Re: devotee (debian vote engine): predictable RNG allows recovery of secret monikers
Kurt Roeckx <kurt@roeckx.be> writes:
>> - md5_hex("$name $alias obfuscate\n"), "\n";
>> + hmac_sha256_hex($name, "obfuscate"), "\n";
>>
>> part probably needs some further work. Should it be
>>
>> + hmac_sha256_hex($name, $alias + "obfuscate"), "\n";
>
> This is for the dummy sheet. It only contains dummy data. I see
> no reason to use part of the real key to generate the a dummy hmac.
Then why use hmac at all in the dummy sheet? Why not just print $name
there?
Reply to: