On Mon, 2006-27-11 at 01:32 -0500, Behdad Esfahbod wrote:
[dropping foundation-list since it's getting technical] On Mon, 2006-11-27 at 01:19 -0500, Ryan Lortie wrote:On Sun, 2006-26-11 at 20:18 -0600, Gabriel Burt wrote:On 11/26/06, Behdad Esfahbod <behdad behdad org> wrote:What he's saying is that, suppose you voted for me, Quim, Federico, Dave, Bastien, Luis, and Jeff, and were given the anonymous token 0bhnyOzwLJ05jYV2phjusfe0jBYO3HZf. How do you make sure that no one else who voted for the same seven candidates received the same anonymous token?I misunderstood. This could be solved by printing the token and the date/time that the vote was received, couldn't it?This solution would reduce the degree of the problem, but you still have the (less likely) problem of people voting for the same candidate around the same date/time. It's really much easier to simply allow the user to provide their own token.That has the downside that if two people decide to choose the same token, that can degrade the *look* of the resulting list as a token is associated with two votes, or for example if I decide to use your name as my token... Stronger would be to generate the token (sha1 for example) from the name of the voter, people he voted for (in a specific order), and a random token.
I actually don't think that this is a bad thing. If a user uses the recommended method of randomly generating their token then the chance of this happening is no worse than the current situation (ie: practically impossible). If the user chooses a token that another user is likely to choose (say 00000000, or whatever) then there may be multiple 0000000's listed in the results, but you will be able to verify that at least one of the 000000's has your exact choices listed. The idea of mixing voter information into the anonymous token bothers me a little bit, even if SHA1 is supposed to be non-reversable. It also makes it more difficult for the user to confirm that the final token they ended up with was generated, at least in part, by their random input. In order for this to work you'd basically have to say to the user: "Ok. I took your random input, plus your votes, plus your name. I then took an SHA1 sum of the concatenation of these things and got _____. Please verify that I am not lying to you by running SHA1 on your own system." It's certainly verifiable. It's not especially user-friendly, however. Cheers
Attachment:
signature.asc
Description: This is a digitally signed message part