Re: code validation?

From: Edmund R. Kennedy <ekennedyx_at_yahoo_dot_com>
Date: Tue Feb 22 2005 - 14:59:13 CST

Hello,

In addition to what David says, my informed lay
person's understanding of encryption tells me that the
security issue here has to do with managing risk. In
the end, is is a judgement call as to whether the risk
is acceptable to most people.

Thanks, Ed Kennedy

--- David Mertz <voting-project@gnosis.cx> wrote:

> On Feb 22, 2005, at 3:27 PM, Paul Kinzelman wrote:
> > But I can take the code, insert my insidious
> > fraudulent code, and update the hash code, then
> release the
> > CDROM with my fraudulent code to unsuspecting
> precinct people,
> > for instance, and the hash code will check.
>
> Well, in a word, 'No'.
>
> The hash code[*] isn't just distributed on a slip of
> paper taped to the
> CD. A given version of the OVC software will have a
> known and
> published hash. That hash would be published on
> websites, newspapers,
> etc., and any CD poll workers got that lacked that
> published hash will
> be deemed no-good.
>
> [*] I would have said SHA-1 three days ago, but now
> that algorithm has
> been broken by the same brilliant Chinese team who
> broke MD5
>
> But actually, we've been through this quite a bit in
> the archives.
> We'll use Liam's StrongBox Linux (or something much
> like it) which
> includes a whole toolchain of all the "right* crypto
> procedures.
> Virtual disk images for different software sets
> (voting station, audio,
> tabulation, etc), bootable from CD, key layers for
> public key
> verification, and so on, StrongBox does all this
> sort of stuff.
>
> _______________________________________________
> OVC discuss mailing lists
> Send requests to subscribe or unsubscribe to
> arthur@openvotingconsortium.org
>

=====

-- 
10777 Bendigo Cove
San Diego, CA 92126-2510
Work for the common good.
_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Sun Feb 27 17:17:09 2005

This archive was generated by hypermail 2.1.8 : Sun Feb 27 2005 - 17:17:13 CST