Re: devotee (debian vote engine): predictable RNG allows recovery of secret monikers

[Timo Juhani Lindfors <timo.lindfors@iki.fi>]

Kurt Roeckx <kurt@roeckx.be> writes:
>> -          md5_hex("$name $alias obfuscate\n"), "\n";
>> +          hmac_sha256_hex($name, "obfuscate"), "\n";
>> 
>> part probably needs some further work. Should it be
>> 
>> +          hmac_sha256_hex($name, $alias + "obfuscate"), "\n";
>
> This is for the dummy sheet.  It only contains dummy data.  I see
> no reason to use part of the real key to generate the a dummy hmac.

Then why use hmac at all in the dummy sheet? Why not just print $name
there?