[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
About randomity, entropy, random passwords - was Re: Noob dumb question
From: |
Jean Louis |
Subject: |
About randomity, entropy, random passwords - was Re: Noob dumb question (extending emacs) |
Date: |
Mon, 25 Oct 2021 23:29:43 +0300 |
User-agent: |
Mutt/2.0.7+183 (3d24855) (2021-05-28) |
* Yuri Khan <yuri.v.khan@gmail.com> [2021-10-25 23:12]:
> On Tue, 26 Oct 2021 at 02:25, Jean Louis <bugs@gnu.support> wrote:
>
> > Yuri and Michael H., you are very right, too simple password
> > generation without enough entropy produces duplicate passwords.
>
> What tipped you to this conclusion?
I did the `dotimes' and found same passwords without goods seed. Then
I have improved the seed.
> Still wrong!
You still cannot guess the next password coming... with or without
good seed. But your tips did make it more random on my side. ;-p
> > (defun rcd-read-urandom (&optional length)
> > "I am also free to modify the Emacs Lisp unlimited times."
> > (shell-command-to-string "head -n 1 /dev/urandom"))
>
> Here you read the first newline-delimited line of /dev/urandom, which
> may be a lot. If you have to use ‘head’, use it with -c and give a
> byte count.
That one I forgot the same time I wrote it, it was just thinking. I
don't like external commands.
> > (defun rcd-password-generate-1 (string)
> > "Return capitalized or downcased single symbol from a string"
> > (random (format "%s" (rcd-read-urandom)))
>
> Here you seed the Emacs random generator with the entropy. However,
> the Emacs random generator can only use 48 bits of entropy in the best
> case, so it grabs exactly that and drops the remainder on the floor.
It may be, I dropped that one.
> > (let* ((max (length string))
> > (rnd (random max))
> > (single (substring string rnd (+ rnd 1))))
> > single))
>
> Then you proceed to generate a random password using the seeded
> pseudo-random generator. Which is a step up from an unseeded
> pseudo-random generator (you could generate a series of passwords from
> a single seed, making it easier for the attacker who knows one to
> guess others) but still not as random as you would get by just
> converting raw entropy into printable characters.
I'll stick to random Emacs uptime concatenated to microseconds,
nanoseconds and milliseconds.
--
Jean
Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns
In support of Richard M. Stallman
https://stallmansupport.org/
- Re: Noob dumb question (extending emacs), (continued)
- Re: Noob dumb question (extending emacs), Jean Louis, 2021/10/25
- Re: Noob dumb question (extending emacs), Jean Louis, 2021/10/25
- Re: Noob dumb question (extending emacs), Emanuel Berg, 2021/10/25
- Re: Noob dumb question (extending emacs), Emanuel Berg, 2021/10/25
- About randomity, entropy, random passwords - was Re: Noob dumb question (extending emacs), Jean Louis, 2021/10/25
- Re: About randomity, entropy, random passwords - was Re: Noob dumb question (extending emacs), Emanuel Berg, 2021/10/25
- Re: Noob dumb question (extending emacs), Jean Louis, 2021/10/25
- Re: Noob dumb question (extending emacs), Yuri Khan, 2021/10/25
- Re: Noob dumb question (extending emacs), Emanuel Berg, 2021/10/25
- Re: Noob dumb question (extending emacs), Jean Louis, 2021/10/25
- About randomity, entropy, random passwords - was Re: Noob dumb question (extending emacs),
Jean Louis <=
- Re: Noob dumb question (extending emacs), Emanuel Berg, 2021/10/28
- Re: Noob dumb question (extending emacs), Michael Heerdegen, 2021/10/23
- Re: Noob dumb question (extending emacs), Yuri Khan, 2021/10/23
- Re: Noob dumb question (extending emacs), Michael Heerdegen, 2021/10/23
- Re: Noob dumb question (extending emacs), Emanuel Berg, 2021/10/23
- Re: Noob dumb question (extending emacs), Michael Heerdegen, 2021/10/24
- Re: Noob dumb question (extending emacs), Emanuel Berg, 2021/10/27
- Re: Noob dumb question (extending emacs), Michael Heerdegen, 2021/10/28
- Re: Noob dumb question (extending emacs), tomas, 2021/10/28
- Re: Noob dumb question (extending emacs), Emanuel Berg, 2021/10/28