| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <s0e52be8.081@mail.smuht.nwest.nhs.uk> From: Marek.Isalski at smuht.nwest.nhs.uk (Marek Isalski) Subject: Presidential Candidates' Websites Vulnerable >>> "Kurt Seifried" <listuser@...fried.org> 02/07/2004 02:47:55 >>> > It is of interest to note we just had our federal election here in Canada a > few days ago. I went to the polls, they checked my name, gave me a paper > ballot, I took it to the booth, made my "X" (within the circle using the > pencil provided), folded the ballot as indicated and handed it to them. "Postal voting" was recently tried and tested in the local elections in various parts of the UK, and my area was one of these "privileged" areas. The rationale is that most Brits are lazy bums and can't be bothered to get off their arses, walk 100 yards to the polling station, and put the X in the box. Obviously in the run up to Euro 2004 we would be all too enthralled with watching our national heroes flexing their text-messages on Sky One... The postal voting did a lot of stuff for "anonymity", but it did not feel "anonymous" to me. If I remember correctly, it went something like this: 1) receive a load of papers through the post 2) sign that you are the person to whom the papers were addressed on form D (declaration); get someone to countersign. Form D, if I remember rightly, has your name and address written on it. 3) mark your votes on voting form V 4) put voting form V into envelope B. Envelope B has a window in it which, when V is correctly folded and placed inside, will show the barcode on form V 5) seal envelope B 6) put envelope B and form D into envelope A so that the barcode from form V shows through the window of envelope A The barcode on form V was a symbol for a 9 or 10 digit number represented in Code 39. The rationale for the barcode showing through envelope A, as explained by the information enclosed with this paperchase, was that the barcode was an authentication mechanism to prevent postal vote fraud. Presumably they would reject forms which hadn't been issued or had been received twice. So we now have: A( D, B( V ) ) Where A and B can be thought of as cryptographic transforms for those of us who like analogies. This feels "secure" -- the voting office opens A and confirms the authenticity of D. It would then, presumably, pass B(V) on to the counting machines, who would open up B and tally the V. That's how I would have liked it to work. But actually, with this barcode showing through the window to the outside, we have: A( D, B( V, id ), id ), id I have to take it on faith that the people who unwrap A (and therefore know the identity of the voter who submitted B(V)) do not collude with the people who unwrap B to find out what they voted for. To me, this is an additional vulnerability to the voting system. The other hole can occur where the people unwrapping B or counting V, who have the barcode on my voting form, collude with the people who issed D (my identification). So for an anonymous postal voting system like this, we have to assume that different and non-communicative agencies issued the D form and the V form containing the id barcode. Regards, Marek
Powered by blists - more mailing lists