Ask HN: I'm thinking about building an open source voting system

2 points by swalsh ↗ HN
Hoping people can tear this apart... The general process is as follows:

Before voting day:

* The user registers to vote following existing processes.

On Voting day:

* The user logs into the system, and requests a key. A hash is generated which is good for 60 minutes.

* After the key has been delivered the account is marked as unavailable.

* There is no association in any form between in the database between the account and the key.

* The user votes. using the key to complete the process.

Available immediately, and held for as long as the system lives

* A public facing page that let's anyone query the raw voting data including, deidentified data detailing how many people requested keys. Which keys voted, and for who.

This is my first stab, and i'm sure a bunch of people have thought about this. What might I be missing?

3 comments

[ 3.4 ms ] story [ 18.0 ms ] thread
What happens if, say, a user loses their key? Or the delivery mechanism fails after the account is made unavailable?
What if we generate a base key, then the user supplies a pass phrase. The pass phrase generates their hash against the base which is used as the key in the db to associate with the vote. That hash, is hashed again by the pass-phrase, and associated with the user. So what we save associated with the user, is the base, and the verification hashes. And so long as the user supplies the same pass phrase, they can retrieve it again?
This is useless. Electronic vote systems are put in place so they can easily cheat. An open source one would prevent it, so it will never be used.