Re: Noob dumb question (extending emacs)

[Yuri Khan]

On Sat, 23 Oct 2021 at 15:41, Michael Heerdegen
<michael_heerdegen@web.de> wrote:
> > Spoiler: secure password generation is not one of those purposes.
>
> If you use Emacs' `random' to generate a password, an attacker would
> need to have access to your system to predict the result.  He would at
> least have to know exactly when you started your Emacs session (that
> time is used to generate the seed).  Or he would need much more
> pseudo-random numbers from you.
>
> Without any of these, no chance to guess, because there are too many
> possible pseudo-random numbers when you don't know at which position in
> the sequence the generator started.

The position in the sequence, aka the random seed, contains a certain
number of bits. In Emacs, as far as I can tell, best case, the random
seed is 48 bits. Which means, no matter how long a password you (the
user) generate, it still contains only 48 bits of entropy. Whereas
with ‘pwgen’ you get more entropy as you generate a longer password.

An attacker might have access to one or more passwords you generate
before and/or after the password the attacker is interested in, e.g.
by being one of the entities you have an account with, or by
possessing a leaked database of user information from a compromised
service.

(It is also customary, when discussing security, to assume the
attacker knows exactly the algorithms you use.)


It is okay to generate your own passwords using a weak generator if
you are aware of that and deem the risk insignificant.

It is okay to offer a library for password generation using a weak
generator to other people, as long as they are aware and deem the risk
insignificant.

It is *not* okay to offer a library for password generation using a
weak generator to other people without explaining its entropy
characteristics so that they could assess their risk.