Software Engineers and Hackers..take a look!

www.walkingwithfisher.com...


Is this guy full of ____ or not? I don't know enough about programming to render an opinion.

What do you think?

This is the homepage.
www.walkingwithfisher.com...

I didn't see this topic posted already...delete it if it is.


There is no friend anywhere - Lao Tse

I have used a little encryption in some programming. I'm by no means an expert but in order to encrypt data that can be later decrypted you need to have a key. That key will be in the source somewhere or there will be a reference to the key on a drive on the computer. In either case it wouldn't be hard to get the key. If a person has the source code they should be able to decrypt the data. And if you have access to the source code and the data you probably have access to the key too and a way to decrypt it. Encryption is great if you are storing data on a cd and sending it to someone so in case the cd gets lost and it falls into the wrong hands the person can't decrypt it. To me encryption isn't a big concern here as much as a program that stores votes without a secure audit trail. The counting of the votes is the biggest concern. Not encryption.

Looks like a constant declaration in C++. They would have to encode the key or else they would not be able to decrypt files. There are other ways, like reading the key from a file off of a secured server at the elections office. This is just like the very common practice of encoding passwords in software for database access. That is very common.

Something to ask is how old the source code is that this team reviewed. That could be an old release that was changed once word got out that the source code was available on their FTP site awhile ago. At least, I would hope they changed that single line...

[EDIT]: Doh! Sorry Indy, I just repeated virtually your entire post. Sorry, didn't read your post first.

[edit on 12/11/2004 by titian]