Re: devotee (debian vote engine): predictable RNG allows recovery of secret monikers
Kurt Roeckx <kurt@roeckx.be> writes:
> I just pushed a change for this issue to my git repo at:
> http://anonscm.debian.org/gitweb/?p=users/kroeckx/devotee.git;a=summary
>
> I would be grateful if people can review that.
commit e7f81870d1f8b18e5dcc855e9a001fab95112c0f (Fix generation of
secret key for secret votes) looks otherwise ok but the
- md5_hex("$name $alias obfuscate\n"), "\n";
+ hmac_sha256_hex($name, "obfuscate"), "\n";
part probably needs some further work. Should it be
+ hmac_sha256_hex($name, $alias + "obfuscate"), "\n";
?
Reply to: