Microsoft Proposes Fix For E-Voting Attack 111
Trailrunner7 writes "Microsoft Research has proposed mitigation for a known potential attack against verifiable electronic voting machines that could help prevent insiders from being able to alter votes after the fact. The countermeasure to the 'trash attack' involves adding a cryptographic hash to the receipts that voters receive (PDF). Many verifiable voting systems already include hashes on the receipts, but that hash is typically made from the ballot data for each specific voter. The idea proposed by Microsoft Research involves using a running hash that would add a hash of the previous voter's receipt to each person's receipt, ideally preventing a privileged insider from using discarded receipts to alter votes. The trash attack that the mitigation is designed to address involves election workers or others who might be motivated to change votes gathering discarded receipts and then altering those votes."
Microsoft Research (Score:4, Insightful)
Still, Microsoft is actually one of the only companies that spends billions in research and doesn't just buy start-up companies like Google does.
Re:Microsoft Research (Score:3, Insightful)
Re:Microsoft Research (Score:0, Insightful)
Hmmm. the folks that brought us NTLM and salt-less password hashes?
Unix was using salted passwords for a couple decades when M$ decided to use non-salted pwords. This is why the same password can be cracked in milliseconds when a M$ hash, and take days/months/years when hash comes form a Unix host.
And NTLM-- crazy stuff, you can use the hash instead of the original password. The HASH is EQUIVALENT to the password?!!!
M$ needs to get their heads out of their nether regions. Certainly shouldn't be trusted to come up with the tech for e-voting.
Re:Microsoft Research (Score:4, Insightful)
And yet windows XP - which is only 10 years old* and still has plenty of marketshare - still runs LM hashes by default, which are /case insensitive/ and in a max of 2 7-char chunks, making cracking trivial if you have access to the hashes.
*the OS is 10 years old. The service packs aren't. They could have fixed the flaw at any point in the past easily enough.
Re:Microsoft Research (Score:2, Insightful)
It's one of the few companies producing scientific research for the sake of research these days.
You misspelled Patents.