[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Noob dumb question (extending emacs)

From: Yuri Khan
Subject: Re: Noob dumb question (extending emacs)
Date: Mon, 25 Oct 2021 16:40:54 +0700

On Mon, 25 Oct 2021 at 12:55, Jean Louis <> wrote:

> In science, if there is "security implication" then it has to be
> proven. That is why breaking crypto requires a proof which is usually
> program or exploit that breaks it, not just a theoretical statement.

In crypto science, an algorithm is considered compromised, for
example, if it was previously thought to require a brute force search
of 2^128 to break, and later shown to be breakable in 2^64 attempts.

A 20-letter password contains about 120 bits of information. A user
who requests generation of such a password reasonably expects that the
attacker would have to bruteforce 2^120 possibilities. However, your
generation algorithm uses only 48 bits of entropy, so the attacker
only has to search through 2^48 possible seeds, and maybe 2^5
different generated password lengths, and breaks the password in 2^53
attempts, or 2^67 ≈ 1.5*10^20 times faster than expected.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]