Re: code validation?

From: Edmund R. Kennedy <ekennedyx_at_yahoo_dot_com>
Date: Tue Feb 22 2005 - 12:58:30 CST

Hello Paul:

Try looking under the word, "hash." A hash is sort of
a glorified check sum system that is ran on the
original software. When the hash of the CD disk
running the software is ran at startup on the voting
equipment, the number generated has to be the same as
the publically published originally generated hash.
Additionally there would be various legal and
adminstrative techniques involving multiple, intersted
witnesses in the CD duplication process. Foolproof?
No, but still very tamper resistant and compliant with
a good risk management approach to security IMHO.

HTH, Ed Kennedy

--- Paul Kinzelman <paul@kinzelman.com> wrote:

> I took a quick look back in the archives, and
> couldn't find this
> topic, and you folks must have thought about it
> already, but please allow
> me to ask it anyway...
>
> How do you validate that the code running on a
> voting machine
> has not been tampered with? Have you thought about
> using
> public key encryption on the OS release or
> something?
>
> _______________________________________________
> OVC discuss mailing lists
> Send requests to subscribe or unsubscribe to
> arthur@openvotingconsortium.org
>

=====

-- 
10777 Bendigo Cove
San Diego, CA 92126-2510
Work for the common good.
_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Sun Feb 27 17:17:07 2005

This archive was generated by hypermail 2.1.8 : Sun Feb 27 2005 - 17:17:13 CST