creates a hash of a map, which is difficult in go, as the map doesn't have an explicit order in go. So it takes all keys, sorts them alphabetically, and then hashes the values.
But: it doesn't add the key to the values.
So the following two maps will have the same hash:
This is another potential security error: the
hashMap
method here:https://github.com/dedis/cothority/blob/e0c9afbb847b070e1bda6f54561a4082b803db80/evoting/lib/transaction.go#L109
creates a hash of a
map
, which is difficult in go, as themap
doesn't have an explicit order in go. So it takes all keys, sorts them alphabetically, and then hashes the values.But: it doesn't add the key to the values.
So the following two maps will have the same hash:
Fix: also add the
key
to the hash.