

Ask HN: I'm thinking about building an open source voting system - swalsh

Hoping people can tear this apart... The general process is as follows:<p>Before voting day:<p>* The user registers to vote following existing processes.<p>On Voting day:<p>* The user logs into the system, and requests a key.  A hash is generated which is good for 60 minutes.<p>* After the key has been delivered the account is marked as unavailable.<p>* There is no association in any form between in the database between the account and the key.<p>* The user votes. using the key to complete the process.<p>Available immediately, and held for as long as the system lives<p>* A public facing page that let&#x27;s anyone query the raw voting data including, deidentified data detailing how many people requested keys.  Which keys voted, and for who.<p>This is my first stab, and i&#x27;m sure a bunch of people have thought about this.  What might I be missing?
======
damurdock
What happens if, say, a user loses their key? Or the delivery mechanism fails
after the account is made unavailable?

~~~
swalsh
What if we generate a base key, then the user supplies a pass phrase. The pass
phrase generates their hash against the base which is used as the key in the
db to associate with the vote. That hash, is hashed again by the pass-phrase,
and associated with the user. So what we save associated with the user, is the
base, and the verification hashes. And so long as the user supplies the same
pass phrase, they can retrieve it again?

------
informatimago
This is useless. Electronic vote systems are put in place so they can easily
cheat. An open source one would prevent it, so it will never be used.

