[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Noob dumb question (extending emacs)

From: Emanuel Berg
Subject: Re: Noob dumb question (extending emacs)
Date: Sat, 23 Oct 2021 20:17:19 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (gnu/linux)

Michael Heerdegen wrote:

> If you use Emacs' `random' to generate a password, an
> attacker would need to have access to your system to predict
> the result. He would at least have to know exactly when you
> started your Emacs session (that time is used to generate
> the seed). Or he would need much more pseudo-random numbers
> from you.
> Without any of these, no chance to guess, because there are
> too many possible pseudo-random numbers when you don't know
> at which position in the sequence the generator started.
> But if the attacker already has access to your session, he
> can just steal the password out of your Emacs session or
> system clipboard or take a screenshot or whatever.
> So I don't see a problem here. Or am I missing something?

Well, obviously no one is cracking your account because
`random' isn't random enough :)

Well, if they do it at a industrial standard level (I didn't
see such a standard myself, but I trust Yuri has) there is no
reason we shouldn't be there as well ...

underground experts united

reply via email to

[Prev in Thread] Current Thread [Next in Thread]