[E-voting] more response to comments about tampering with optically scanned images

Catherine Ansbro cansbro at eircom.net
Mon Sep 12 22:52:46 IST 2005

[Marian Beddell said:]
RE: It is true that files may have "signatures" or tags like the older 
CRC number either internally or externally to the image file.

[John Washburn responded:]
A CRC is not a "signature" in the coumputer security sense of the word. 
MD5 and SHA-1 <http://www.secure-hash-algorithm-md5-sha-1.co.uk/> are 
true "digital signatures". MD5 has flaws 
<http://www.schneier.com/blog/archives/2005/06/more_md5_collis.html> as 
does SHA-1 <http://en.wikipedia.org/wiki/SHA-1#A_description_of_SHA-1>, 
but either are still much better than a CRC32 value.

When you make your FOIA (or Open Records) requests for ballot images, 
you should immediately generate both an MD5 and SHA1 fingerprints for 
the image data given to you. For added work and extra security generate 
each of the 4, SHA-2 fingerprints for the image data as well. Capturing 
the file size in bytes and the CRC32 can only help.

Record these 8 numbers and give the clerk a "receipt" CD-ROM of all 8 
numbers, the hash calculating program you used and a copy of the data 
the clerk just gave *you*. The design of different document which 
collides on all 8 hashes but has the same file size and CRC32 checksum 
is vanisingly small.

Thus, at a future time when the clerk accuses you of "tampering" with 
the image file you can prove the file you are using is a faithful copy 
of the original. The receipt given back to the clerk is a 
contemporaneous record. As such it would have great weight in supporting 
your claim of authenticity and data integrity. And the best part is the 
CD you gave the clerk as a "Receipt" is a public record you can request 
at a later time.

Perhaps Hari can incorporate this overly-secure fingerprinting mechanism 
into his "product" or as a separate utility. Given the name of a file of 
ballot images, copy the ballot images, a text files of fingerprints, and 
the hash calculator into a ZIP file archive. Burn the Zip File to a 
CD-ROM or DVD-ROM and "viola" instant "receipt"
In Liberty,
John Washburn

More information about the E-voting mailing list