[ale] OT: secure PHP questions

Joe jknapka at earthlink.net
Tue Feb 4 10:39:06 EST 2003


"J.M. Taylor" <jtaylor at onlinea.com> writes:

> Greetings Ale,
> 
> Can anyone point me to some resources for the theory behind using tokens
> for anonymous online voting (how the tokens are generated so that they're
> not tied to an individual, how they're used, how to avoid spoofing, etc)?

You just need a cryptographically strong random number. Which means
that the random number generator in the C standard library is probably
not going to cut it. You need something like /dev/urandom, or the
Entropy Gathering Daemon (cf Google). (It's not the number of bits
we're concerned with, but rather the predictablility of the output. It
does no good to generate 4096-bit keys if someone can guess them by
knowing (or guessing at) details of your random number generator
implementation.)

These tokens are typically used to sign and/or encrypt votes and
related data. A typical secure vote protocol involves at least
some of the following steps:

- A secure exchange between the voter and the voting facility
to establish the voter's identity and provide the voter with
a random voter ID. This ought to be done on a per-vote basis.

- A secure exchange between the voter and the voting facility
to convey the voter's vote. This can be handled in a manner
that prevents the voting facility from discovering how the
voter voted, while still permitting the vote to be tabulated.
Personally, I find that amazing :-)

- A secure exchange between the voter and the voting
facility to establish that the voter's vote was properly
tabulated.

- A secure exchange between the voting facility and any
interested party to establish that the tabulated votes
correspond to the list of registered voters (this prevents
virtual ballot stuffing).

See Bruce Schneier's "Applied Cryptography" for more info. He
describes some good secure voting protocols, in the abstract.

> Also I'm working on a very secure authentication mechanism, written in
> PHP, and I would dearly love to discuss whether I'm simply deluding myself
> that it's secure or if it really is secure with anyone versed in browser
> security (PHP knowledge is not necessary, I think the theory will hold
> regardless of the language used).  Will be happy to share source
> code...once the security of it has been established and some of the uglier
> code ironed out I'm going to make it available anyway.

Can't comment knowledgeably on this, but I'm interested in this topic,
so I'd appreciate a CC of related (off-list) traffic if you're
amenable to that.

Cheers,

-- Joe Knapka
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale






More information about the Ale mailing list