Re: devotee (debian vote engine): predictable RNG allows recovery of secret monikers
Timo Juhani Lindfors <timo.lindfors@iki.fi> writes:
> votes in the final tally. If I knew the hashes sufficiently many (maybe
> 20?) voters I probably could predict the initial state of the RNG and
> reverse this randomization step completely.
It seems that if you know the md5 hashes of only four people you can
already find a unique solution for the RNG seed and reverse the
randomization done for order of lines in tally.txt:
paste <(grep ^V tally.txt) <(perl -e'srand($SEED);@a=grep(/^ /,<>);while(@a){print(splice(@a,int(rand(scalar(@a))),1));}' voters.txt)
I'm not making $SEED public, I just want to point out a weakness in the
system.
Reply to: