[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Noob dumb question (extending emacs)

From: Michael Heerdegen
Subject: Re: Noob dumb question (extending emacs)
Date: Sat, 23 Oct 2021 10:41:11 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (gnu/linux)

Yuri Khan <> writes:

>     A deterministic computer program cannot generate true random numbers.
>     For most purposes, “pseudo-random numbers” suffice.
> Spoiler: secure password generation is not one of those purposes.

If you use Emacs' `random' to generate a password, an attacker would
need to have access to your system to predict the result.  He would at
least have to know exactly when you started your Emacs session (that
time is used to generate the seed).  Or he would need much more
pseudo-random numbers from you.

Without any of these, no chance to guess, because there are too many
possible pseudo-random numbers when you don't know at which position in
the sequence the generator started.

But if the attacker already has access to your session, he can just
steal the password out of your Emacs session or system clipboard or take
a screenshot or whatever.

So I don't see a problem here.  Or am I missing something?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]