Slashdot Mirror

← Back to Stories (view on slashdot.org)

U.S. Voting Software Hashes Made Public

Posted by michael on from the hash-and-eggs dept.

fibonacci2000 writes "From the NIST website: 'This effort is a first step in being able to trace software from the vendor through the accreditation process to the states and other purchasers of voting systems. Now election authorities have a reference database to compare with the digital signatures of software provided to them by vendors.'"

4 of 16 comments (clear)

  1. Let me be the first to say by commodoresloat · · Score: 4, Funny

    And I, for one, welcome our new democratically elected overlords!

  2. Different for the sake of being different. by Stochio · · Score: 3, Interesting

    If you look through the file it has references to java files, pascal files, C++ files, and perl files. I don't get it. I understand that in this document just the hashes are listed to source code - but does this also imply that the source code is being distributed?
    On an additional note, I see references to jpg, gif,and bmp files. I must be interpreting this files incorrectly. Why else would source code of 4+ high-level languages and 3+ image formats be in the same project?

  3. This is meaningless. by schmaltz · · Score: 3, Insightful

    If I compute the hash an already vulnerable voting machine program, or its server component, what does it matter? It was ready to tamper with when it left Diebold, and with the same hash it'll still be vulnerable.

    This is a red herring. The voting software's already open to tampering, so a hash is meaningless.

    --
    Big Daddy, Johnny, Burp, Aunt Zelda, Scott, Slurp, Big Momma ... where's Siggy?
  4. a nice gesture, but only a gesture by timothy · · Score: 5, Insightful

    This does one necessary thing, which is provide a way to prove (near enough) that the software being used is the software that the voting software company provided, that no one hijacked the delivery truck carrying the voting machine and swapped in one favorable to candidate X. (Or W, or K.)

    What it specifically does *not* do is do anything to prove the actual security, accuracy of the included software when running as intended, or that it can't be used *other* than as intended, in a 99-extra-lives "cheat mode." While incrementing by one a pretty small number of piles several thousand times doesn't sound like a computationally tough job, Bev Harris and others have shown the numerous and substantial flaws that current systems have; I'm aware of only one state (Nevada) that will be requiring a paper trail for its electronic voting machines in case of a dispute over the electronic returns.

    Hashes? Great! Put them on the outside of the envelope containing every scrap of the sourcecode in machine-readable form, along with documentation that you have completed the publically available test suite, please, and take a seat in the lobby. The taxpayers will get around to you in your turn.*

    timothy

    *Oh, if it were that simple ;)

    --
    jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5