| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 27 Sep 2004 09:35:22 -0500 From: <Ryan_Ward@...l.com> To: <bugtraq@...urityfocus.com> Subject: RE: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes I usually lurk as well, but wanted to respond to your question. There's so much debate for one simple reason. All the known solutions have been ignored. This is why everyone is getting so upset on this issue. Companies like Diebold have ignored all the previous work on this subject, work done by people like Bruce Schneier. They've ignored all the problems with their system, up to and including their complete lack of verifiability. They're already, in a rather short history in this field, shown a complete lack of accountability (think the various unapproved revisions that got them sued in California). That they've been so determined to weasel around the _known_ solutions to these issues casts a great deal of suspicion on them. Their continued resistance to even the simplest fixes, combined with their repeated denials of any problems, is only making things worse. Unfortunately, I don't see any major changes to this happening until some state's electoral votes go to CowboyNeal or Bill the Cat... Ryan (Not speaking for Dell in any way, shape or form) "Every election is a sort of advance auction sale of stolen goods." -- H. L. Mencken -----Original Message----- From: Claudius Li [mailto:aprentic@...tae.net] Sent: Friday, September 24, 2004 9:02 AM To: bugtraq@...urityfocus.com Subject: Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes I usually stay comfortably hidden in lurkland but I'm a bit confused. Maybe someone here can enlighten me. A few years ago I read Bruce Schneiers Applied Cryptography. Everything in the book which I tested or looked up independantly turned out to be true and it enjoyed an excellent reputation in our computer science department. This book has a whole section on electronic voting. In it, Mr. Schneier lists several thing which we expect a voting system to provide; anonymity, accountability, verifiability, and others. He also points out that there is a theoretical limit to the level to which all of these can be satisfied. That is, we can never guarantee all of them with 100% confidence. This limit seems to extended to all voting systems whether they are electronic, paper based, clay-shards-in-an-amphora, or raised hands. But we can choose the levels at which we will guarantee each characteristic and get them to levels at which we are comfortable. Mr. Scneier also presented an open protocol using public key cryptography which does just that. It doesn't involve hidden code, it doesn't require an actual physical paper trail and, as far as I know, noone has ever pointed out any flaws in it. So my question is, given that this seems to be a solved problem why is there so much debate on finding the solution? Surely I am missing something obvious. -Claudius Li
Powered by blists - more mailing lists