Sam, I see no particular need for salt beyond the username.
Uh.. Sam who? I saw no email. The username is insufficient salt; the secretary has a list of all debian usernames and has at least a year to attempt to construct collisions. > However, I did notice a potential anonymity attack: the presence of > consistent partial voter lists and dummy tally sheets leaked some > information about which voters could have which hashes. (Batching > obviously alleviated this, but there were probably hours when very few > initial votes came in.) > > One remedy would be not to post the list of who had voted until after > the election. Yes, that's true. Or add a significanlty longer batching period; maybe one day is enough. -- "It's not Hollywood. War is real, war is primarily not about defeat or victory, it is about death. I've seen thousands and thousands of dead bodies. Do you think I want to have an academic debate on this subject?" -- Robert Fisk
