[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: devotee (debian vote engine): predictable RNG allows recovery of secret monikers

Timo Juhani Lindfors <timo.lindfors@iki.fi> writes:
> votes in the final tally. If I knew the hashes sufficiently many (maybe
> 20?) voters I probably could predict the initial state of the RNG and
> reverse this randomization step completely.

It seems that if you know the md5 hashes of only four people you can
already find a unique solution for the RNG seed and reverse the
randomization done for order of lines in tally.txt:

paste <(grep ^V tally.txt) <(perl -e'srand($SEED);@a=grep(/^ /,<>);while(@a){print(splice(@a,int(rand(scalar(@a))),1));}' voters.txt)

I'm not making $SEED public, I just want to point out a weakness in the

Reply to: