Re: One week left to object

Michael StJohns <mstjohns@xxxxxxxxxxx> · Tue, 16 Aug 2022 22:16:31 -0400



    On 8/16/2022 4:00 PM, Salz, Rich wrote:

    
          The historical
            understanding has been that "repeat the random selection
            process" means to repeat it with the same seed and list.  As
            such, selecting the next person on the list in order is
            equivalent to repeating the process.  
            
        
        This is my understanding as well.  Starting over from picking
          new seeds means adding at least a week, if not two, which
          doesn’t seem like what the intent was.
        -Rich Salz, 2022 NomCom Chair
         
      
    There's a simple two round process that would give you new
      numbers in less than 24 hours:
    1) Pick a set of at least 5 people and get them into a jabber
      (chat, meetecho etc) room - turn on logging.  Number the people.

    
    2) Ask that group of people to generate a 4 byte value V and 60
      bytes of garbage  G  and publish it on jabber with SHA256 (V || G)
      to the public list
    openssl rand -out data.bin 64

    
    openssl sha256 -hex data.bin
    SHA256(data.bin)=
      0c55308c75567721ecfc40431cdbed5d6e1bf012e35bfa28132ecad018b5b2e1

    
    3) When the participants have seen all of the hash responses on
      the chat they now respond with their V  and G in their number
      order.

    
    xxd data.bin

      
    00000000: 0fff b552 6f81 d97e 04e0 16d2
        47c7 90a3  ...Ro..~....G...

        00000010: 72d7 c2f4 bf86 1615 30f0 12a9 700d 9381 
        r.......0...p...

        00000020: ee34 9706 7f17 0f20 12fc 914d e5bd 629e  .4.....
        ...M..b.

        00000030: 64fb e5df 82ff c370 7f50 350a 6b0b e45b 
        d......p.P5.k..[

      
    4) Finally, we all verify each hash matches the sent data, turn
      them into a useful seed value for the current system by turning
      the first 4 bytes of each into words from the PGP word list using
      only the even side and downcasing everything
      (https://en.wikipedia.org/wiki/PGP_word_list)  for a total of 20
      words and ordering the list using the numbers you assigned at the
      beginning.  If any hash fails to verify that value is skipped.  As
      long as there are at least 4 valid contributions that gives you
      about 128 bits of entropy.  If more than one hash fails to verify,
      repeat the process.

    
    xxd -r < - > mikesdata.bin and cut and paste the text
    openssl sha256 -hex mikesdata.bin

    
    artist zulu scorecard dupont
    5) Make a copy of the jabber log (meetecho record) and publish it
      to the IETF list with each of the participants verifying what
      happened.

    
    The long part of this is getting people to show up to a specific
      time.
    It's not perfect, and subject to a collaboration attack, but at
      long as a couple of the participants are honest, we'll be well
      above the required entropy for the system (which I seem to
      remember is *really* low).
    Later Mike