Timo Juhani Lindfors <timo.lindf...@iki.fi> writes:
> votes in the final tally. If I knew the hashes sufficiently many (maybe
> 20?) voters I probably could predict the initial state of the RNG and
> reverse this randomization step completely.
It seems that if you know the md5 hashes of only four people you can
already find a unique solution for the RNG seed and reverse the
randomization done for order of lines in tally.txt:
paste <(grep ^V tally.txt) <(perl -e'srand($SEED);@a=grep(/^
/,<>);while(@a){print(splice(@a,int(rand(scalar(@a))),1));}' voters.txt)
I'm not making $SEED public, I just want to point out a weakness in the
system.
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/84ipgmg30b....@sauna.l.org
