Usually large cash bribes given to corruptible engineer employees to add or remove lines of code in security routines to introduce weaknesses in internationally used firmware, similar to NSA bribes to engineers. A missing line of logic in code is devious and how SSL was weakened in Apple SSL once.
DOMINION!
Similar to Dominion voting machines exploitable weaknesses!
DOIMINION 473,991 lines of source code of ICP2 firmware has WEAKNESSES
Use of MD5 : MD5 is only good for corruption detection, NOT security! NSA banned it in 2001. FIPS 140-2 from 2001 says to use approved secure hashes. People have published "collisions" of any MD5, if bytestream can be stretched.
Weak crackable AES 128 bits used!!! Should be AES 256, but the code silently drops it to AES 128 in undocumented fashion.
Debugging harness code hidden in production firmware builds allows anyone with debugger harness access to RAM space. (proven). Debugger harness can be attached to innocent looking Android Cell Phone and a Arduino dongle, by a voter!.
Hard coded encryption keys hidden in source code (yes really)
Sensitive keys are stored on disk unencrypted and a external device can trivially read these critical crypto keys.
Hard coded encryption keys hidden in source code of the master vote tabulator for the precincts (yes really)
Random number and entropy routine to make live challenge-response keys lacks enough entropy and thus makes VERY CRACKABLE transmission keys.
Usually large cash bribes given to corruptible engineer employees to add or remove lines of code in security routines to introduce weaknesses in internationally used firmware, similar to NSA bribes to engineers. A missing line of logic in code is devious and how SSL was weakened in Apple SSL once.
DOMINION!
Similar to Dominion voting machines exploitable weaknesses!
DOIMINION 473,991 lines of source code of ICP2 firmware has WEAKNESSES
https://searchvoat.co/v/QRV/4117743
https://searchvoat.co/v/theawakening/4122777/26452660
https://searchvoat.co/v/news/4125573/26586156
snippets :
= = - -
summary of weaknesses placed into Dominion to leverage :
Source code defects found by hackers in "Dominion Democracy Suite Voting System" firmware source :
The system allows the user to select the size of RSA keys, including 1024 bit, laughable in 2020.
SHA-1 in RSA signature generation !!!! :
https://threatpost.com/exploit-fully-breaks-sha-1/151697/
SHA-1 is a Shambles:
(PDF) https://eprint.iacr.org/2020/014.pdf
Use of MD5 : MD5 is only good for corruption detection, NOT security! NSA banned it in 2001. FIPS 140-2 from 2001 says to use approved secure hashes. People have published "collisions" of any MD5, if bytestream can be stretched.
Weak crackable AES 128 bits used!!! Should be AES 256, but the code silently drops it to AES 128 in undocumented fashion.
Debugging harness code hidden in production firmware builds allows anyone with debugger harness access to RAM space. (proven). Debugger harness can be attached to innocent looking Android Cell Phone and a Arduino dongle, by a voter!.
Hard coded encryption keys hidden in source code (yes really)
Sensitive keys are stored on disk unencrypted and a external device can trivially read these critical crypto keys.
Hard coded encryption keys hidden in source code of the master vote tabulator for the precincts (yes really)
Random number and entropy routine to make live challenge-response keys lacks enough entropy and thus makes VERY CRACKABLE transmission keys.