Re: devotee (debian vote engine): predictable RNG allows recovery of secret monikers

To: debian-devel@lists.debian.org
Subject: Re: devotee (debian vote engine): predictable RNG allows recovery of secret monikers
From: Timo Juhani Lindfors <timo.lindfors@iki.fi>
Date: Thu, 26 Apr 2012 14:13:08 +0300
Message-id: <[🔎] 84ipgmg30b.fsf@sauna.l.org>
In-reply-to: <[🔎] 84y5plf3yd.fsf@sauna.l.org> (Timo Juhani Lindfors's message of "Tue, 24 Apr 2012 20:13:30 +0300")
References: <[🔎] 84ehrdh2rg.fsf@sauna.l.org> <[🔎] 20120424111600.GA7690@jwilk.net> <[🔎] 84y5plf3yd.fsf@sauna.l.org>

Timo Juhani Lindfors <timo.lindfors@iki.fi> writes:
> votes in the final tally. If I knew the hashes sufficiently many (maybe
> 20?) voters I probably could predict the initial state of the RNG and
> reverse this randomization step completely.

It seems that if you know the md5 hashes of only four people you can
already find a unique solution for the RNG seed and reverse the
randomization done for order of lines in tally.txt:

paste <(grep ^V tally.txt) <(perl -e'srand($SEED);@a=grep(/^ /,<>);while(@a){print(splice(@a,int(rand(scalar(@a))),1));}' voters.txt)

I'm not making $SEED public, I just want to point out a weakness in the
system.

Reply to:

References:
- devotee (debian vote engine): predictable RNG allows recovery of secret monikers
  - From: Timo Juhani Lindfors <timo.lindfors@iki.fi>
- Re: devotee (debian vote engine): predictable RNG allows recovery of secret monikers
  - From: Jakub Wilk <jwilk@debian.org>
- Re: devotee (debian vote engine): predictable RNG allows recovery of secret monikers
  - From: Timo Juhani Lindfors <timo.lindfors@iki.fi>

Prev by Date: Bug#670508: ITP: python-django-pipeline -- Asset packaging library for Django
Next by Date: Re: RFC: OpenRC as Init System for Debian
Previous by thread: Re: devotee (debian vote engine): predictable RNG allows recovery of secret monikers
Next by thread: Re: devotee (debian vote engine): predictable RNG allows recovery of secret monikers
Index(es):
- Date
- Thread