Re: about the Python code

From: Alan Dechert <adechert_at_earthlink_dot_net>
Date: Thu Jul 24 2003 - 15:45:34 CDT

Alan

- ----- Original Message -----
From: "Douglas W_dot_ Jones" <jones_at_cs_dot_uiowa_dot_edu>
To: "Alan Dechert" <adechert@earthlink.net>
Sent: Thursday, July 24, 2003 1:13 PM
Subject: Re: about the Python code
Message-ID: <2950@initial.digest>

>
> On Thursday, July 24, 2003, at 02:33 PM, Alan Dechert wrote:
>
> >>
> >> I would also suggest a SHA or MD5 hash of the above.
>
> Version 1, the demo version, doesn't have to meet any strong security
> standards. Any production version, though, needs a far stronger
> development process than I see going on here. You dont't just say,
> suggest, some hash function somewhere. You do a threat analysis,
> and then you put in defenses against the demonstrated threats.
>
> Do this after you have a mock-up, because only when you have the
> external behavior banged down solidly can you identify the threats
> you're defending against.
>
> In the end, the result has to pass muster with people like the
> group at Hopkins -- see
>
> http://www.cs.uiowa.edu/~jones/voting/dieboldftp.html
> Douglas W. Jones on the Diebold FTP Story
>
> for details. It's some story!
>
> Doug Jones
> jones@cs.uiowa.edu
>
Received on Thu, 24 Jul 2003 13:45:34 -0700

This archive was generated by hypermail 2.1.8 : Wed Aug 06 2003 - 12:50:26 CDT