[LINK] Brazillians have been doing electronic voting for years

[Craig Sanders]

On Sat, Nov 18, 2006 at 09:21:39AM +1100, Kim Holburn wrote:
> >"We make every line of code available to all political parties for  
> >auditing," he says. "In the last week, the program is finalised in  
> >front of them and digital signatures issued for each box's memory  
> >card. On start-up the box will automatically freeze if the digital  
> >signature and hash records don't match."

the same was said of the xbox and the ps2 as well.

and copy-protection schemes have been a dismal failure ever since they
were first invented.

you can not guarantee that when the machine says "digital signature
verified" that it is actually verifying the signature, rather than just
printing the all-is-well message....which is a very common technique for
breaking copyright protection, replace the protection routine with one
that just returns "everything is OK".

the best that can be said here is that the machine can only run software
written by someone who has access to the digital signature key (whether
legitimately or not), or by someone capable of cracking the protection
scheme (a fairly common skill, there are thousands of cracker groups
around the world who break copyright protection - very quickly and with
few resources).

which limits the avenues of attack to "just" an inside-job or an
outside-job. marvellous.




it's just smoke and mirrors - technobabble to provide the illusion of
security for people impressed by concepts they don't understand.

craig

-- 
craig sanders <cas at taz.net.au>           (part time cyborg)