It is very simple to create a version of this generator that will generate correct verification codes for arbitrary timestamps, which would allow someone to practice a seed and submit and stream it for the correct time.
My problem isn't with the verification code itself, but the trust that is put on it by the community.
Example
- Replace hashing of the source code with the hash-result of the "correct" version
- Hardcode wanted timestamps or redirect
time(NULL) calls (doesn't even require (1))
Result
This means a seed and verification code do not verify:
- Time of creation of the seed
- Use of generator code/version
The only information that is verified:
- Use of cipher to generate seed
- Number of iterations
- IV of cipher
The verified information seems not useful to the FSG community as it is just a byproduct of how this exact generator-filter works, and it should be communicated that the verification code does not verify correct usage of the generator by the FSG rules.
It is very simple to create a version of this generator that will generate correct verification codes for arbitrary timestamps, which would allow someone to practice a seed and submit and stream it for the correct time.
My problem isn't with the verification code itself, but the trust that is put on it by the community.
Example
time(NULL)calls (doesn't even require (1))Result
This means a seed and verification code do not verify:
The only information that is verified:
The verified information seems not useful to the FSG community as it is just a byproduct of how this exact generator-filter works, and it should be communicated that the verification code does not verify correct usage of the generator by the FSG rules.