Use of MD5 : MD5 is only good for corruption detection, NOT security! NSA banned it in 2001. FIPS 140-2 from 2001 says to use approved secure hashes. People have published "collisions" of any MD5, if bytestream can be stretched.
Weak crackable AES 128 bits used!!! Should be AES 256, but the code silently drops it to AES 128 in undocumented fashion.
Debugging harness code hidden in production firmware builds allows anyone with debugger harness access to RAM space. (proven).
Hard coded encryption keys hidden in source code (yes really)
Sensitive keys are stored on disk unencrypted and a external device can trivially read these critical crypto keys.
Hard coded encryption keys hidden in source code of the master vote tabulator for the precincts (yes really)
Random number and entropy routine to make live challenge-response keys lacks enough entropy and thus makes VERY CRACKABLE transmission keys.
That corrupt Democrat-loving code review company is called "Gaming Laboratories International, LLC" A casino machine review company hired to look for gambling exploits in random number generators and nothing else, it seems.
https://gaminglabs.com/ found NOTHING I mentioned in the ICP2 firmware/hardware 473,991 lines of source code. They found NO PROBLEMS of democrat inserted cryto weakneses I listed! Bwah hah hah hah hah! Neither did CodeMonkey or his pals yet.
Are we living in CLOWN WORLD, when women and diversity skin retards are hired for penetration source code analysis?
All the exploitable weaknesses above could be used to rig an election on a machine, within a machine, though on vote night EXTERNAL COUNT manipulation via Q-Snatch NAS and compromised MS Windows via Europe was more visible,
Leftist Democrat Soros shills and Tel Aviv Jews on voat will downvote this.
view the rest of the comments →
krypt ago
WRONG OP TITLE, Omits deliberate crypto weaknesses seen in actual source code, not mentioned at all in this PDF!
OMITS deliberate exploitable crypto and security weakneses , :
https://voat.co/v/QRV/4117743/
highlights from actual source code analysis :
MY REVELATIONS (not so secret)
Source code defects in "Dominion Democracy Suite Voting System" I pronounce include :
The system allows the user to select the size of RSA keys, including 1024 bit, laughable in 2020.
SHA-1 in RSA signature generation !!!! :
https://threatpost.com/exploit-fully-breaks-sha-1/151697/
SHA-1 is a Shambles:
(PDF) https://eprint.iacr.org/2020/014.pdf
Use of MD5 : MD5 is only good for corruption detection, NOT security! NSA banned it in 2001. FIPS 140-2 from 2001 says to use approved secure hashes. People have published "collisions" of any MD5, if bytestream can be stretched.
Weak crackable AES 128 bits used!!! Should be AES 256, but the code silently drops it to AES 128 in undocumented fashion.
Debugging harness code hidden in production firmware builds allows anyone with debugger harness access to RAM space. (proven).
Hard coded encryption keys hidden in source code (yes really)
Sensitive keys are stored on disk unencrypted and a external device can trivially read these critical crypto keys.
Hard coded encryption keys hidden in source code of the master vote tabulator for the precincts (yes really)
Random number and entropy routine to make live challenge-response keys lacks enough entropy and thus makes VERY CRACKABLE transmission keys.
Note that the diversity hire chin-tapping retard code reviewers hired by State of California to find those exploits found NONE and put NONE in their August 2019 security overview report shown here : (PDF) https://votingsystems.cdn.sos.ca.gov/vendors/dominion/dvs510software-report.pdf
That corrupt Democrat-loving code review company is called "Gaming Laboratories International, LLC" A casino machine review company hired to look for gambling exploits in random number generators and nothing else, it seems.
https://gaminglabs.com/ found NOTHING I mentioned in the ICP2 firmware/hardware 473,991 lines of source code. They found NO PROBLEMS of democrat inserted cryto weakneses I listed! Bwah hah hah hah hah! Neither did CodeMonkey or his pals yet.
Are we living in CLOWN WORLD, when women and diversity skin retards are hired for penetration source code analysis?
All the exploitable weaknesses above could be used to rig an election on a machine, within a machine, though on vote night EXTERNAL COUNT manipulation via Q-Snatch NAS and compromised MS Windows via Europe was more visible,
Leftist Democrat Soros shills and Tel Aviv Jews on voat will downvote this.
JEW SHILLs DOWNVOTE my priceless truths!
lanre ago
Do you understand English? Do you understand what "just about everything" means?