Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Proposes Fix For E-Voting Attack

Posted by Soulskill on from the taking-out-the-trash dept.

Trailrunner7 writes "Microsoft Research has proposed mitigation for a known potential attack against verifiable electronic voting machines that could help prevent insiders from being able to alter votes after the fact. The countermeasure to the 'trash attack' involves adding a cryptographic hash to the receipts that voters receive (PDF). Many verifiable voting systems already include hashes on the receipts, but that hash is typically made from the ballot data for each specific voter. The idea proposed by Microsoft Research involves using a running hash that would add a hash of the previous voter's receipt to each person's receipt, ideally preventing a privileged insider from using discarded receipts to alter votes. The trash attack that the mitigation is designed to address involves election workers or others who might be motivated to change votes gathering discarded receipts and then altering those votes."

5 of 111 comments (clear)

  1. Microsoft Research by SharkLaser · · Score: 4, Insightful

    They actually do a lot of great stuff there, which is not too surprising as they have many intelligent people working in Research. Just wish much more of their stuff would see daylight.

    Still, Microsoft is actually one of the only companies that spends billions in research and doesn't just buy start-up companies like Google does.

    1. Re:Microsoft Research by gcnaddict · · Score: 2, Insightful

      It's one of the few companies producing scientific research for the sake of research these days. This is a function which used to be governed best by Bell Labs, but now it's MSR that seems to put out the most content out of all research institutions which happen to be wholly-owned subsidiaries of for-profit corporations.

      --
      Viable Slashdot alternatives: https://pipedot.org/ and http://soylentnews.org/
    2. Re:Microsoft Research by Anonymous Coward · · Score: 0, Insightful

      Hmmm. the folks that brought us NTLM and salt-less password hashes?

      Unix was using salted passwords for a couple decades when M$ decided to use non-salted pwords. This is why the same password can be cracked in milliseconds when a M$ hash, and take days/months/years when hash comes form a Unix host.

      And NTLM-- crazy stuff, you can use the hash instead of the original password. The HASH is EQUIVALENT to the password?!!!

      M$ needs to get their heads out of their nether regions. Certainly shouldn't be trusted to come up with the tech for e-voting.

    3. Re:Microsoft Research by RobbieThe1st · · Score: 3, Insightful

      And yet windows XP - which is only 10 years old* and still has plenty of marketshare - still runs LM hashes by default, which are /case insensitive/ and in a max of 2 7-char chunks, making cracking trivial if you have access to the hashes.

      *the OS is 10 years old. The service packs aren't. They could have fixed the flaw at any point in the past easily enough.

    4. Re:Microsoft Research by citizenr · · Score: 1, Insightful

      It's one of the few companies producing scientific research for the sake of research these days.

      You misspelled Patents.

      --
      Who logs in to gdm? Not I, said the duck.