Skip to main content
Paul Lindner
 

PHOTO PRESERVATION DRAWING!

I have a mechanism that has enough crypto-theater to make me happier than just drawing numbers out of a hat and having someone pinky-swear that the process is legit
.

It uses a Random Beacon to seed a random number generator, which then chooses 5 winners from the 73 entrants. It's a silly perl script (might rewrite it in go if I
have time...)

https://plindner.users.x20web.corp.google.com/www/survey-drawing/README

------------------------------------------------

5 winners will be chosen on June 15th at noon Pacific Standard Time.

Read on to find out how winners will be chosen.

- Each of the 73 entrants is given a 'lot number', which is emailed to them.
- The file lot_to_username.txt maps the number to a hashed version of your username.
- You can verify that your lot is listed correctly. For example:

# Verify if your lot number is 12
sudo apt-get install apache2-tools
htpasswd -v -b /google/data/rw/users/pl/plindner/www/survey-drawing 12 lindner

- The http://winners.pl script chooses 5 random winners with a random seed.
- The random seed will be generated by the NIST random beacon on June 15th Noon Pacific Standard time. Results will be visible here:

https://beacon.nist.gov/rest/record/1497553200

- The seed value will be written to seed.xml at that point and winners will be
chosen!

TECHNICAL DETAILS FOLLOW

- The original names are stored one username-per-line in names.txt
- The lot_to_username.txt file containing bcrypt hashed usernames was generated using this command:

cat -n /tmp/names.txt | xargs -n 2 htpasswd -b -B -C 20 ~/contest.file

- Note that you could brute-force the usernames with moderate compute capacity. Please be polite and don't do that.

TAMPER VERIFICATION

You can verify that the usernames, script, and contest draw date have not been modified by verifying the PGP signature of the date and sums.

You can verify this message by using keybase https://keybase.io/lindner or looking up my PGP key lindner@inuus.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

sha256sum lot_to_username.txt http://winners.pl

6a86aadf90310cb83b2cadcf820d3b3a0ea0bfbd175822ebcfb44a55a1fc1e0f lot_to_username.txt
bf45ed9e504d51934261610bf69153c0f0646dfbe0b58c1fe044803a90dd3ff3 http://winners.pl

Contest Seed: https://beacon.nist.gov/rest/record/1497553200
-----BEGIN PGP SIGNATURE-----

wkYEAREIABAFAllBLkYJEPhZKFJz9YBUAADv9gCgkHEiWKjs7RlfM3G5U4NsYNmK
rqUAoBpiZrhGAy/SMPUqzX+Wl/6AuQdD
=XjMK
-----END PGP SIGNATURE-----

0 stars 0 comments

Also on: plus.google