[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Noob dumb question (extending emacs)
From: |
Emanuel Berg |
Subject: |
Re: Noob dumb question (extending emacs) |
Date: |
Thu, 28 Oct 2021 22:56:18 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (gnu/linux) |
Michael Heerdegen wrote:
>>> 48 ln(2)
>>> l = -------- ~ 8.13.
>>> ln(60)
>>>
>>> That would mean that already for a length of 9 only a small
>>> fraction of passwords are computable.
>>
>> Okay, why do you say/how do you know that?
>
> Anything besides used entropy is deterministic.
>
> If you initialize the seed with a certain entropy, it means
> that you randomly get one seed out of N possible (known)
> seeds. In our case N = 2^31 (or something like that).
>
> To understand the reasoning behind the following it can help
> to assume a small N, e.g. N=2, N=10 or N=100, and then think
> about what fundamentally changes if N is larger (actually
> nothing, you only need accordingly more tries to guess).
> This is all quite trivial, only the large numbers involved
> cloud a bit what is going on.
>
> Ok. Those possible seeds are known (computable) to everyone:
> You start with a random seed out of a public list of
> N seeds.
>
> With each of these seeds, `random' will generate one out of
> N possible predefined sequences of numbers. With the
> exception: If N is larger than the number of possible
> different results of `random' (a finite number of course),
> let's name it "M", then you must set N = M in the
> following considerations.
>
> So if you use a publicly known deterministic algorithm using
> `random', your algorithm will generate one out of N possible
> publicly known password sequences for each call.
>
> Security of these passwords stands and falls with the size
> of N:
>
> Say your algorithm calculates passwords using an alphabet
> consisting of a number b of letters, e.g. b=60 for small and
> capital letters plus some special characters. Then the
> entropy used is enough to generate pseudo-random passwords
> of a length l when b^l ~ N (where "~" means "is
> approximately").
>
> Why? If l is smaller, b^l < N, your algorithm would often
> calculate the same password for different seeds, and you
> would waste a portion of the initial randomness (entropy).
>
> If l is larger, b^l > N, the passwords per se are stronger
> in theory but... that doesn't matter if you publish the
> algorithm that computed the passwords (or one can guess that
> algorithm). Then I still have to try only N passwords, not
> more than when a smaller password length is used. One could
> say that those longer passwords contain redundancy: a part
> of those password strings is determined by the rest of the
> password string and doesn't offer additional security.
>
> The situation would be similar to posting on your homepage:
>
> "Any of my accounts uses a password out of this list:
>
> { "nx4BgzrJmZq0+!YPp<O|]8k&Q"<M2-`<nSV#|CH-",
> "%d~8bqv1j^rl51\6(9#/d[!D91_X_H/=`|&S]|SQ",
> ":2A]sw=V;--q)RKLOIdoxd`9B+4#Q5[WY\8yFNl",
> "?ljGuo\-;VF"9;F$MgU~uP|Ztk$!!9kxAsv~,Lv?",
> ">%M\s=>!xHP9|EMEzR[&Wu&$,\]lS`fN1y:Bc!Ey",
> "igbf^Hlcxyg,A0MBa>d:!,}{x"j%?Qi^,P<YDP-|",
> "/iGww)fjE:*$:uv,$>)M=M?|UF2DZ4|>*Mx"&>(;!,
> "EzIRpdH|;R^1iTAG'*P5LdoJ5sS_Y2kN#S:{S_a\",
> "rLBtPlQ6Unml'5`+B*l^LA}8>/8C}=I)1(']Zqz+",
> "Zt.J$fP<$zU)^AH}<ymP-cNkwz%8#1=+A]<1XON!" }
>
> Those are all very strong passwords, and the method I use
> to choose one of them randomly is so clever and uses so
> much entropy that it's impossible to guess it.
> Try it, Mentalist!"
>
> But since all of those possible passwords are publicly known
> the situation is not better than using a random password out
> of {"0", "1",..., "9"}: not more secure than using random
> passwords of length 1 (even less).
>
> Or using the formula mentioned,
>
> ln(N) ln(10)
> ------ = -------- < 1.
> ln(b) ln(60)
I don't think I saw that, what does it say?
I've seen the first one, this
48 bits, alphabet length n, password length l
2^48 = n^l <=>
48*ln(2) = l*ln(n) <=>
l = 48*ln(2)/ln(n)
which in Elisp is
(defun epwgen-space-size-2 (bits abc-len)
(/ (* bits (log 2)) (log abc-len) ))
;; (epwgen-space-size-2 48 60) ; 8.13
Are you saying, that it is saying, "with 48 bits passwords
longer than 8.13 chars don't make it more secure"?
--
underground experts united
https://dataswamp.org/~incal
- About randomity, entropy, random passwords - was Re: Noob dumb question (extending emacs), (continued)
- About randomity, entropy, random passwords - was Re: Noob dumb question (extending emacs), Jean Louis, 2021/10/25
- Re: Noob dumb question (extending emacs), Emanuel Berg, 2021/10/28
- Re: Noob dumb question (extending emacs), Michael Heerdegen, 2021/10/23
- Re: Noob dumb question (extending emacs), Yuri Khan, 2021/10/23
- Re: Noob dumb question (extending emacs), Michael Heerdegen, 2021/10/23
- Re: Noob dumb question (extending emacs), Emanuel Berg, 2021/10/23
- Re: Noob dumb question (extending emacs), Michael Heerdegen, 2021/10/24
- Re: Noob dumb question (extending emacs), Emanuel Berg, 2021/10/27
- Re: Noob dumb question (extending emacs), Michael Heerdegen, 2021/10/28
- Re: Noob dumb question (extending emacs), tomas, 2021/10/28
- Re: Noob dumb question (extending emacs),
Emanuel Berg <=
- Re: Noob dumb question (extending emacs), Emanuel Berg, 2021/10/28
- Re: Noob dumb question (extending emacs), Michael Heerdegen, 2021/10/31
- Re: Noob dumb question (extending emacs), Emanuel Berg, 2021/10/31
- Re: Noob dumb question (extending emacs), Michael Heerdegen, 2021/10/31
- Re: Noob dumb question (extending emacs), Michael Heerdegen, 2021/10/23
- Re: Noob dumb question (extending emacs), Yuri Khan, 2021/10/23
- ERC links to man pages (was: Re: Noob dumb question (extending emacs)), Emanuel Berg, 2021/10/23
- Re: Noob dumb question (extending emacs), Jean Louis, 2021/10/24
- Re: Noob dumb question (extending emacs), Michael Heerdegen, 2021/10/24
- Re: Noob dumb question (extending emacs), Jean Louis, 2021/10/24