security - Untraceable voting for registered users -


i want make untraceable voting system allow registered users vote on sensitive issue in way, make impossible track votes users in case of database compromise (including being "compromised" overly curious db admin).

detailed setup:

  1. every user registered, there's no anonymous voting.
  2. sockpuppets, fake accounts, , out-of-scope of question - responsibility of registration system.
  3. every registred user can cast 1 vote (which may anything: simple yes/no or weight or whatever).
  4. user must able change/delete vote until voting closed.
  5. it not necessary let user view own vote, though can done in same way deleting/changing done.
  6. even if have access user auth database , voting database, must not able track each vote user (in sense must not easier bruteforce or otherwise hack entire user account's access).
  7. all parts of system except communications open, there can't hidden keys. mitm attack out-of-scope of question, attacker have full access sources, auth , voting database.
  8. users lazy. not want other voting-specific key or password. system must not require user provide or keep locally except usual login/password/key whatever use login.
  9. tampering of votes , security issues except program<->db communication , untraceability wider issue , out-of-scope of question too.

i have solutions in mind post own answer after grace period.

assuming db admin has no access application code have voting system, , assuming db admin viewing votes not issue (just linking vote person)

in table store user votes, create column contain salted hash of info user cast vote (name, username, e-mail, b-day, combination of those). important thing, db admin should not know how user unique value stored in db, first generated , encrypted.

just assume user token came (name, email) password, , want store in db without people knowing actual password is. more info can found here best way store password in database

so per user hashing/salting algorithm, each time user wants cast/edit or delete vote, can first generate hash, try find record hash value in voting table, , act on accordingly. ( insert if doesn't exist, update if does, , delete if user wanted that)

once voting process closed, can discard hashed values answers voting process, there no way ever link votes users


Comments

Post a Comment

Popular posts from this blog

java - Play! framework 2.0: How to display multiple image? -

i need display gallery of photos. here template: @(photos: list[photo]) @title = { <bold>gallery</bold> } @main(title,"photo"){ <ul class="thumbnails"> @for(photo <- photos) { <li class="span3"> <a href="#" class="thumbnail"> <img src="@photo.path" alt=""> </a> </li> } </ul> } and here controller method: public static result getphotos() { return ok(views.html.photo.gallery.render(photo.get())); } and here photo bean : @entity public class photo extends model { @id public long id; @required public string label; public string path; public photo(string path, string label) { this.path = path; this.label = label; } private static finder<long, photo> find = new finder<long, photo>( long.class, photo.class); public static list<phot...
Read more

gmail - Is there any documentation for read-only access to the Google Contacts API? -

i want read-only access user's google contacts. there stackoverflow member wanted this, , received following answer : yes, there is, use https://www.googleapis.com/auth/contacts.readonly scope , "view contacts". this exchange reference read-only access google contacts can find using google. simply using access token obtained attempt read usual google contacts api (i.e. https://www.google.com/m8/feeds ) fails insufficient permissions. similarly, using google contacts api on new target fails 404 errors (for example https://www.googleapis.com/auth/contacts.readonly/default/full ). is there documentation anywhere on how use api, or permissible way access google contacts api full read-write access?
Read more

php - Controller/JToolBar not working in Joomla 2.5 -

relevant code: jtoolbarhelper::custom('savecategories', 'save', '', 'save', false, false); ... <input type="hidden" name="controller" value="easyblogcontroller"> according can dig docs , own previous questions, should call savecategories() function in easyblogcontroller . i've tried setting value easyblog , easyblog.php (file name) current easyblogcontroller (class name). clicking on save button refreshes page. not redirect, echo or var_dump test code put in savecategories() function. var_dump ing jrequest::getvar('controller') , 'task' return correct values. creating controller object , using $controller->execute('task'); works. the values going depend on location of controller trying call, , have couple options here. typically there controller in base folder of component (likely components/com_easyblog) in file called controller.php , class name inside ...
Read more