About randomity, entropy, random passwords - was Re: Noob dumb question (extending emacs)

[Jean Louis]

* Michael Heerdegen <michael_heerdegen@web.de> [2021-10-25 16:22]:
> Jean Louis <bugs@gnu.support> writes:
> 
> > Do you say you can predict outcome of my `rcd-password' function?
> 
> Yes, I said I can predict the outcome using unlimited trials.
> 
> > Send contract, I sign it.
> 
> Cool!
> 
> How do you plan to test whether your password is in my trials?  You will
> receive a lot of trials, and I want to be sure you don't cheat.  Because
> it will take some time.

Hey... but I am not going to spend time checking terrabytes of your
trials.

You have got unlimited trials that you do on yourside, not that I work
for you and finally pay you for my work.

That is called brute force. Not an algorithm that breaks the function
and predicts its outcome.

Emacs Lisp function `random' is quite handy and definitely not random
enough as such. But with little support of Emacs Lisp it becomes very
random. The matter is solved by providing a new seed. If seed is
pretty random, then `random' becomes random.

Here is enough entropy that it can generate random passwords:

(defun rcd-random-md5-string ()
  (md5 (concat (emacs-uptime) (format-time-string "%N %6N %3N"))))

(rcd-random-md5-string) ⇒ "37c981115ec8cd7455667e1ad57e894b"

(defun rcd-password-generate-1 (string)
  "Return capitalized or downcased single symbol from a string"
  (random (rcd-random-md5-string))
  (let* ((max (length string))
         (rnd (random max))
         (single (substring string rnd (+ rnd 1))))
    single))

(rcd-password-generate-1 "!@#$%^&*()-=+_[]{}|)ABCDEFGHIJKLMNOPQRSTUVWHYZ") ⇒ "Y"

(rcd-password) ⇒ "wqg9@avJ@fErcvI4rrKt"

Good enough for websites, system accounts, chat accounts, etc.


-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/