lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: listuser at seifried.org (Kurt Seifried)
Subject: Presidential Candidates' Websites Vulnerable

It is of interest to note we just had our federal election here in Canada a
few days ago. I went to the polls, they checked my name, gave me a paper
ballot, I took it to the booth, made my "X" (within the circle using the
pencil provided), folded the ballot as indicated and handed it to them. They
tore a small black strip off the ballot and put the ballot in the box. The
collection of small black strips is used to ensure the ballots in the box
have a second verification mechanism (i.e. if you remove or add ballot to a
ballot box it would show up in the tally of ballots vs. ballot strips). The
count was done relatively quickly and by midnight or so we knew who had won
(polls closed at 8:30pm or so in most places).

Personally I hope we NEVER use anything more sophisticated then this for
federal elections in Canada. I simply don't see how an electronic system
SIGNIFICANTLY improves on this time tested and simple method. Widespread
fraud is quite difficult in our system, requiring coercion of numerous
people, or of the people at the polling stations (and of course you'd have
to deal with the scrutineers from opposing parties, perhaps with a sharp
blow to the head).

I have read some proposals for electronic systems, to make them truly
anonymous, and verifiable, and tamper resistant you need an extremely
complicated amount of math and crypto, as well as technological deployment.
I just don't think it's ready yet, and I am not sure it will be for many
years.


Kurt Seifried, kurt@...fried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ