oss-sec mailing list archives
CVE id request: devotee (debian vote engine) cryptographically weak random numbers permit discovery of secret ballot submissions
From: Michael Gilbert <mgilbert () debian org>
Date: Fri, 18 May 2012 17:48:22 -0400
Hi, It has been disclosed [0] that the debian vote engine (devotee) [1] uses cryptographically weak pseudo-random numbers (intended to be 48-bit, but really only 32-bit due to the use of a 32-bit seed feeding the 48-bit number generator) to generate ballot secret monikers. This allows unprivileged persons to brute force the contents of presumably secret election ballots, and makes it possible to calculate the contents of secret voter ballots in all past debian elections. Ideally, devotee should use a random secret moniker with fully 64 (or preferably 128) bits that would require years rather than minutes or days to brute force [2]. The source also uses /dev/urandom, which has less entropy than /dev/random. Please assign an id for this issue. Thanks, Mike [0] https://lists.debian.org/debian-devel/2012/04/msg00528.html [1] http://anonscm.debian.org/gitweb/?p=users/srivasta/debian/devotee.git [2] http://www.codinghorror.com/blog/2006/07/brute-force-key-attacks-are-for-dummies.html
Current thread:
- CVE id request: devotee (debian vote engine) cryptographically weak random numbers permit discovery of secret ballot submissions Michael Gilbert (May 18)
- Re: CVE id request: devotee (debian vote engine) cryptographically weak random numbers permit discovery of secret ballot submissions Kurt Seifried (May 18)