Re: Crypto question: Hashing ultimate output for localuse

From: Keith Copenhagen <K_at_copetech_dot_com>
Date: Sun May 01 2005 - 23:57:39 CDT

Hashing by itself is not a panacea,

You start with a public ovc generated set of hashes that verify the
starting point.
For each election then the people running the election generate the
original public
private key pair (PK) and create a CD that contains a signed set.

Then you build a web of trust (pyramid of delegation) based on PK the
out to the polling station, and then back to the tabulated record.

Correlating and verifying the integrity of the log(s), then allows you to
the election. If you have parallel signed logs (ie. 1 in the tabulator,
and 1 in
the operator's flash key) then it becomes virtually impossible to
successfuly tamper
with the data.

If you simply verify the hash at the polling place, then you run the risk
of an official
duplicating the CD and running a parallel election and submitting that CD.


On Sun, 1 May 2005 21:23:14 -0700, Ed Kennedy <> wrote:

> Hello David:
> All very well and good. However, who would generate the Election Day
> startup hash of the whole disk if it must be customized for every
> election at every location? This introduces the need for another
> 'trusted' (read NOT) person in the administrative process and therefore
> another weak point. I think that you (all) are going to have to go with
> modules.
> Also, I think we're going to need some administrative process whereby
> either all the poll workers or at least the poll captain signs off that
> the hash they see is the one that was in the news paper.

Keith Copenhagen
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
Received on Tue May 31 23:17:10 2005

This archive was generated by hypermail 2.1.8 : Tue May 31 2005 - 23:17:52 CDT