Ryan Lortie wrote:
On Sun, 2006-26-11 at 20:18 -0600, Gabriel Burt wrote:On 11/26/06, Behdad Esfahbod <behdad behdad org> wrote:What he's saying is that, suppose you voted for me, Quim, Federico, Dave, Bastien, Luis, and Jeff, and were given the anonymous token 0bhnyOzwLJ05jYV2phjusfe0jBYO3HZf. How do you make sure that no one else who voted for the same seven candidates received the same anonymous token?I misunderstood. This could be solved by printing the token and the date/time that the vote was received, couldn't it?This solution would reduce the degree of the problem, but you still have the (less likely) problem of people voting for the same candidate around the same date/time. It's really much easier to simply allow the user to provide their own token.
Even better, allow the user to append a random string to their token. (You have to return some form of secret back to the election software because that's the only way it currently works out your identity, given we're doing this via e-mail.)
-- Andrew