John Peter Loh wrote: > How about encrypting the SMS message too? Encryption is not as important as authentication. Since the tallies are supposed to be public knowledge anyway, it doesn't matter if the message gets intercepted and read. No one will be able to cheat simply by reading the messages containing the tallies. What will kill the system is if someone can insert false messages that are interpreted by the system as valid, or if someone is able to modify messages before they are received by the system and have the modified messages accepted as valid. Encryption for this application is a waste of time and effort, but authentication is absolutely crucial.
-- We must remember that we have more power than our enemies to worsen our fate. http://stormwyrm.blogspot.com/ _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
