lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CA+hr98Eo26OZQTRyRkc5=0sQtfOBVsrTJzT-RRs8HNS0XxQyTw@mail.gmail.com>
Date: Wed, 11 Feb 2015 12:07:22 +0100
From: Krisztián Pintér <pinterkr@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] PHC status report

On Tue, Feb 10, 2015 at 4:00 PM, Solar Designer <solar@...nwall.com> wrote:
> I think publishing the upvote and downvote counts

counts? why not the votes themselves? why is it a secret? normally
secret voting protects the voters from retaliation. i don't think it
applies to that case. on the contrary, keeping the vote secret (as
well as unexplained) casts the shadow of doubt on the rationality of
it.


> we used the voting as a tool to focus
> further discussion rather than to definitively choose the finalists.

i was under the impression that the voting was the selection method.
if it wasn't, then it indeed does not matter much. what matters is the
actual rationale, what the selection was based on.


> I guess you'd prefer some scoring system?  It wouldn't work.  Opinions
> varied on what properties would be best to have vs. to avoid, so we
> couldn't possibly have arrived at a common scoring system.

the very reason to have a detailed rationale is that people don't have
to agree the result, they can rely on the facts. if the panel declares
a winner using one set of preferences, but that does not coincide my
own preferences, i can still use the results to find my own winner for
my own situation.


>> this discussion should also be summarized, anonimized, and made public.
> That's significant effort that's unlikely to address your concerns.

that is the only task the panel had. you are talking about skipping
the only reason this competition exists. when you signed up to this,
what is it exactly that you offered to do? also, how is it that it
does not address my concerns? my concern is that the selection process
is not transparent, and basically no information is published.
publishing the actual decision process exactly solves that problem.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ