The Same oddity comes up again in steem's encryption
This isn't exactly the same thing that @baabeetaa and I found.
It's EXACTLY the same kind of thing that I keep seeing throughout steemit's codebase, particularly as pertains to encryption.
here is the post I made on similar issues. @baabeetaa and I were wrong in it. But we were confronted with a situation that looked exactly as though there was serious foul play. There wasn't. Indeed, he and I did not realize that we had to add 4 and 27 and the like. I edited that post as the situation evolved and I realized that I'd been in error. Please know that there's a link in the comments where you can see all of the edits. Bottom line: We were wrong but I, for one feel that the style of handling this stuff in steemd is sloppy at best.
I am looking at https://gist.github.com/inertia186/3e2949c1e5665f400a1e68c4554dfa7d
Which line numbers are you referring to, there is a lot of code there.
Run the ruby code. Author of the gist says it fails ~1 in 100 runs.
That is... BIZARRE. Since encryption should be rock-solid-consistent.
OMG! Sounds like a deliberately planted exploit for the software author to come back later.
This is exactly the type of thing I believe keeps happening in open source code. Contributors (we don't know everyone's motives) can purposely implant inconsistencies and milk them later anonymously without people knowing who exploited the code.
(..and since a lot of projects borrow existing code, it means an exploit can turn up in multiple projects....)
The amount of SSL related updates in the last 3 years drives me crazy.