help-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Noob dumb question (extending emacs)


From: Yuri Khan
Subject: Re: Noob dumb question (extending emacs)
Date: Tue, 26 Oct 2021 02:56:25 +0700

On Tue, 26 Oct 2021 at 02:25, Jean Louis <bugs@gnu.support> wrote:

> Yuri and Michael H., you are very right, too simple password
> generation without enough entropy produces duplicate passwords.

What tipped you to this conclusion?


Still wrong!

> (defun rcd-read-urandom (&optional length)
>   "I am also free to modify the Emacs Lisp unlimited times."
>   (shell-command-to-string "head -n 1 /dev/urandom"))

Here you read the first newline-delimited line of /dev/urandom, which
may be a lot. If you have to use ‘head’, use it with -c and give a
byte count.

> (defun rcd-password-generate-1 (string)
>   "Return capitalized or downcased single symbol from a string"
>   (random (format "%s" (rcd-read-urandom)))

Here you seed the Emacs random generator with the entropy. However,
the Emacs random generator can only use 48 bits of entropy in the best
case, so it grabs exactly that and drops the remainder on the floor.

>   (let* ((max (length string))
>          (rnd (random max))
>          (single (substring string rnd (+ rnd 1))))
>     single))

Then you proceed to generate a random password using the seeded
pseudo-random generator. Which is a step up from an unseeded
pseudo-random generator (you could generate a series of passwords from
a single seed, making it easier for the attacker who knows one to
guess others) but still not as random as you would get by just
converting raw entropy into printable characters.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]