Re: code validation?

From: Fred McLain <mclain_at_zipcon_dot_net>
Date: Tue Feb 22 2005 - 14:37:14 CST

I noticed this weekend that the most popular hash, SHA-1 has been
broken. It now can be cracked in about 2 days on reasonably affordable
equipment. Given the non-transient nature of voting software we will
need to go to a different hash like SHA-256 or SHA-512.

        -Fred-

On Tue, 2005-02-22 at 10:58 -0800, Edmund R. Kennedy wrote:
> Hello Paul:
>
> Try looking under the word, "hash." A hash is sort of
> a glorified check sum system that is ran on the
> original software. When the hash of the CD disk
> running the software is ran at startup on the voting
> equipment, the number generated has to be the same as
> the publically published originally generated hash.
> Additionally there would be various legal and
> adminstrative techniques involving multiple, intersted
> witnesses in the CD duplication process. Foolproof?
> No, but still very tamper resistant and compliant with
> a good risk management approach to security IMHO.
>
> HTH, Ed Kennedy
>
> --- Paul Kinzelman <paul@kinzelman.com> wrote:
>
> > I took a quick look back in the archives, and
> > couldn't find this
> > topic, and you folks must have thought about it
> > already, but please allow
> > me to ask it anyway...
> >
> > How do you validate that the code running on a
> > voting machine
> > has not been tampered with? Have you thought about
> > using
> > public key encryption on the OS release or
> > something?
> >
> > _______________________________________________
> > OVC discuss mailing lists
> > Send requests to subscribe or unsubscribe to
> > arthur@openvotingconsortium.org
> >
>
>
> =====

-- 
Fred McLain <mclain@zipcon.net>
_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Sun Feb 27 17:17:09 2005

This archive was generated by hypermail 2.1.8 : Sun Feb 27 2005 - 17:17:13 CST