On 11/14/2016 22:19, Alan Corey wrote:
OK, it's relevant to OpenBSD because I wouldn't consider anything else
safe enough to run on the servers. Not that I'm in a position to do
any of it. The servers could even be run from custom official live
CDs so they were harder to tamper with, with maybe a RAM drive for
speed.
There seems to be a conflict between having anonymous votes and having
something similar to paper ballots that can be recounted. So let
authentication, identification, etc. be handled by one machine and
stored in one database then the transaction is handed over to another
machine which stores the votes. That could be something simple like a
tab-delimited file which could be counted by hand, one line per voter.
The file could be only writeable by the owner. The same person can't
vote twice because the first machine wouldn't allow them in a second
time.
How do you know if the voter is under duress or being watched?
Paper can last two thousand years. It's pretty easy to make
paper that can't be duplicated in any useful quantity.
Functionally indelible ink, too.
Using machines to assist voting is a good thing.
Physical objects are much more convincing and easier to secure.
Oh yes -- the magic ghost Intel has put in every processor
for years. With a secret key -- security by obscurity.
Disk drives can be secretly reprogrammed. Network interfaces
have microcode, too. The memory system is also vulnerable
to secret tampering. All of these are back doors which are
or could be in place.
Securing the system is far harder than securing a program
or group of programs.
Geoff Steckel
