Crypto question: Hashing ultimate output for local use

From: Ed Kennedy <ekennedyx_at_yahoo_dot_com>
Date: Sun May 01 2005 - 22:52:19 CDT

Hello All:

In previous discussion people have patiently explained to me the why and how hashing a program file to make sure it hasn't been tampered with. My understanding is that the hashing process generates a unique alpha-numeric finger print which would accompany the file and is generated by the author(s) of the file. The ultimate user runs the hash process again and checks to see if the new alpha-numeric signature matches. If it does, all is well. I'm setting aside the issue of collisions as I know reliable hashing is something of a moving target. Recently a couple of questions occurred to me.

1. What is to keep some malefactor from generating a new hash signature after tampering with the program and posting it as the correct hash signature? At the very least, it could be confusing.
2. I understand that the EVM will consists of at least two modules, a core and a front end with ballot design capabilities where election officials would enter the names of candidates and set the election parameters. If the entire program is meant to run from one CD how would the ultimate morning of election hash signature be checked? It seems that you would have to introduce yet another 'trusted' party to the process to generate an ultimate election day morning hash with the ballot included which is not usually a good idea. Am I missing the point here?

Thanks, Ed Kennedy

Thanks, Edmund R. Kennedy
Always work for the common good.
10777 Bendigo Cove
San Diego, CA 92126-2510
I blog now and then at: <>

OVC discuss mailing lists
Send requests to subscribe or unsubscribe to
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Tue May 31 23:17:10 2005

This archive was generated by hypermail 2.1.8 : Tue May 31 2005 - 23:17:52 CDT