Re: Interesting, But What About the Election-Day Virus?

From: Robert Rapplean <robert_at_rapplean_dot_net>
Date: Thu Dec 09 2004 - 12:52:20 CST

Roy M. Silvernail wrote:

> SHA1 is a better idea for the hash function. MD5 has had known
> weaknesses since at least 1997, and recent work has disclosed a
> working method to force collisions. Considering the importance of
> that which we're attempting to certify, we may want to go all the way
> to SHA-256. It's slower, but even more resistant to tampering. (and
> when I say slower, I mean SHA-256 may not be suited for thousands of
> transactions a second, but for random checks every 5-10 minutes during
> polling, it would be fine)
I definitely agree on the sha-256 thing, but random checks every 5-10
minutes would be pointless. If a virus can compromise the polling
system, then it can just as readily compromise a program which does
random checks. I much more believe in a system which allows us to do
complete memory dumps to another system connected via USB for auditing
purposes. A bit more complicated, but much more difficult to fool.

OVC discuss mailing lists
Send requests to subscribe or unsubscribe to
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Fri Dec 31 23:17:08 2004

This archive was generated by hypermail 2.1.8 : Fri Dec 31 2004 - 23:17:22 CST