help-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Noob dumb question (extending emacs)


From: Jean Louis
Subject: Re: Noob dumb question (extending emacs)
Date: Sun, 24 Oct 2021 10:08:12 +0300
User-agent: Mutt/2.0.7+183 (3d24855) (2021-05-28)

* Yuri Khan <yuri.v.khan@gmail.com> [2021-10-23 16:09]:
> On Sat, 23 Oct 2021 at 19:55, Michael Heerdegen
> <michael_heerdegen@web.de> wrote:
> > > In Emacs, as far as I can tell, best case, the random
> > > seed is 48 bits.
> >
> > Is the random number generator able to use more than 48 bits of entropy?
> 
> Not as far as I can tell from srand48(3).
> 
> This pseudo-random number generator is not designed to be used for
> password generation and cryptography. It’s okay for simulations,
> games, network retry delays, this kind of things.

What is better?

1. To have users "invent" their passwors by letting them type it each
   time? 

2. Or maybe to offer them a random password like:
   "6IcH8L$BnQcmL-NrnSHe" which they can anyway change if they like?

In my practical password generation the latter option is more secure,
then if I start inventing passwords like "So8ething98" which I
consider less secure or using hands to type something random like
"asdf45huji" which in the end and due to habits may not be that random
at all.

When making highly hypothetical observation it is not bad to remember
the practical use of it. 

Emacs Lisp how it is can generate random passwords and that is what
matters and is practically useful.

If you wish to say that passwords are not random, unsafe, and so on,
please demonstrate it practically, not just theoretically. 

For example, try to predict the outcome of the following:

(random (format "%s" (random)))

And provide a script in any programming language that will predict the
outcome of that function. Prove it. Don't let it be just confusing.

If you can do that, you have completed scientific exercise and have
proven it empirically that passwords are not random. Not only
theoretically, as from theory I have no practical benefit.

By using (rcd-password) ⇒ "n=(3hWqlaWfPRTSDQrWV" function I have a
constant daily practical benefit. 

Then I have to face a professional programmer of Emacs Lisp who wants
to convince me that I should not be generating passwords by using
Emacs Lisp. 

Come on.

-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/



reply via email to

[Prev in Thread] Current Thread [Next in Thread]