[afnog] Is there a standard for the 312-bit ID?
sm+afrinic at elandsys.com
sm+afrinic at elandsys.com
Mon Aug 4 21:47:23 UTC 2025
Dear All,
There was a vulnerability report, dated 2 August, to the AFNOG
mailing list [1]. There was an clarification dated 4 August:
https://www.afnog.org/pipermail/afnog/2025-August/004871.html
I glanced through the report and noticed the Wordpress
reference. There are Wordpress plugins for adding a voting feature
for blog posts. I presumed that the security requirements would be
higher for a "Designated Voter Nomination platform". Which
standard(s) do the security requirements for the platform comply with?
The clarification stated that:
1. Each document link contains a unique 39-character (312-bit) ID generated
randomly.
2. These links cannot be guessed or enumerated through any automated or
manual means.
Is there a standard which is used for the generation of the 312-bit
ID? Was there any verification to assess whether the implementation
was in compliance with the standard? Was there any QA [2] before
the platform was deployed?
I am skeptical when I see a claim that links cannot be guessed or
enumerated. It is technically possible to run a "brute force attack".
Regards,
S. Moonesamy
1. https://www.afnog.org/pipermail/afnog/2025-August/004867.html
2. I attended a technical event a few months ago. I was pleasantly
surprised to see a presentation about quality assurance (QA).
More information about the afnog
mailing list