Timo Juhani Lindfors <timo.lindf...@iki.fi> writes: > votes in the final tally. If I knew the hashes sufficiently many (maybe > 20?) voters I probably could predict the initial state of the RNG and > reverse this randomization step completely.
It seems that if you know the md5 hashes of only four people you can already find a unique solution for the RNG seed and reverse the randomization done for order of lines in tally.txt: paste <(grep ^V tally.txt) <(perl -e'srand($SEED);@a=grep(/^ /,<>);while(@a){print(splice(@a,int(rand(scalar(@a))),1));}' voters.txt) I'm not making $SEED public, I just want to point out a weakness in the system. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/84ipgmg30b....@sauna.l.org