In the case of election systems, authentication is an issue due to the requirement that ballots are secret. I'm not an expert on SQRL but it seems to require a webserver that you are authenticating to. This would seem to break the secrecy requirement.
-
-
Replying to @lchasen @Steve_Lockstep and
SQRL is only an authentication protocol. No more and no less. For election security we need a host of things and authentication is part of that. SQRL isn't really for elections but it could be used. What it really shows off is the power of encryption when done right.
1 reply 0 retweets 0 likes -
Replying to @danielbsmith @lchasen and
There are people working on a proper, modern, fully secure election system that uses the best that cryptography has to offer. It wouldn't surprise me if SQRL is incorporated into that since it's open source.
1 reply 0 retweets 0 likes -
Replying to @danielbsmith @lchasen and
I'm always skeptical of claims that cryptography can "fully secure" elections, and I advice extreme caution. See the National Academies "Securing the Vote" study for a good discussions of the difficulties here.
3 replies 5 retweets 18 likes -
Replying to @mattblaze @lchasen and
1\ I'm skeptical too but the math checks out. It's always possible that some future hack will be found that will break or weaken an existing cryptographic feature or safeguard. However, it is possible to mitigate the known weaknesses. With that in mind, it is possible.
1 reply 0 retweets 0 likes -
Replying to @danielbsmith @mattblaze and
2\ The SQRL protocol is open source. Feel free to read up on it. I think Steve has solved authentication. The signal protocol for text messaging is likewise cryptographically secure. The signal people also solved the problem of keeping contacts on servers w/o breaking privacy.
2 replies 0 retweets 0 likes -
Replying to @danielbsmith @lchasen and
There's a lot more to election security than cryptographic protocols. At least that's what my cryptographer friends tell me.
2 replies 2 retweets 12 likes -
Replying to @mattblaze @lchasen and
True. I guess I'm focused on the scenario of fully online, fully secure electronic voting. But if we can solve that then all the other variants of electronic voting will also be solved.
3 replies 0 retweets 0 likes -
Replying to @danielbsmith @lchasen and
We don't know how to reliably secure general purpose computers connected to the Internet (like phones and desktop computers). Lots of people have been working on that problem for a long time. It is incredibly unwise to just assume that we're about to solve it.
3 replies 6 retweets 28 likes -
Replying to @mattblaze @lchasen and
1\ That is not the problem I'm talking about. But making connections secure is possible. Storing encrypted data is possible. Those pieces exist and can be in place in an app running on a compromised system. That you're suggesting this tells me you haven't read up on SQRL.
4 replies 0 retweets 0 likes
No one has demonstrated the capacity to reliably secure large collections of online data over time. That is an empirical fact.
-
-
Replying to @Pinboard @mattblaze and
Not exactly what you're saying but the SQRL protocol actually gives websites no secrets to keep private. So hacking them becomes useless. I'll also offer LastPass up for your scrutiny. They only keep a blob of data for me that is encrypted with my password. So even if stolen...
1 reply 0 retweets 0 likes -
Replying to @danielbsmith @Pinboard and
2\ There are also services like Firefox Send at https://send.firefox.com/ though admittedly they store data for users only temporarily. These things suggest to me your premise is invalid.
0 replies 0 retweets 0 likes
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.