Re: Concerns about the election process

On Mon, 2006-27-11 at 01:32 -0500, Behdad Esfahbod wrote:
[dropping foundation-list since it's getting technical]

On Mon, 2006-11-27 at 01:19 -0500, Ryan Lortie wrote:
On Sun, 2006-26-11 at 20:18 -0600, Gabriel Burt wrote:
On 11/26/06, Behdad Esfahbod <behdad behdad org> wrote:
What he's saying is that, suppose you voted for me, Quim, Federico,
Dave, Bastien, Luis, and Jeff, and were given the anonymous token
0bhnyOzwLJ05jYV2phjusfe0jBYO3HZf.  How do you make sure that no one else
who voted for the same seven candidates received the same anonymous

I misunderstood.  This could be solved by printing the token and the
date/time that the vote was received, couldn't it?

This solution would reduce the degree of the problem, but you still have
the (less likely) problem of people voting for the same candidate around
the same date/time.  It's really much easier to simply allow the user to
provide their own token.

That has the downside that if two people decide to choose the same
token, that can degrade the *look* of the resulting list as a token is
associated with two votes, or for example if I decide to use your name
as my token...  Stronger would be to generate the token (sha1 for
example) from the name of the voter, people he voted for (in a specific
order), and a random token.

I actually don't think that this is a bad thing.  If a user uses the
recommended method of randomly generating their token then the chance of
this happening is no worse than the current situation (ie: practically

If the user chooses a token that another user is likely to choose (say
00000000, or whatever) then there may be multiple 0000000's listed in
the results, but you will be able to verify that at least one of the
000000's has your exact choices listed.

The idea of mixing voter information into the anonymous token bothers me
a little bit, even if SHA1 is supposed to be non-reversable.  It also
makes it more difficult for the user to confirm that the final token
they ended up with was generated, at least in part, by their random
input.  In order for this to work you'd basically have to say to the

"Ok.  I took your random input, plus your votes, plus your name.  I then
took an SHA1 sum of the concatenation of these things and got _____.
Please verify that I am not lying to you by running SHA1 on your own

It's certainly verifiable.  It's not especially user-friendly, however.


Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]