Bill Bored
(1000+ posts)
Send PM |
Profile |
Ignore
|
Thu Mar-17-05 10:10 PM
Response to Reply #25 |
|
Gary, you ask:
"if a company makes its code available to the public, how can you know that the EXE file on the voting machine is actually compiled from the same code you are inspecting?"
This is what digital signatures are for -- the same way you know that when you send someone your credit card info on the web, it's not going to someone else you didn't intend for it to go to. Instead of the identity of just a vendor, you authenticate the exe file itself and its author. ANY change to this file, or folder, or folders, will result in a different digital signature, which when compared to the one that came with the original code, will be detected. If there is a discrepancy, the code has been altered. If not, it's the same.
This does not address the issue of the election being transparent to the average voter however. Only computer security geeks and those who have dabbled in that field (as I have from time to time) will really understand what's going on. But in fact, the code can be proven to be the same code that was originally expertly inspected.
My point in this thread is different however: I'm talking about the human factors involved in using the program. If they are not designed with security in mind, they will be exploited no matter how well you authenticate the code.
|