[E-voting] encryption compromised by hardware

A.J.Delaney at brighton.ac.uk A.J.Delaney at brighton.ac.uk
Mon Nov 20 08:58:28 GMT 2006


Catherine,
On Sun, 2006-11-19 at 20:28 +0000, Catherine Ansbro wrote:
> http://www.bbvforums.org/cgi-bin/forums/board-profile.cgi?action=rate&topic=72&page=45002&post=31386
> 
> Looks like encryption is being compromised due to hardware.
I've read the article but not the paper that makes these claims (it's
not available toll 2007).  What seems to be suggested is that if you
have access to the machine and run a piece of software on it, you can
easily snag the encryption key.

I'm not an expert in cryptography, but from what I understand if an
attacker has physical control over a machine all bets are off.  There
is, effectively, no way to reliably encrypt data on a machine that an
attacker can run a priviledged application on.  This is the reason that
"the industry" have been trying to introduce the "trusted computing"
platform....but that's a whole other story.

It looks like Irish politicians have no interest in understanding the
concepts behind the anonymous ballot, DRE or computer security.  Beating
them over the head with minutae such as "all encryption can be broken"
is sort of like shouting at the tide to go out.

Unfortunatly, I think the only way we're going to see a reliable voting
system in Ireland (except for the current uber-reliable Australian
ballot pen-and-paper type) will be if Bertie looses his seat to Dustin
the Turkey.
-- 
Aidan Delaney
Lecturer,
School of Computing, Mathematics and Information Sciences,
University of Brighton.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.stdlib.net./pipermail/e-voting/attachments/20061120/d8ab7d69/attachment.pgp


More information about the E-voting mailing list