Re: Noob dumb question (extending emacs)

[Jean Louis]

* Yuri Khan <yuri.v.khan@gmail.com> [2021-10-25 12:42]:
> On Mon, 25 Oct 2021 at 12:55, Jean Louis <bugs@gnu.support> wrote:
> 
> > In science, if there is "security implication" then it has to be
> > proven. That is why breaking crypto requires a proof which is usually
> > program or exploit that breaks it, not just a theoretical statement.
> 
> In crypto science, an algorithm is considered compromised, for
> example, if it was previously thought to require a brute force search
> of 2^128 to break, and later shown to be breakable in 2^64 attempts.
> 
> A 20-letter password contains about 120 bits of information. A user
> who requests generation of such a password reasonably expects that the
> attacker would have to bruteforce 2^120 possibilities. However, your
> generation algorithm uses only 48 bits of entropy, so the attacker
> only has to search through 2^48 possible seeds, and maybe 2^5
> different generated password lengths, and breaks the password in 2^53
> attempts, or 2^67 ≈ 1.5*10^20 times faster than expected.

That is why I said, if it is "so the attacker only has to search
through 2^48 possible seeds" then please demonstrate it, search it and
prove what would be the next char in this password. I think 50 chars
will give you enough playground to find the seeds.

(rcd-password 50) ⇒ "YQAguCWdKEiR%OiEyjuKHcttCvyVOEt}pwG5HJoUirOdA6RBOa"

Once you find first seed, let me know, that I can pay the pizza for
you Yuri.

-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/