Jakub Wilk <jw...@debian.org> writes: > Note that 8 random alphanumeric characters can have at most ~47.6 bits > of entropy. So just improving RNG wouldn't help here.
True. We need to both fix the RNG and use a longer moniker. Also, I just noticed that rand() is also used to randomize the order of votes in the final tally. If I knew the hashes sufficiently many (maybe 20?) voters I probably could predict the initial state of the RNG and reverse this randomization step completely. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/84y5plf3yd....@sauna.l.org
