Re: Interesting, But What About the Election-Day Virus?

From: Rick Gideon <rick_at_openvoting_dot_org>
Date: Thu Dec 09 2004 - 15:40:23 CST

I believe that the best thing to do is to stray from having any externally
accesable I/O ports such as a USB port that could be used maliciously by
someone. Need the device(s) which to register votes and that is all.

The machines also should be stand-alone and not networked at all.

On Thu, 9 Dec 2004, Robert Rapplean wrote:

> Roy M. Silvernail wrote:
> > SHA1 is a better idea for the hash function. MD5 has had known
> > weaknesses since at least 1997, and recent work has disclosed a
> > working method to force collisions. Considering the importance of
> > that which we're attempting to certify, we may want to go all the way
> > to SHA-256. It's slower, but even more resistant to tampering. (and
> > when I say slower, I mean SHA-256 may not be suited for thousands of
> > transactions a second, but for random checks every 5-10 minutes during
> > polling, it would be fine)
> >
> I definitely agree on the sha-256 thing, but random checks every 5-10
> minutes would be pointless. If a virus can compromise the polling
> system, then it can just as readily compromise a program which does
> random checks. I much more believe in a system which allows us to do
> complete memory dumps to another system connected via USB for auditing
> purposes. A bit more complicated, but much more difficult to fool.
> _______________________________________________
> OVC discuss mailing lists
> Send requests to subscribe or unsubscribe to
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Fri Dec 31 23:17:09 2004

This archive was generated by hypermail 2.1.8 : Fri Dec 31 2004 - 23:17:22 CST