lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200409282046.37002.dhudes@hudes.org>
Date: Tue, 28 Sep 2004 20:46:36 -0400
From: Dana Hudes <dhudes@...es.org>
To: "Enrique A. Chaparro" <echaparro@...sinectis.com.ar>
Cc: bugtraq@...urityfocus.com
Subject: Re: Diebold Global Election Management System (GEMS) Backdoor Account    Allows Authenticated Users to Modify Votes


On Monday 27 September 2004 21:33, Enrique A. Chaparro wrote:
> On Fri, 24 Sep 2004 10:01:59 -0400
>
> Second objection is:
> Even if you were able to overcome the first objection (wich, in case
> "b" above, will solve the issue for simpler methods), a secure system
>  requires _huge_ amounts of computing power (if you're thinking of large
> scale elections, i.e. elections involving millions of voters)
>
> Regards,
>
> Enrique

There is no need, and I believe it undesirable , to have every individual vote 
tallied at a central site (a mirror , disaster-recovery, site is not solving 
the problem in question).  A hierarchical system is appropriate.
furthermore while exit polls influence the election and so on we also do not
want local partial results disclosed. It may be desirable for updates on a 
periodic basis to be forwarded as a 'sign of life'. The problem is that if 
these intermediate results exist news agencies will want to publicize them
and that would influence the election in-progress. Already we have seen
partial dsenfranchisement and lower voter turnout in Alaska and esp.
Hawaii since the polls are open there after the polls in Eastern US close.

On a technical level each voting machine should tally its results. The next 
level up is the Election District. Results of each voting machine are 
summarized by the ED node and reported up to the location master node for the 
polling place (again I leave out redundancy; we assume measures are taken for 
reliability). The results of each polling place are grouped by county.
It is not clear to me that any state-level elected office has a district
spanning multiple counties. Similarly I do not believe that any congressional
seat spans state borders. Therefore it should suffice to tabulate state-wide
and federal elections on a county-by-county basis for each state at a 
state-wide master node.

In short, as has been pointed out a tree approach makes the problem of vote 
counting quite tractable.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ