US boosts e-voting software security
13:24 28 October 04
NewScientist.com news service
A US federal body has come up with a new plan to help secure electronic voting, employing a mathematical technique used mainly by cryptographers.
The US Election Assistance Commission (EAC) based in Washington DC, announced on Tuesday that it had persuaded the five largest electronic voting machine vendors to submit certified versions of their software to the National Software Reference Library (NSRL).
“Their acceptance of our request begins the process that assures the country that we will have a higher level of security and therefore confidence in e-voting than we have ever had before,” said DeForest Soaries, EAC chairman.
At the NSRL, each program file submitted was converted via a mathematical function known as SHA-1 into a fixed-length string of digits, called a “hash”. The hash is like a fingerprint for that piece of software - if the software changes, the hash changes.
Smoke and mirrors
Hashing is a cryptographic technique for representing large files with a small amount of data that is entirely dependent on the content of the files. But the EAC says that hashing is useful for e-voting software because even minor tampering or hacking of the code can be easily spotted by hashing the software and comparing the result with the certified version in the library. All the hashes of the e-voting software are available online....cont'd
http://www.newscientist.com/news/news.jsp?id=ns99996593