[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Noob dumb question (extending emacs)
From: |
Emanuel Berg |
Subject: |
Re: Noob dumb question (extending emacs) |
Date: |
Sat, 23 Oct 2021 20:22:58 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (gnu/linux) |
Yuri Khan wrote:
>> If you use Emacs' `random' to generate a password, an
>> attacker would need to have access to your system to
>> predict the result. He would at least have to know exactly
>> when you started your Emacs session (that time is used to
>> generate the seed). Or he would need much more
>> pseudo-random numbers from you.
>>
>> Without any of these, no chance to guess, because there are
>> too many possible pseudo-random numbers when you don't know
>> at which position in the sequence the generator started.
>
> The position in the sequence, aka the random seed, contains
> a certain number of bits. In Emacs, as far as I can tell,
> best case, the random seed is 48 bits. Which means, no
> matter how long a password you (the user) generate, it still
> contains only 48 bits of entropy.
#! /bin/zsh
$ echo $(( 2**48 ))
281474976710656
Or Elisp:
(expt 2 48)
281474976710656 (#o10000000000000000, #x1000000000000)
> It is *not* okay to offer a library for password generation
> using a weak generator to other people without explaining
> its entropy characteristics so that they could assess
> their risk.
But what is the method stipulated then, we'll just do
a `random-passwd' with that ...
--
underground experts united
https://dataswamp.org/~incal
- Re: Noob dumb question (extending emacs), (continued)
- Re: Noob dumb question (extending emacs), Jean Louis, 2021/10/24
- Re: Noob dumb question (extending emacs), Michael Heerdegen, 2021/10/25
- Re: Noob dumb question (extending emacs), Emanuel Berg, 2021/10/25
- Re: Noob dumb question (extending emacs), Jean Louis, 2021/10/25
- Re: Noob dumb question (extending emacs), Emanuel Berg, 2021/10/25
- Re: Noob dumb question (extending emacs), Jean Louis, 2021/10/25
- Re: Noob dumb question (extending emacs), Jean Louis, 2021/10/25
- Re: Noob dumb question (extending emacs), Michael Heerdegen, 2021/10/25
- About randomity, entropy, random passwords - was Re: Noob dumb question (extending emacs), Jean Louis, 2021/10/25
- Message not available
- Message not available
- Re: Noob dumb question (extending emacs), Jean Louis, 2021/10/27
- Re: Noob dumb question (extending emacs),
Emanuel Berg <=
- Re: Noob dumb question (extending emacs), Emanuel Berg, 2021/10/23
- Re: Noob dumb question (extending emacs), Jean Louis, 2021/10/24
- Re: Noob dumb question (extending emacs), Michael Heerdegen, 2021/10/24
- Re: Noob dumb question (extending emacs), Jean Louis, 2021/10/24
- Re: Noob dumb question (extending emacs), Emanuel Berg, 2021/10/24
- Re: Noob dumb question (extending emacs), Jean Louis, 2021/10/24
- Re: Noob dumb question (extending emacs), Emanuel Berg, 2021/10/24
- Re: Noob dumb question (extending emacs), Jean Louis, 2021/10/25
- Re: Noob dumb question (extending emacs), Emanuel Berg, 2021/10/27
- Re: Noob dumb question (extending emacs), Emanuel Berg, 2021/10/23