* Noob dumb question (extending emacs) @ 2021-10-19 22:12 Ivano Da Milano 2021-10-20 0:36 ` Emanuel Berg via Users list for the GNU Emacs text editor ` (3 more replies) 0 siblings, 4 replies; 127+ messages in thread From: Ivano Da Milano @ 2021-10-19 22:12 UTC (permalink / raw) To: help-gnu-emacs Hello everyone. Please, be patient, as I'm totally new to emacs, but I'm told it can do a lot more than just editing text. So, I ask you, are the following possible? And how to accomplish? (if possible, point me to a ready solution, because I know nearly nothing about lisp) [un]zip/tar/rar/etc archives ASCII Art - from image, but IIRC, there's an ASCII based paint program Batch rename Browser (like Lynx) Scientific calculator Calendar Contacts manager DBMS (SQL Client) Diff/patch File manager (like Midnight Commander) FTP Client Id3 tag editor IRC client Mail client MIDI/Music Player OffLine browser (like HTTrack) random password generator Project management Speech recognition Spreadsheet (like sc) System clean Task manager (like top) Torrent Transcoder (with FFMPeg) TTS (with eSpeak) Volume mixer (like AlsaMixer) Wave editor (with SoX) Thanks in advance for any help. ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-19 22:12 Noob dumb question (extending emacs) Ivano Da Milano @ 2021-10-20 0:36 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-20 6:34 ` Marcin Borkowski ` (2 more replies) 2021-10-20 4:04 ` Ivano Da Milano ` (2 subsequent siblings) 3 siblings, 3 replies; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-20 0:36 UTC (permalink / raw) To: help-gnu-emacs Re: Noob dumb question (extending emacs) Ivano Da Milano wrote: > [un]zip/tar/rar/etc archives archive-mode > ASCII Art - from image, but IIRC, there's an ASCII based > paint program artist-mode > Batch rename I'm not sure exactly what you mean, but it is possible, either directly from Elisp or some solution/combination with/from Dired and/or the shell ... > Browser (like Lynx) Emacs-w3m (3rd party, based on w3m) or the built-in eww. Emacs-w3m is a Japanese project BTW, eww is from Norway I guess :) > Calendar > DBMS (SQL Client) > Diff/patch > MIDI/Music Player > Scientific calculator > Spreadsheet (like sc) Available ... > Contacts manager ~/.mailrc > File manager (like Midnight Commander) Dired is what I and a lot of people use ... and while Midnight Commander is an orthodox file manager (an OFS) Dired is a directory editor, "[a] term that predates the usage of file manager". The first year they mention on the Wikipedia page [1] is 1974 for dired and 1984 for OFS, so that's a decade already ... > FTP Client > Id3 tag editor Don't know ... > IRC client ERC > Mail client There are several ... Rmail (written and used to this day by RSM) and Gnus (which is much more advanced, powerful, and generally recommended for mails from/with Emacs). In particular Gnus with Gmane for mailing lists! As the saying goes, "Gnus is to Emacs users what Emacs is to computer users". > OffLine browser (like HTTrack) You need/want a special browser for that? > random password generator Write it yourself in Elisp - in the unlikely even no one did it already ... > Project management org-mode ... or text-mode ... or mhtml-mode > Speech recognition > System clean > Task manager (like top) > Torrent > Transcoder (with FFMPeg) > TTS (with eSpeak) > Volume mixer (like AlsaMixer) > Wave editor (with SoX) Not that I know of but you can execute any shell tool from one of the shell modes or terminal emulators ... [1] https://en.wikipedia.org/wiki/Orthodox_file_manager -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-20 0:36 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-20 6:34 ` Marcin Borkowski 2021-10-20 18:13 ` H. Dieter Wilhelm 2021-10-20 6:53 ` Jean Louis 2021-10-20 17:10 ` Ivano Da Milano 2 siblings, 1 reply; 127+ messages in thread From: Marcin Borkowski @ 2021-10-20 6:34 UTC (permalink / raw) To: Emanuel Berg; +Cc: help-gnu-emacs On 2021-10-20, at 02:36, Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> wrote: >> Id3 tag editor > > Don't know ... Available via EMMS. >> random password generator > > Write it yourself in Elisp - in the unlikely even no one did > it already ... Or call a CLI one. >> Project management > > org-mode ... or text-mode ... or mhtml-mode Also, there are packages supporting existing cloud-based solutions (if you're into them), often via Org-mode. Best, -- Marcin Borkowski http://mbork.pl ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-20 6:34 ` Marcin Borkowski @ 2021-10-20 18:13 ` H. Dieter Wilhelm 0 siblings, 0 replies; 127+ messages in thread From: H. Dieter Wilhelm @ 2021-10-20 18:13 UTC (permalink / raw) To: Marcin Borkowski; +Cc: help-gnu-emacs, Emanuel Berg Marcin Borkowski <mbork@mbork.pl> writes: >>> random password generator >> Write it yourself in Elisp - in the unlikely even no one did >> it already ... > Or call a CLI one. I'm using org-passwords Dieter -- Best wishes H. Dieter Wilhelm Zwingenberg, Germany ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-20 0:36 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-20 6:34 ` Marcin Borkowski @ 2021-10-20 6:53 ` Jean Louis 2021-10-20 8:23 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-20 17:10 ` Ivano Da Milano 2 siblings, 1 reply; 127+ messages in thread From: Jean Louis @ 2021-10-20 6:53 UTC (permalink / raw) To: help-gnu-emacs * Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-20 09:02]: > > Mail client > > There are several ... Rmail (written and used to this day by > RSM) and Gnus (which is much more advanced, powerful, and > generally recommended for mails from/with Emacs). Gnus is also excellent as a predisposition to other packages. Like when it does not do what is expected, just run M-x doctor and eventually get saved from suicidal thoughts. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-20 6:53 ` Jean Louis @ 2021-10-20 8:23 ` Emanuel Berg via Users list for the GNU Emacs text editor 0 siblings, 0 replies; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-20 8:23 UTC (permalink / raw) To: help-gnu-emacs Jean Louis wrote: >>> Mail client >> >> There are several ... Rmail (written and used to this day >> by RSM) and Gnus (which is much more advanced, powerful, >> and generally recommended for mails from/with Emacs). > > Gnus is also excellent as a predisposition to other > packages. Like when it does not do what is expected, just > run M-x doctor and eventually get saved from > suicidal thoughts. But ... I thought you went to eat fruit by the ocean with swim girls when that happens? -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-20 0:36 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-20 6:34 ` Marcin Borkowski 2021-10-20 6:53 ` Jean Louis @ 2021-10-20 17:10 ` Ivano Da Milano 2021-10-20 18:41 ` Tassilo Horn ` (3 more replies) 2 siblings, 4 replies; 127+ messages in thread From: Ivano Da Milano @ 2021-10-20 17:10 UTC (permalink / raw) To: Emanuel Berg, help-gnu-emacs Il Mer 20 Ott 2021, 02:36 Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> ha scritto: > Re: Noob dumb question (extending emacs) > Ivano Da Milano wrote: > > > [un]zip/tar/rar/etc archives > > archive-mode > > > ASCII Art - from image, but IIRC, there's an ASCII based > > paint program > > artist-mode > > > Batch rename > > I'm not sure exactly what you mean, but it is possible, either > directly from Elisp or some solution/combination with/from > Dired and/or the shell ... > I mean renaming files all at once, applying string manipulation to the file name > Browser (like Lynx) > > Emacs-w3m (3rd party, based on w3m) or the built-in eww. > Emacs-w3m is a Japanese project BTW, eww is from Norway > I guess :) > > > Calendar > > DBMS (SQL Client) > > Diff/patch > > MIDI/Music Player > > Scientific calculator > > Spreadsheet (like sc) > > Available ... > > > Contacts manager > > ~/.mailrc > > > File manager (like Midnight Commander) > > Dired is what I and a lot of people use ... and while > Midnight Commander is an orthodox file manager (an OFS) Dired > is a directory editor, "[a] term that predates the usage of > file manager". The first year they mention on the Wikipedia > page [1] is 1974 for dired and 1984 for OFS, so that's > a decade already ... > > > FTP Client > > Id3 tag editor > > Don't know ... > > > IRC client > > ERC > > > Mail client > > There are several ... Rmail (written and used to this day by > RSM) and Gnus (which is much more advanced, powerful, and > generally recommended for mails from/with Emacs). > In particular Gnus with Gmane for mailing lists! As the saying > goes, "Gnus is to Emacs users what Emacs is to computer > users". > > > OffLine browser (like HTTrack) > > You need/want a special browser for that? > Not sure about this > > random password generator > > Write it yourself in Elisp - in the unlikely even no one did > it already ... > > > Project management > > org-mode ... or text-mode ... or mhtml-mode > > > Speech recognition > > System clean > > Task manager (like top) > > Torrent > > Transcoder (with FFMPeg) > > TTS (with eSpeak) > > Volume mixer (like AlsaMixer) > > Wave editor (with SoX) > > Not that I know of but you can execute any shell tool from one > of the shell modes or terminal emulators ... > > [1] https://en.wikipedia.org/wiki/Orthodox_file_manager > > -- > underground experts united > https://dataswamp.org/~incal > > > ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-20 17:10 ` Ivano Da Milano @ 2021-10-20 18:41 ` Tassilo Horn 2021-10-20 18:56 ` Ken Goldman ` (2 subsequent siblings) 3 siblings, 0 replies; 127+ messages in thread From: Tassilo Horn @ 2021-10-20 18:41 UTC (permalink / raw) To: Ivano Da Milano; +Cc: help-gnu-emacs, Emanuel Berg Ivano Da Milano <18101982.ia@gmail.com> writes: >> > Batch rename >> >> I'm not sure exactly what you mean, but it is possible, either >> directly from Elisp or some solution/combination with/from >> Dired and/or the shell ... > > I mean renaming files all at once, applying string manipulation to the > file name Dired can rename files matched by a regexp, and use \N in the replacement to insert the string matched by the N-th group of the regexp, and there are also many other file transformations, see (info "(emacs) Transforming File Names"). Or even better: you can make a dired buffer writable and just edit what you are seeing there, i.e., filenames, and permissions, see (info "(emacs) Wdired"). Of course, you can also use keyboard macros when doing so, see (info "(emacs) Keyboard Macros"). Bye, Tassilo ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-20 17:10 ` Ivano Da Milano 2021-10-20 18:41 ` Tassilo Horn @ 2021-10-20 18:56 ` Ken Goldman 2021-10-20 19:01 ` Ivano Da Milano 2021-10-20 19:45 ` Jean Louis 2021-10-21 19:45 ` Emanuel Berg via Users list for the GNU Emacs text editor 3 siblings, 1 reply; 127+ messages in thread From: Ken Goldman @ 2021-10-20 18:56 UTC (permalink / raw) To: help-gnu-emacs On 10/20/2021 1:10 PM, Ivano Da Milano wrote: >>> Batch rename >> I'm not sure exactly what you mean, but it is possible, either >> directly from Elisp or some solution/combination with/from >> Dired and/or the shell ... >> > I mean renaming files all at once, applying string manipulation to the fi wdired-mode calls up the directory editor. From there you have all the usual find and replace features. You can also change protections and the timestamp. ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-20 18:56 ` Ken Goldman @ 2021-10-20 19:01 ` Ivano Da Milano 0 siblings, 0 replies; 127+ messages in thread From: Ivano Da Milano @ 2021-10-20 19:01 UTC (permalink / raw) To: help-gnu-emacs Guys, thanks so much everyone for the replies. I appreciate this very much =) Il Mer 20 Ott 2021, 20:58 Ken Goldman <kgoldman@us.ibm.com> ha scritto: > On 10/20/2021 1:10 PM, Ivano Da Milano wrote: > >>> Batch rename > >> I'm not sure exactly what you mean, but it is possible, either > >> directly from Elisp or some solution/combination with/from > >> Dired and/or the shell ... > >> > > I mean renaming files all at once, applying string manipulation to the fi > > wdired-mode calls up the directory editor. From there you have > all the usual find and replace features. You can also change protections > and the timestamp. > > > > ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-20 17:10 ` Ivano Da Milano 2021-10-20 18:41 ` Tassilo Horn 2021-10-20 18:56 ` Ken Goldman @ 2021-10-20 19:45 ` Jean Louis 2021-10-21 5:27 ` Ivano Da Milano 2021-10-21 19:45 ` Emanuel Berg via Users list for the GNU Emacs text editor 3 siblings, 1 reply; 127+ messages in thread From: Jean Louis @ 2021-10-20 19:45 UTC (permalink / raw) To: Ivano Da Milano; +Cc: help-gnu-emacs, Emanuel Berg * Ivano Da Milano <18101982.ia@gmail.com> [2021-10-20 20:12]: > I mean renaming files all at once, applying string manipulation to the file > name C-x C-w to enter wdired mode, or M-x wdired-change-to-wdired-mode and then: M-% will do string replacement. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-20 19:45 ` Jean Louis @ 2021-10-21 5:27 ` Ivano Da Milano 2021-10-21 7:40 ` H. Dieter Wilhelm 2021-10-21 18:51 ` Jean Louis 0 siblings, 2 replies; 127+ messages in thread From: Ivano Da Milano @ 2021-10-21 5:27 UTC (permalink / raw) To: help-gnu-emacs I tried your suggestions, I only had troubles with these: - RCDNotes - org-passwords - aria2c - ses-mode Also tried looking in packages (M-x package-list-packages, then M-x myQuery), no luck Il Gio 21 Ott 2021, 02:55 Jean Louis <bugs@gnu.support> ha scritto: > * Ivano Da Milano <18101982.ia@gmail.com> [2021-10-20 20:12]: > > I mean renaming files all at once, applying string manipulation to the > file > > name > > C-x C-w to enter wdired mode, or M-x wdired-change-to-wdired-mode and > then: > > M-% will do string replacement. > > > -- > Jean > > Take action in Free Software Foundation campaigns: > https://www.fsf.org/campaigns > > In support of Richard M. Stallman > https://stallmansupport.org/ > ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-21 5:27 ` Ivano Da Milano @ 2021-10-21 7:40 ` H. Dieter Wilhelm 2021-10-21 15:46 ` Ivano Da Milano 2021-10-21 18:51 ` Jean Louis 1 sibling, 1 reply; 127+ messages in thread From: H. Dieter Wilhelm @ 2021-10-21 7:40 UTC (permalink / raw) To: Ivano Da Milano; +Cc: help-gnu-emacs Ivano Da Milano <18101982.ia@gmail.com> writes: > I tried your suggestions, I only had troubles with these: > - org-passwords M-x list-packages C-s org-plus-contrib i x :-) -- Best wishes H. Dieter Wilhelm Zwingenberg, Germany ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-21 7:40 ` H. Dieter Wilhelm @ 2021-10-21 15:46 ` Ivano Da Milano 2021-10-21 16:03 ` H. Dieter Wilhelm 0 siblings, 1 reply; 127+ messages in thread From: Ivano Da Milano @ 2021-10-21 15:46 UTC (permalink / raw) To: help-gnu-emacs No results Il Gio 21 Ott 2021, 09:40 H. Dieter Wilhelm <dieter@duenenhof-wilhelm.de> ha scritto: > Ivano Da Milano <18101982.ia@gmail.com> writes: > > > I tried your suggestions, I only had troubles with these: > > - org-passwords > > M-x list-packages > C-s org-plus-contrib > i > x > > :-) > > -- > Best wishes > H. Dieter Wilhelm > Zwingenberg, Germany > ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-21 15:46 ` Ivano Da Milano @ 2021-10-21 16:03 ` H. Dieter Wilhelm 2021-10-21 17:49 ` Ivano Da Milano 0 siblings, 1 reply; 127+ messages in thread From: H. Dieter Wilhelm @ 2021-10-21 16:03 UTC (permalink / raw) To: Ivano Da Milano; +Cc: help-gnu-emacs Ivano Da Milano <18101982.ia@gmail.com> writes: > No results Coulnd't you find org-plus-contrib? > Il Gio 21 Ott 2021, 09:40 H. Dieter Wilhelm <dieter@duenenhof-wilhelm.de> > ha scritto: > >> Ivano Da Milano <18101982.ia@gmail.com> writes: >> >> > I tried your suggestions, I only had troubles with these: >> > - org-passwords >> >> M-x list-packages >> C-s org-plus-contrib >> i >> x >> >> :-) >> >> -- >> Best wishes >> H. Dieter Wilhelm >> Zwingenberg, Germany >> > -- Best wishes H. Dieter Wilhelm Zwingenberg, Germany ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-21 16:03 ` H. Dieter Wilhelm @ 2021-10-21 17:49 ` Ivano Da Milano 0 siblings, 0 replies; 127+ messages in thread From: Ivano Da Milano @ 2021-10-21 17:49 UTC (permalink / raw) To: help-gnu-emacs No, indeed Il Gio 21 Ott 2021, 18:03 H. Dieter Wilhelm <dieter@duenenhof-wilhelm.de> ha scritto: > Ivano Da Milano <18101982.ia@gmail.com> writes: > > > No results > > Coulnd't you find org-plus-contrib? > > > Il Gio 21 Ott 2021, 09:40 H. Dieter Wilhelm <dieter@duenenhof-wilhelm.de > > > > ha scritto: > > > >> Ivano Da Milano <18101982.ia@gmail.com> writes: > >> > >> > I tried your suggestions, I only had troubles with these: > >> > - org-passwords > >> > >> M-x list-packages > >> C-s org-plus-contrib > >> i > >> x > >> > >> :-) > >> > >> -- > >> Best wishes > >> H. Dieter Wilhelm > >> Zwingenberg, Germany > >> > > > > -- > Best wishes > H. Dieter Wilhelm > Zwingenberg, Germany > ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-21 5:27 ` Ivano Da Milano 2021-10-21 7:40 ` H. Dieter Wilhelm @ 2021-10-21 18:51 ` Jean Louis 2021-10-21 20:02 ` H. Dieter Wilhelm 1 sibling, 1 reply; 127+ messages in thread From: Jean Louis @ 2021-10-21 18:51 UTC (permalink / raw) To: Ivano Da Milano; +Cc: help-gnu-emacs * Ivano Da Milano <18101982.ia@gmail.com> [2021-10-21 08:29]: > I tried your suggestions, I only had troubles with these: > - RCDNotes That I can understand. Package need my help to be installed fully. First emacs-libpq module, then some files. > - org-passwords Is on website. > - aria2c That is external command, command line tool to download torrent or magnet links or other links. > - ses-mode Well you have to read manual on that. > Also tried looking in packages (M-x package-list-packages, then M-x > myQuery), no luck There are many packages not in any of ELPA. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-21 18:51 ` Jean Louis @ 2021-10-21 20:02 ` H. Dieter Wilhelm 2021-10-21 22:58 ` Emanuel Berg via Users list for the GNU Emacs text editor 0 siblings, 1 reply; 127+ messages in thread From: H. Dieter Wilhelm @ 2021-10-21 20:02 UTC (permalink / raw) To: Ivano Da Milano; +Cc: help-gnu-emacs Jean Louis <bugs@gnu.support> writes: >> - org-passwords > Is on website. Right: https://bitbucket.org/alfaromurillo/org-passwords.el It was in the org-contrib repo but they kicked it this year because it seems that it is, sadly, not maintained any longer (last commit in 2019). Dieter -- Best wishes H. Dieter Wilhelm Zwingenberg, Germany ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-21 20:02 ` H. Dieter Wilhelm @ 2021-10-21 22:58 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-22 6:59 ` H. Dieter Wilhelm 0 siblings, 1 reply; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-21 22:58 UTC (permalink / raw) To: help-gnu-emacs H. Dieter Wilhelm wrote: >>> org-passwords >> >> Is on website. > > Right: https://bitbucket.org/alfaromurillo/org-passwords.el > > It was in the org-contrib repo but they kicked it this year > because it seems that it is, sadly, not maintained any > longer (last commit in 2019). But if it works and is useful no need to kick it out, still. Generally speaking that is, I don't know what it is or is supposed to do or if indeed not br0ken ... -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-21 22:58 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-22 6:59 ` H. Dieter Wilhelm 2021-10-22 12:18 ` Jean Louis 0 siblings, 1 reply; 127+ messages in thread From: H. Dieter Wilhelm @ 2021-10-22 6:59 UTC (permalink / raw) To: help-gnu-emacs Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> writes: > H. Dieter Wilhelm wrote: > >>>> org-passwords >>> >>> Is on website. >> >> Right: https://bitbucket.org/alfaromurillo/org-passwords.el >> >> It was in the org-contrib repo but they kicked it this year >> because it seems that it is, sadly, not maintained any >> longer (last commit in 2019). > > But if it works and is useful no need to kick it out, still. I didn't quite understood their argument in https://elpa.nongnu.org/nongnu/org-contrib.html > Generally speaking that is, I don't know what it is or is > supposed to do or if indeed not br0ken ... https://github.com/AndreaCrotti/org-passwords/blob/master/org-passwords.el it requires an external password generator (per default Gnu-Linux' pwgen) It's working perfectly for me, e.g. (org-passwords-random-password) Dieter ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-22 6:59 ` H. Dieter Wilhelm @ 2021-10-22 12:18 ` Jean Louis 2021-10-22 12:56 ` Emanuel Berg via Users list for the GNU Emacs text editor 0 siblings, 1 reply; 127+ messages in thread From: Jean Louis @ 2021-10-22 12:18 UTC (permalink / raw) To: H. Dieter Wilhelm; +Cc: help-gnu-emacs * H. Dieter Wilhelm <dieter@duenenhof-wilhelm.de> [2021-10-22 10:00]: > it requires an external password generator (per default Gnu-Linux' pwgen) Emacs Lisp is good enough to generate passwords just like `pwgen', on my side it is: (rcd-password) ⇒ "hGsdfHH&3KwIuhy7DvO{" From https://gnu.support/gnu-emacs/packages/rcd-password-el.html -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-22 12:18 ` Jean Louis @ 2021-10-22 12:56 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-22 13:14 ` Yuri Khan 2021-10-22 17:48 ` Jean Louis 0 siblings, 2 replies; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-22 12:56 UTC (permalink / raw) To: help-gnu-emacs Jean Louis wrote: >> it requires an external password generator (per default >> Gnu-Linux' pwgen) > > Emacs Lisp is good enough to generate passwords just like > `pwgen' Are there some agreed-upon, formal requirements to a password generator? -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-22 12:56 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-22 13:14 ` Yuri Khan 2021-10-22 17:51 ` Jean Louis 2021-10-22 18:53 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-22 17:48 ` Jean Louis 1 sibling, 2 replies; 127+ messages in thread From: Yuri Khan @ 2021-10-22 13:14 UTC (permalink / raw) To: Emanuel Berg, help-gnu-emacs On Fri, 22 Oct 2021 at 19:56, Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> wrote: > > Emacs Lisp is good enough to generate passwords just like > > `pwgen' > > Are there some agreed-upon, formal requirements to > a password generator? The first rule of password generators is to use a crypto quality randomness generator. Which, as far as I can tell, Elisp’s ‘random’ is not, at least unless you do a ‘(random t)’ first. And maybe not even then. ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-22 13:14 ` Yuri Khan @ 2021-10-22 17:51 ` Jean Louis 2021-10-22 18:50 ` Yuri Khan ` (2 more replies) 2021-10-22 18:53 ` Emanuel Berg via Users list for the GNU Emacs text editor 1 sibling, 3 replies; 127+ messages in thread From: Jean Louis @ 2021-10-22 17:51 UTC (permalink / raw) To: Yuri Khan; +Cc: help-gnu-emacs, Emanuel Berg * Yuri Khan <yuri.v.khan@gmail.com> [2021-10-22 16:16]: > On Fri, 22 Oct 2021 at 19:56, Emanuel Berg via Users list for the GNU > Emacs text editor <help-gnu-emacs@gnu.org> wrote: > > > > Emacs Lisp is good enough to generate passwords just like > > > `pwgen' > > > > Are there some agreed-upon, formal requirements to > > a password generator? > > The first rule of password generators is to use a crypto quality > randomness generator. Which, as far as I can tell, Elisp’s ‘random’ is > not, at least unless you do a ‘(random t)’ first. And maybe not even > then. For people interested, manual explains about randomity: (info "(elisp) Random Numbers") How I understand it, than it may be that neither `pwgen' is generating truly random numbers. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-22 17:51 ` Jean Louis @ 2021-10-22 18:50 ` Yuri Khan 2021-10-22 19:29 ` Emanuel Berg via Users list for the GNU Emacs text editor ` (2 more replies) 2021-10-22 18:55 ` Yuri Khan 2021-10-22 18:57 ` Emanuel Berg via Users list for the GNU Emacs text editor 2 siblings, 3 replies; 127+ messages in thread From: Yuri Khan @ 2021-10-22 18:50 UTC (permalink / raw) To: Yuri Khan, Emanuel Berg, help-gnu-emacs On Sat, 23 Oct 2021 at 00:55, Jean Louis <bugs@gnu.support> wrote: > For people interested, manual explains about randomity: > (info "(elisp) Random Numbers") > > How I understand it, than it may be that neither `pwgen' is generating > truly random numbers. Inspecting the source shows pwgen uses /dev/urandom if available, and /dev/random otherwise, and all bytes of the password come from one of those sources. These are On the other hand, the manual for Emacs ‘random’ says: A deterministic computer program cannot generate true random numbers. For most purposes, “pseudo-random numbers” suffice. Spoiler: secure password generation is not one of those purposes. ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-22 18:50 ` Yuri Khan @ 2021-10-22 19:29 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-22 21:22 ` Jean Louis 2021-10-23 8:41 ` Michael Heerdegen 2 siblings, 0 replies; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-22 19:29 UTC (permalink / raw) To: help-gnu-emacs Yuri Khan wrote: > On the other hand, the manual for Emacs ‘random’ says: > > A deterministic computer program cannot generate true random numbers. > For most purposes, “pseudo-random numbers” suffice. > > Spoiler: secure password generation is not one of > those purposes. Okay, but how does it happen them? Roll the dice on 5 continents and add the extra 2 just in case? -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-22 18:50 ` Yuri Khan 2021-10-22 19:29 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-22 21:22 ` Jean Louis 2021-10-23 18:08 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-23 8:41 ` Michael Heerdegen 2 siblings, 1 reply; 127+ messages in thread From: Jean Louis @ 2021-10-22 21:22 UTC (permalink / raw) To: Yuri Khan; +Cc: help-gnu-emacs, Emanuel Berg * Yuri Khan <yuri.v.khan@gmail.com> [2021-10-22 21:52]: > On Sat, 23 Oct 2021 at 00:55, Jean Louis <bugs@gnu.support> wrote: > > > For people interested, manual explains about randomity: > > (info "(elisp) Random Numbers") > > > > How I understand it, than it may be that neither `pwgen' is generating > > truly random numbers. > > Inspecting the source shows pwgen uses /dev/urandom if available, and > /dev/random otherwise, and all bytes of the password come from one of > those sources. These are > > On the other hand, the manual for Emacs ‘random’ says: > > A deterministic computer program cannot generate true random numbers. > For most purposes, “pseudo-random numbers” suffice. > > Spoiler: secure password generation is not one of those purposes. That only when looking from the viewpoint of perfection. We could even go further and say that computers were not meant initially to store any data, and safe storage of data requires professional engineering and safety. But people do store data on computers. And hard disks fail all the time. Absolutes are not attainable and practically any LISP can generate passwords just as many other random outcomes. What matters is practicality. Can a program generate a practical random password? If answer is YES, it is useful. For huge majority of users it does not matter neither they can know that passwords have their seeds or that they are not truly random. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-22 21:22 ` Jean Louis @ 2021-10-23 18:08 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-24 7:10 ` Jean Louis 0 siblings, 1 reply; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-23 18:08 UTC (permalink / raw) To: help-gnu-emacs Jean Louis wrote: > Absolutes are not attainable and practically any LISP can > generate passwords just as many other random outcomes. If Linux can do it it should be possible to hook Lisp (Elisp) into that same mechanism and without too much work as well, since the work is already done. > What matters is practicality. Can a program generate > a practical random password? If answer is YES, it is useful. > > For huge majority of users it does not matter neither they > can know that passwords have their seeds or that they are > not truly random. No one is saying stop using Lisp for practical purposes. But doing things the right way is not a slower or more impractical way to do it in the short run - and in the long run, it is much better in that and other respects ... -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-23 18:08 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-24 7:10 ` Jean Louis 2021-10-24 9:35 ` Emanuel Berg via Users list for the GNU Emacs text editor 0 siblings, 1 reply; 127+ messages in thread From: Jean Louis @ 2021-10-24 7:10 UTC (permalink / raw) To: help-gnu-emacs * Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-23 21:09]: > Jean Louis wrote: > > > Absolutes are not attainable and practically any LISP can > > generate passwords just as many other random outcomes. > > If Linux can do it it should be possible to hook Lisp (Elisp) > into that same mechanism and without too much work as well, > since the work is already done. It's really not necessary, just read documentation for `random' function, it is good enough. > > What matters is practicality. Can a program generate > > a practical random password? If answer is YES, it is useful. > > > > For huge majority of users it does not matter neither they > > can know that passwords have their seeds or that they are > > not truly random. > > No one is saying stop using Lisp for practical purposes. > But doing things the right way is not a slower or more > impractical way to do it in the short run - and in the long > run, it is much better in that and other respects ... So the right way is something you know it should exist, because of scientists talking about it, but it is not out there in real world? I call that science fiction. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-24 7:10 ` Jean Louis @ 2021-10-24 9:35 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-24 17:41 ` Jean Louis 0 siblings, 1 reply; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-24 9:35 UTC (permalink / raw) To: help-gnu-emacs Jean Louis wrote: > So the right way is something you know it should exist, > because of scientists talking about it, but it is not out > there in real world? $ apt-get source pwgen > I call that science fiction. *engineering -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-24 9:35 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-24 17:41 ` Jean Louis 2021-10-24 18:20 ` Emanuel Berg via Users list for the GNU Emacs text editor 0 siblings, 1 reply; 127+ messages in thread From: Jean Louis @ 2021-10-24 17:41 UTC (permalink / raw) To: help-gnu-emacs * Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-24 12:41]: > Jean Louis wrote: > > > So the right way is something you know it should exist, > > because of scientists talking about it, but it is not out > > there in real world? > > $ apt-get source pwgen I like to avoid external commands when necessary. In case of pwgen it is not necessary when Emacs and Perl and other programming languages may easily serve the purpose. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-24 17:41 ` Jean Louis @ 2021-10-24 18:20 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-25 5:47 ` Jean Louis 0 siblings, 1 reply; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-24 18:20 UTC (permalink / raw) To: help-gnu-emacs Jean Louis wrote: >>> So the right way is something you know it should exist, >>> because of scientists talking about it, but it is not out >>> there in real world? >> >> $ apt-get source pwgen > > I like to avoid external commands when necessary. In case of > pwgen it is not necessary when Emacs and Perl and other > programming languages may easily serve the purpose. Yes, commands that are run very often and have no security implications one can maybe be cool with a downgrade for that reason, but commands that are used seldom and have security implications, nope, that should be at the level of the CLI alternative _or_ one should simply use the CLI alternative. Note that you can still use your (or any other) Elisp interface ... I think this is much more the practical approach BTW! 1. the practical and skilled approach: use the CLI tool; a quick fix but at the top level anyway 2. the skilled and scientific and practical approach: rewire Elisp to be at that same level (practical as in doing it, but also as in sharing it in the FOSS world) 3. other approach: write it in ELisp, and after a nontrivial effort the outcome will still not be as good as the CLI tool ? -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-24 18:20 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-25 5:47 ` Jean Louis 2021-10-25 9:40 ` Yuri Khan 2021-10-28 20:39 ` Emanuel Berg via Users list for the GNU Emacs text editor 0 siblings, 2 replies; 127+ messages in thread From: Jean Louis @ 2021-10-25 5:47 UTC (permalink / raw) To: help-gnu-emacs * Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-24 21:22]: > Yes, commands that are run very often and have no security > implications one can maybe be cool with a downgrade for that > reason, but commands that are used seldom and have security > implications, nope, that should be at the level of the CLI > alternative _or_ one should simply use the CLI alternative. In science, if there is "security implication" then it has to be proven. That is why breaking crypto requires a proof which is usually program or exploit that breaks it, not just a theoretical statement. It is not reasonable within Emacs environment and especially on this mailing list to keep recommending general CLI alternatives. What about cp, mv, we use it in Dired, should we start now recommending using external "cp" instead of Dired one? As much as possible we strive to integrate features into Emacs, not the other way around. > Note that you can still use your (or any other) Elisp > interface ... > > I think this is much more the practical approach BTW! I will use Emacs Lisp interface to external commands in cases where it is for some reason not possible to get equivalent speed and functionality from within Emacs. For example GNU `mail' utility is very handy and powerful to construct emails, I rather use that one, then the Emacs way of constructing emails. I will rather use `mutt' as Emacs offers none of email clients nearly so fast and functional as `mutt'. I have tried my best to find similarly functional client in Emacs and I have tried them all, solutions are slow and lack features I need. For Xournalapp, I will use Emacs and database to track locations of Xournal notes, but external program must be invoked to modify such note. But if user does not want to integrate stuff in Emacs Lisp, such will use more external commands. Many will use their graphical file managers instead of Dired, that is up to individual's desires. > 2. the skilled and scientific and practical approach: rewire > Elisp to be at that same level (practical as in doing it, > but also as in sharing it in the FOSS world) If program modifies Emacs and is published, it has to be with GPLv3 license or compatible one. Is it clear? > 3. other approach: write it in ELisp, and after a nontrivial > effort the outcome will still not be as good as the CLI > tool That is too general statement, it seem to come from your experience in which I did not participate. Outcome of Emacs Lisp may be equally good as other external command. I wonder how you, who I know you to have written many Emacs Lisp programs now speaks contradictory. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-25 5:47 ` Jean Louis @ 2021-10-25 9:40 ` Yuri Khan 2021-10-25 10:23 ` Emanuel Berg via Users list for the GNU Emacs text editor ` (2 more replies) 2021-10-28 20:39 ` Emanuel Berg via Users list for the GNU Emacs text editor 1 sibling, 3 replies; 127+ messages in thread From: Yuri Khan @ 2021-10-25 9:40 UTC (permalink / raw) To: help-gnu-emacs On Mon, 25 Oct 2021 at 12:55, Jean Louis <bugs@gnu.support> wrote: > In science, if there is "security implication" then it has to be > proven. That is why breaking crypto requires a proof which is usually > program or exploit that breaks it, not just a theoretical statement. In crypto science, an algorithm is considered compromised, for example, if it was previously thought to require a brute force search of 2^128 to break, and later shown to be breakable in 2^64 attempts. A 20-letter password contains about 120 bits of information. A user who requests generation of such a password reasonably expects that the attacker would have to bruteforce 2^120 possibilities. However, your generation algorithm uses only 48 bits of entropy, so the attacker only has to search through 2^48 possible seeds, and maybe 2^5 different generated password lengths, and breaks the password in 2^53 attempts, or 2^67 ≈ 1.5*10^20 times faster than expected. ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-25 9:40 ` Yuri Khan @ 2021-10-25 10:23 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-25 12:41 ` Jean Louis 2021-10-25 19:22 ` Jean Louis 2 siblings, 0 replies; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-25 10:23 UTC (permalink / raw) To: help-gnu-emacs Yuri Khan wrote: > A 20-letter password contains about 120 bits of information. Okay, so what's the other 40? -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-25 9:40 ` Yuri Khan 2021-10-25 10:23 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-25 12:41 ` Jean Louis 2021-10-25 19:22 ` Jean Louis 2 siblings, 0 replies; 127+ messages in thread From: Jean Louis @ 2021-10-25 12:41 UTC (permalink / raw) To: Yuri Khan; +Cc: help-gnu-emacs * Yuri Khan <yuri.v.khan@gmail.com> [2021-10-25 12:42]: > On Mon, 25 Oct 2021 at 12:55, Jean Louis <bugs@gnu.support> wrote: > > > In science, if there is "security implication" then it has to be > > proven. That is why breaking crypto requires a proof which is usually > > program or exploit that breaks it, not just a theoretical statement. > > In crypto science, an algorithm is considered compromised, for > example, if it was previously thought to require a brute force search > of 2^128 to break, and later shown to be breakable in 2^64 attempts. > > A 20-letter password contains about 120 bits of information. A user > who requests generation of such a password reasonably expects that the > attacker would have to bruteforce 2^120 possibilities. However, your > generation algorithm uses only 48 bits of entropy, so the attacker > only has to search through 2^48 possible seeds, and maybe 2^5 > different generated password lengths, and breaks the password in 2^53 > attempts, or 2^67 ≈ 1.5*10^20 times faster than expected. That is why I said, if it is "so the attacker only has to search through 2^48 possible seeds" then please demonstrate it, search it and prove what would be the next char in this password. I think 50 chars will give you enough playground to find the seeds. (rcd-password 50) ⇒ "YQAguCWdKEiR%OiEyjuKHcttCvyVOEt}pwG5HJoUirOdA6RBOa" Once you find first seed, let me know, that I can pay the pizza for you Yuri. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-25 9:40 ` Yuri Khan 2021-10-25 10:23 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-25 12:41 ` Jean Louis @ 2021-10-25 19:22 ` Jean Louis 2021-10-25 19:46 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-25 19:56 ` Yuri Khan 2 siblings, 2 replies; 127+ messages in thread From: Jean Louis @ 2021-10-25 19:22 UTC (permalink / raw) To: Yuri Khan; +Cc: help-gnu-emacs Yuri and Michael H., you are very right, too simple password generation without enough entropy produces duplicate passwords. The way to go is to create some entropy. Reading /dev/urandom is not a portable solution. At this moment I would not know if it works on DragonflyBSD which I use on some computers, I will check later. But that does not mean that anybody may guess the password produced on this computer. If somebody knows how to read slice of a file like /dev/urandom, let me know, otherwise I have to use external command. (defun rcd-read-urandom (&optional length) "I am also free to modify the Emacs Lisp unlimited times." (shell-command-to-string "head -n 1 /dev/urandom")) (defun rcd-password-generate-1 (string) "Return capitalized or downcased single symbol from a string" (random (format "%s" (rcd-read-urandom))) (let* ((max (length string)) (rnd (random max)) (single (substring string rnd (+ rnd 1)))) single)) (rcd-password) ⇒ "5l}tAl9hvk^ofQkqbSWh" --- I am now more random... -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-25 19:22 ` Jean Louis @ 2021-10-25 19:46 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-25 19:52 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-25 20:00 ` Jean Louis 2021-10-25 19:56 ` Yuri Khan 1 sibling, 2 replies; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-25 19:46 UTC (permalink / raw) To: help-gnu-emacs Jean Louis wrote: > (defun rcd-read-urandom (&optional length) > "I am also free to modify the Emacs Lisp unlimited times." > (shell-command-to-string "head -n 1 /dev/urandom")) So you had one as well ... Check how head does it then ... that's how to get aHEAD in software piracy ... (defun urandom (bits) (interactive "nbits: ") (let*((bytes (/ bits 8)) (bytes-opt (format "--bytes=%s" bytes)) ) (with-temp-buffer (set-buffer-multibyte nil) (call-process "head" "/dev/urandom" t nil bytes-opt) (string-to-list (buffer-substring-no-properties (point-min) (point-max)) )))) ;; (urandom 100) -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-25 19:46 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-25 19:52 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-25 19:56 ` About randomity, entropy, random passwords - was " Jean Louis 2021-10-25 20:00 ` Jean Louis 1 sibling, 1 reply; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-25 19:52 UTC (permalink / raw) To: help-gnu-emacs Emanuel Berg via Users list for the GNU Emacs text editor wrote: >> (defun rcd-read-urandom (&optional length) >> "I am also free to modify the Emacs Lisp unlimited times." >> (shell-command-to-string "head -n 1 /dev/urandom")) > > So you had one as well ... > > Check how head does it then ... that's how to get aHEAD in > software piracy ... Wait ... didn't we see it with pwgen? You need to write a dynamic module, in C for this. /dev/random isn't a regular file ... no can do. -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* About randomity, entropy, random passwords - was Re: Noob dumb question (extending emacs) 2021-10-25 19:52 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-25 19:56 ` Jean Louis 2021-10-25 20:29 ` Emanuel Berg via Users list for the GNU Emacs text editor 0 siblings, 1 reply; 127+ messages in thread From: Jean Louis @ 2021-10-25 19:56 UTC (permalink / raw) To: help-gnu-emacs * Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-25 22:53]: > Emanuel Berg via Users list for the GNU Emacs text editor wrote: > > >> (defun rcd-read-urandom (&optional length) > >> "I am also free to modify the Emacs Lisp unlimited times." > >> (shell-command-to-string "head -n 1 /dev/urandom")) > > > > So you had one as well ... > > Check how head does it then ... that's how to get aHEAD in > > software piracy ... > > Wait ... didn't we see it with pwgen? > > You need to write a dynamic module, in C for this. > > /dev/random isn't a regular file ... no can do. I was just testing it, I did not use /dev/urandm ever. It can be done, but that is slow and not portable. This seem to work blazing fast and is portable enough, I expect it to work on any GNU Emacs version. (defun rcd-random-md5-string () (md5 (concat (emacs-uptime) (format-time-string "%N %6N %3N")))) (rcd-random-md5-string) ⇒ "5ae0b5bd4f7bd84a877062b104a8f77f" -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: About randomity, entropy, random passwords - was Re: Noob dumb question (extending emacs) 2021-10-25 19:56 ` About randomity, entropy, random passwords - was " Jean Louis @ 2021-10-25 20:29 ` Emanuel Berg via Users list for the GNU Emacs text editor 0 siblings, 0 replies; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-25 20:29 UTC (permalink / raw) To: help-gnu-emacs Jean Louis wrote: > I was just testing it, I did not use /dev/urandm ever. > It can be done, but that is slow and not portable. It is about being and beating the best, I don't care what other people use. Besides what you say isn't true. A C solution that reads from a regular or nonregular file on a Unix system is portable enough, few things are that portable in the computing world. > This seem to work blazing fast and is portable enough [...] ... I'm done. -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-25 19:46 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-25 19:52 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-25 20:00 ` Jean Louis 1 sibling, 0 replies; 127+ messages in thread From: Jean Louis @ 2021-10-25 20:00 UTC (permalink / raw) To: help-gnu-emacs * Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-25 22:48]: > Jean Louis wrote: > > > (defun rcd-read-urandom (&optional length) > > "I am also free to modify the Emacs Lisp unlimited times." > > (shell-command-to-string "head -n 1 /dev/urandom")) > > So you had one as well ... > > Check how head does it then ... that's how to get aHEAD in > software piracy ... > > (defun urandom (bits) > (interactive "nbits: ") > (let*((bytes (/ bits 8)) > (bytes-opt (format "--bytes=%s" bytes)) ) > (with-temp-buffer > (set-buffer-multibyte nil) > (call-process "head" "/dev/urandom" t nil bytes-opt) > (string-to-list > (buffer-substring-no-properties (point-min) (point-max)) )))) > ;; (urandom 100) Really great, though complicated. I expect in future to run only GNU Emacs on computer, so external commands I wish to eradicate. I think that description of nano, micro and milliseconds from `format-time-string' plus Emcas uptime, create enough randomity for my needs. %N is the nanosecond, %6N the microsecond, %3N the millisecond, etc. (md5 (concat (emacs-uptime) (format-time-string "%N %6N %3N"))) ⇒ "ed542b20ba78029ceda9a3a3824e7154" With or without md5 is enough random. Can anybody predict my Emacs uptime concatenated with the current nanoseconds, microseconds and milliseconds? -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-25 19:22 ` Jean Louis 2021-10-25 19:46 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-25 19:56 ` Yuri Khan 2021-10-25 20:24 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-25 20:29 ` About randomity, entropy, random passwords - was " Jean Louis 1 sibling, 2 replies; 127+ messages in thread From: Yuri Khan @ 2021-10-25 19:56 UTC (permalink / raw) To: Yuri Khan, help-gnu-emacs On Tue, 26 Oct 2021 at 02:25, Jean Louis <bugs@gnu.support> wrote: > Yuri and Michael H., you are very right, too simple password > generation without enough entropy produces duplicate passwords. What tipped you to this conclusion? Still wrong! > (defun rcd-read-urandom (&optional length) > "I am also free to modify the Emacs Lisp unlimited times." > (shell-command-to-string "head -n 1 /dev/urandom")) Here you read the first newline-delimited line of /dev/urandom, which may be a lot. If you have to use ‘head’, use it with -c and give a byte count. > (defun rcd-password-generate-1 (string) > "Return capitalized or downcased single symbol from a string" > (random (format "%s" (rcd-read-urandom))) Here you seed the Emacs random generator with the entropy. However, the Emacs random generator can only use 48 bits of entropy in the best case, so it grabs exactly that and drops the remainder on the floor. > (let* ((max (length string)) > (rnd (random max)) > (single (substring string rnd (+ rnd 1)))) > single)) Then you proceed to generate a random password using the seeded pseudo-random generator. Which is a step up from an unseeded pseudo-random generator (you could generate a series of passwords from a single seed, making it easier for the attacker who knows one to guess others) but still not as random as you would get by just converting raw entropy into printable characters. ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-25 19:56 ` Yuri Khan @ 2021-10-25 20:24 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-25 20:34 ` Jean Louis 2021-10-25 20:29 ` About randomity, entropy, random passwords - was " Jean Louis 1 sibling, 1 reply; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-25 20:24 UTC (permalink / raw) To: help-gnu-emacs Yuri Khan wrote: > Then you proceed to generate a random password using the > seeded pseudo-random generator. Which is a step up from an > unseeded pseudo-random generator (you could generate > a series of passwords from a single seed, making it easier > for the attacker who knows one to guess others) but still > not as random as you would get by just converting raw > entropy into printable characters. Here: - get industrial strength random numbers from /dev/urandom - get the tools up-to-date to support it - use it for passwords and other purposes -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-25 20:24 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-25 20:34 ` Jean Louis 0 siblings, 0 replies; 127+ messages in thread From: Jean Louis @ 2021-10-25 20:34 UTC (permalink / raw) To: help-gnu-emacs * Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-25 23:26]: > Yuri Khan wrote: > > > Then you proceed to generate a random password using the > > seeded pseudo-random generator. Which is a step up from an > > unseeded pseudo-random generator (you could generate > > a series of passwords from a single seed, making it easier > > for the attacker who knows one to guess others) but still > > not as random as you would get by just converting raw > > entropy into printable characters. > > Here: > > - get industrial strength random numbers from /dev/urandom Sorry -- do you want to undermine my `rcd-password' function as not to be of industrial strength? Please... I am using it in the industry. ;-p -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* About randomity, entropy, random passwords - was Re: Noob dumb question (extending emacs) 2021-10-25 19:56 ` Yuri Khan 2021-10-25 20:24 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-25 20:29 ` Jean Louis 1 sibling, 0 replies; 127+ messages in thread From: Jean Louis @ 2021-10-25 20:29 UTC (permalink / raw) To: Yuri Khan; +Cc: help-gnu-emacs * Yuri Khan <yuri.v.khan@gmail.com> [2021-10-25 23:12]: > On Tue, 26 Oct 2021 at 02:25, Jean Louis <bugs@gnu.support> wrote: > > > Yuri and Michael H., you are very right, too simple password > > generation without enough entropy produces duplicate passwords. > > What tipped you to this conclusion? I did the `dotimes' and found same passwords without goods seed. Then I have improved the seed. > Still wrong! You still cannot guess the next password coming... with or without good seed. But your tips did make it more random on my side. ;-p > > (defun rcd-read-urandom (&optional length) > > "I am also free to modify the Emacs Lisp unlimited times." > > (shell-command-to-string "head -n 1 /dev/urandom")) > > Here you read the first newline-delimited line of /dev/urandom, which > may be a lot. If you have to use ‘head’, use it with -c and give a > byte count. That one I forgot the same time I wrote it, it was just thinking. I don't like external commands. > > (defun rcd-password-generate-1 (string) > > "Return capitalized or downcased single symbol from a string" > > (random (format "%s" (rcd-read-urandom))) > > Here you seed the Emacs random generator with the entropy. However, > the Emacs random generator can only use 48 bits of entropy in the best > case, so it grabs exactly that and drops the remainder on the floor. It may be, I dropped that one. > > (let* ((max (length string)) > > (rnd (random max)) > > (single (substring string rnd (+ rnd 1)))) > > single)) > > Then you proceed to generate a random password using the seeded > pseudo-random generator. Which is a step up from an unseeded > pseudo-random generator (you could generate a series of passwords from > a single seed, making it easier for the attacker who knows one to > guess others) but still not as random as you would get by just > converting raw entropy into printable characters. I'll stick to random Emacs uptime concatenated to microseconds, nanoseconds and milliseconds. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-25 5:47 ` Jean Louis 2021-10-25 9:40 ` Yuri Khan @ 2021-10-28 20:39 ` Emanuel Berg via Users list for the GNU Emacs text editor 1 sibling, 0 replies; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-28 20:39 UTC (permalink / raw) To: help-gnu-emacs Jean Louis wrote: >> Yes, commands that are run very often and have no security >> implications one can maybe be cool with a downgrade for >> that reason, but commands that are used seldom and have >> security implications, nope, that should be at the level of >> the CLI alternative _or_ one should simply use the >> CLI alternative. > > In science, if there is "security implication" then it has > to be proven. Well, this is gmane.emacs.help. And you don't have to prove everything (obvious things) in science. > That is why breaking crypto requires a proof which is > usually program or exploit that breaks it, not just > a theoretical statement. OK, if you say so, but in general theoretical (or formal) proofs rank much higher than "try and see" experiments which only show that the observed outcome is one possibility. Often if something is possible that is well-known since it has been tested on the field, for fun or pleasure, long before it reaches the world of PhD students ... > It is not reasonable within Emacs environment and especially > on this mailing list to keep recommending general > CLI alternatives. It is, if there is no alternative in Emacs that is at the same level. > What about cp, mv, we use it in Dired, should we start now > recommending using external "cp" instead of Dired one? Indeed, if the Dired ones are worse than the shell tools in areas that are critical. > I will use Emacs Lisp interface to external commands in > cases where it is for some reason not possible to get > equivalent speed and functionality from within Emacs. I think it is possible but as long as no one does it doesn't matter what anyone thinks. But if head(1) and pwgen(1) can do it from C Emacs should be able to do it from C as well (built-in, a so-called Lisp primitive), or from a dynamic module, also in C ... -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-22 18:50 ` Yuri Khan 2021-10-22 19:29 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-22 21:22 ` Jean Louis @ 2021-10-23 8:41 ` Michael Heerdegen 2021-10-23 10:16 ` Yuri Khan 2021-10-23 18:17 ` Emanuel Berg via Users list for the GNU Emacs text editor 2 siblings, 2 replies; 127+ messages in thread From: Michael Heerdegen @ 2021-10-23 8:41 UTC (permalink / raw) To: help-gnu-emacs Yuri Khan <yuri.v.khan@gmail.com> writes: > A deterministic computer program cannot generate true random numbers. > For most purposes, “pseudo-random numbers” suffice. > > Spoiler: secure password generation is not one of those purposes. If you use Emacs' `random' to generate a password, an attacker would need to have access to your system to predict the result. He would at least have to know exactly when you started your Emacs session (that time is used to generate the seed). Or he would need much more pseudo-random numbers from you. Without any of these, no chance to guess, because there are too many possible pseudo-random numbers when you don't know at which position in the sequence the generator started. But if the attacker already has access to your session, he can just steal the password out of your Emacs session or system clipboard or take a screenshot or whatever. So I don't see a problem here. Or am I missing something? Michael. ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-23 8:41 ` Michael Heerdegen @ 2021-10-23 10:16 ` Yuri Khan 2021-10-23 10:46 ` Michael Heerdegen ` (3 more replies) 2021-10-23 18:17 ` Emanuel Berg via Users list for the GNU Emacs text editor 1 sibling, 4 replies; 127+ messages in thread From: Yuri Khan @ 2021-10-23 10:16 UTC (permalink / raw) To: Michael Heerdegen; +Cc: help-gnu-emacs On Sat, 23 Oct 2021 at 15:41, Michael Heerdegen <michael_heerdegen@web.de> wrote: > > Spoiler: secure password generation is not one of those purposes. > > If you use Emacs' `random' to generate a password, an attacker would > need to have access to your system to predict the result. He would at > least have to know exactly when you started your Emacs session (that > time is used to generate the seed). Or he would need much more > pseudo-random numbers from you. > > Without any of these, no chance to guess, because there are too many > possible pseudo-random numbers when you don't know at which position in > the sequence the generator started. The position in the sequence, aka the random seed, contains a certain number of bits. In Emacs, as far as I can tell, best case, the random seed is 48 bits. Which means, no matter how long a password you (the user) generate, it still contains only 48 bits of entropy. Whereas with ‘pwgen’ you get more entropy as you generate a longer password. An attacker might have access to one or more passwords you generate before and/or after the password the attacker is interested in, e.g. by being one of the entities you have an account with, or by possessing a leaked database of user information from a compromised service. (It is also customary, when discussing security, to assume the attacker knows exactly the algorithms you use.) It is okay to generate your own passwords using a weak generator if you are aware of that and deem the risk insignificant. It is okay to offer a library for password generation using a weak generator to other people, as long as they are aware and deem the risk insignificant. It is *not* okay to offer a library for password generation using a weak generator to other people without explaining its entropy characteristics so that they could assess their risk. ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-23 10:16 ` Yuri Khan @ 2021-10-23 10:46 ` Michael Heerdegen 2021-10-23 18:27 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-23 12:54 ` Michael Heerdegen ` (2 subsequent siblings) 3 siblings, 1 reply; 127+ messages in thread From: Michael Heerdegen @ 2021-10-23 10:46 UTC (permalink / raw) To: help-gnu-emacs Yuri Khan <yuri.v.khan@gmail.com> writes: > The position in the sequence, aka the random seed, contains a certain > number of bits. In Emacs, as far as I can tell, best case, the random > seed is 48 bits. That would be 281.474.976.710.656 or 2.8*10^15. I guess this is still quite hard to handle? At least if you use additional salting. Ok, but I see that this entropy is just enough for a random password of a length of 8 or 9, depending on the character range used, so it's edgy. Just curious btw, I haven't followed this thread closely, especially did I not follow who offered what code to whom. Michael. ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-23 10:46 ` Michael Heerdegen @ 2021-10-23 18:27 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-24 8:16 ` Michael Heerdegen 0 siblings, 1 reply; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-23 18:27 UTC (permalink / raw) To: help-gnu-emacs Michael Heerdegen wrote: > That would be 281.474.976.710.656 or 2.8*10^15. I guess this > is still quite hard to handle? (defalias '** #'expt) (** 2 48) 281474976710656 (#o10000000000000000, #x1000000000000) > Ok, but I see that this entropy is just enough for a random > password of a length of 8 or 9, depending on the character > range used, so it's edgy. Cool, how did you compute that? -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-23 18:27 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-24 8:16 ` Michael Heerdegen 2021-10-28 2:24 ` Emanuel Berg via Users list for the GNU Emacs text editor 0 siblings, 1 reply; 127+ messages in thread From: Michael Heerdegen @ 2021-10-24 8:16 UTC (permalink / raw) To: help-gnu-emacs Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> writes: > Cool, how did you compute that? Not hard to do (unless I'm missing something): For which password length l exist approximately 2^48 different passwords using an alphabet of n characters? 2^48 = n^l 48 ln 2 = l ln n l = 48 ln 2 / (ln n) If you use lowercase and uppercase letters and, say, 8 other symbols, n=26*2+8=60 48 ln(2) l = -------- ~ 8.13. ln(60) That would mean that already for a length of 9 only a small fraction of passwords are computable. Michael. ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-24 8:16 ` Michael Heerdegen @ 2021-10-28 2:24 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-28 11:41 ` Michael Heerdegen 2021-11-05 18:59 ` Jean Louis 0 siblings, 2 replies; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-28 2:24 UTC (permalink / raw) To: help-gnu-emacs Michael Heerdegen wrote: > 48 ln(2) > l = -------- ~ 8.13. > ln(60) > > That would mean that already for a length of 9 only a small > fraction of passwords are computable. Okay, why do you say/how do you know that? -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-28 2:24 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-28 11:41 ` Michael Heerdegen 2021-10-28 12:07 ` tomas 2021-10-28 20:56 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-11-05 18:59 ` Jean Louis 1 sibling, 2 replies; 127+ messages in thread From: Michael Heerdegen @ 2021-10-28 11:41 UTC (permalink / raw) To: help-gnu-emacs Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> writes: > Michael Heerdegen wrote: > > > 48 ln(2) > > l = -------- ~ 8.13. > > ln(60) > > > > That would mean that already for a length of 9 only a small > > fraction of passwords are computable. > > Okay, why do you say/how do you know that? Anything besides used entropy is deterministic. If you initialize the seed with a certain entropy, it means that you randomly get one seed out of N possible (known) seeds. In our case N = 2^31 (or something like that). To understand the reasoning behind the following it can help to assume a small N, e.g. N=2, N=10 or N=100, and then think about what fundamentally changes if N is larger (actually nothing, you only need accordingly more tries to guess). This is all quite trivial, only the large numbers involved cloud a bit what is going on. Ok. Those possible seeds are known (computable) to everyone: You start with a random seed out of a public list of N seeds. With each of these seeds, `random' will generate one out of N possible predefined sequences of numbers. With the exception: If N is larger than the number of possible different results of `random' (a finite number of course), let's name it "M", then you must set N = M in the following considerations. So if you use a publicly known deterministic algorithm using `random', your algorithm will generate one out of N possible publicly known password sequences for each call. Security of these passwords stands and falls with the size of N: Say your algorithm calculates passwords using an alphabet consisting of a number b of letters, e.g. b=60 for small and capital letters plus some special characters. Then the entropy used is enough to generate pseudo-random passwords of a length l when b^l ~ N (where "~" means "is approximately"). Why? If l is smaller, b^l < N, your algorithm would often calculate the same password for different seeds, and you would waste a portion of the initial randomness (entropy). If l is larger, b^l > N, the passwords per se are stronger in theory but... that doesn't matter if you publish the algorithm that computed the passwords (or one can guess that algorithm). Then I still have to try only N passwords, not more than when a smaller password length is used. One could say that those longer passwords contain redundancy: a part of those password strings is determined by the rest of the password string and doesn't offer additional security. The situation would be similar to posting on your homepage: "Any of my accounts uses a password out of this list: { "nx4BgzrJmZq0+!YPp<O|]8k&Q"<M2-`<nSV#|CH-", "%d~8bqv1j^rl51\6(9#/d[!D91_X_H/=`|&S]|SQ", ":2A]sw=V;--q)RKLOIdoxd`9B+4#Q5[WY\8yFNl", "?ljGuo\-;VF"9;F$MgU~uP|Ztk$!!9kxAsv~,Lv?", ">%M\s=>!xHP9|EMEzR[&Wu&$,\]lS`fN1y:Bc!Ey", "igbf^Hlcxyg,A0MBa>d:!,}{x"j%?Qi^,P<YDP-|", "/iGww)fjE:*$:uv,$>)M=M?|UF2DZ4|>*Mx"&>(;!, "EzIRpdH|;R^1iTAG'*P5LdoJ5sS_Y2kN#S:{S_a\", "rLBtPlQ6Unml'5`+B*l^LA}8>/8C}=I)1(']Zqz+", "Zt.J$fP<$zU)^AH}<ymP-cNkwz%8#1=+A]<1XON!" } Those are all very strong passwords, and the method I use to choose one of them randomly is so clever and uses so much entropy that it's impossible to guess it. Try it, Mentalist!" But since all of those possible passwords are publicly known the situation is not better than using a random password out of {"0", "1",..., "9"}: not more secure than using random passwords of length 1 (even less). Or using the formula mentioned, ln(N) ln(10) ------ = -------- < 1. ln(b) ln(60) Now do the same consideration with a larger N. Whether your passwords are secure only depends on the real value of N. And it seems that in our case N is simply too small for good security. AFAIU the problem in Emacs is that the number of possible results of `random' (I called it M) is too small. If you initialize the random seed with an entropy N larger than M, there will be only M instead of N classes of different initializations of the random number generator: each class would consist of approximately N/M different seeds which initialize the random generator with exactly the same state. If you initialize the seed using large strings for example, this would be comparable to using only the first three characters of these strings carrying high entropy to initialize the random number generator. It would not be, in any way, better than using only three character long strings carrying very small entropy. Michael. ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-28 11:41 ` Michael Heerdegen @ 2021-10-28 12:07 ` tomas 2021-10-28 20:56 ` Emanuel Berg via Users list for the GNU Emacs text editor 1 sibling, 0 replies; 127+ messages in thread From: tomas @ 2021-10-28 12:07 UTC (permalink / raw) To: help-gnu-emacs [-- Attachment #1: Type: text/plain, Size: 533 bytes --] On Thu, Oct 28, 2021 at 01:41:23PM +0200, Michael Heerdegen wrote: [...] > Anything besides used entropy is deterministic. [...] Thanks for this nice explanation. As for how those things are exploited in practice (you really don't want to run all M for each possible seed time and again, esp. when M is large), see rainbow tables [1]. There are programs using this (cf, for example, Debian package ophcrack). So all of this is far from "just a theoretical thing". Cheers [1] https://en.wikipedia.org/wiki/Rainbow_tables - t [-- Attachment #2: Digital signature --] [-- Type: application/pgp-signature, Size: 198 bytes --] ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-28 11:41 ` Michael Heerdegen 2021-10-28 12:07 ` tomas @ 2021-10-28 20:56 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-28 22:54 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-31 20:42 ` Michael Heerdegen 1 sibling, 2 replies; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-28 20:56 UTC (permalink / raw) To: help-gnu-emacs Michael Heerdegen wrote: >>> 48 ln(2) >>> l = -------- ~ 8.13. >>> ln(60) >>> >>> That would mean that already for a length of 9 only a small >>> fraction of passwords are computable. >> >> Okay, why do you say/how do you know that? > > Anything besides used entropy is deterministic. > > If you initialize the seed with a certain entropy, it means > that you randomly get one seed out of N possible (known) > seeds. In our case N = 2^31 (or something like that). > > To understand the reasoning behind the following it can help > to assume a small N, e.g. N=2, N=10 or N=100, and then think > about what fundamentally changes if N is larger (actually > nothing, you only need accordingly more tries to guess). > This is all quite trivial, only the large numbers involved > cloud a bit what is going on. > > Ok. Those possible seeds are known (computable) to everyone: > You start with a random seed out of a public list of > N seeds. > > With each of these seeds, `random' will generate one out of > N possible predefined sequences of numbers. With the > exception: If N is larger than the number of possible > different results of `random' (a finite number of course), > let's name it "M", then you must set N = M in the > following considerations. > > So if you use a publicly known deterministic algorithm using > `random', your algorithm will generate one out of N possible > publicly known password sequences for each call. > > Security of these passwords stands and falls with the size > of N: > > Say your algorithm calculates passwords using an alphabet > consisting of a number b of letters, e.g. b=60 for small and > capital letters plus some special characters. Then the > entropy used is enough to generate pseudo-random passwords > of a length l when b^l ~ N (where "~" means "is > approximately"). > > Why? If l is smaller, b^l < N, your algorithm would often > calculate the same password for different seeds, and you > would waste a portion of the initial randomness (entropy). > > If l is larger, b^l > N, the passwords per se are stronger > in theory but... that doesn't matter if you publish the > algorithm that computed the passwords (or one can guess that > algorithm). Then I still have to try only N passwords, not > more than when a smaller password length is used. One could > say that those longer passwords contain redundancy: a part > of those password strings is determined by the rest of the > password string and doesn't offer additional security. > > The situation would be similar to posting on your homepage: > > "Any of my accounts uses a password out of this list: > > { "nx4BgzrJmZq0+!YPp<O|]8k&Q"<M2-`<nSV#|CH-", > "%d~8bqv1j^rl51\6(9#/d[!D91_X_H/=`|&S]|SQ", > ":2A]sw=V;--q)RKLOIdoxd`9B+4#Q5[WY\8yFNl", > "?ljGuo\-;VF"9;F$MgU~uP|Ztk$!!9kxAsv~,Lv?", > ">%M\s=>!xHP9|EMEzR[&Wu&$,\]lS`fN1y:Bc!Ey", > "igbf^Hlcxyg,A0MBa>d:!,}{x"j%?Qi^,P<YDP-|", > "/iGww)fjE:*$:uv,$>)M=M?|UF2DZ4|>*Mx"&>(;!, > "EzIRpdH|;R^1iTAG'*P5LdoJ5sS_Y2kN#S:{S_a\", > "rLBtPlQ6Unml'5`+B*l^LA}8>/8C}=I)1(']Zqz+", > "Zt.J$fP<$zU)^AH}<ymP-cNkwz%8#1=+A]<1XON!" } > > Those are all very strong passwords, and the method I use > to choose one of them randomly is so clever and uses so > much entropy that it's impossible to guess it. > Try it, Mentalist!" > > But since all of those possible passwords are publicly known > the situation is not better than using a random password out > of {"0", "1",..., "9"}: not more secure than using random > passwords of length 1 (even less). > > Or using the formula mentioned, > > ln(N) ln(10) > ------ = -------- < 1. > ln(b) ln(60) I don't think I saw that, what does it say? I've seen the first one, this 48 bits, alphabet length n, password length l 2^48 = n^l <=> 48*ln(2) = l*ln(n) <=> l = 48*ln(2)/ln(n) which in Elisp is (defun epwgen-space-size-2 (bits abc-len) (/ (* bits (log 2)) (log abc-len) )) ;; (epwgen-space-size-2 48 60) ; 8.13 Are you saying, that it is saying, "with 48 bits passwords longer than 8.13 chars don't make it more secure"? -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-28 20:56 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-28 22:54 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-31 20:46 ` Michael Heerdegen 2021-10-31 20:42 ` Michael Heerdegen 1 sibling, 1 reply; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-28 22:54 UTC (permalink / raw) To: help-gnu-emacs See below, if we remain at 48 bits of entropy, but instead of 60 have an alphabet of only 3 chars, the password length rises from 8.13 chars to 30.28 ... Does this tell us that it is equally difficult to randomly guess the both passwords from the two different configuration at these lengths, or what does it tell us? What does "48 bits of entropy" mean BTW? ;;; 48 bits, alphabet length n, password length l ;;; 2^48 = n^l <=> ;;; 48*ln(2) = l*ln(n) <=> ;;; l = 48*ln(2)/ln(n) (defun epwgen-password-length (bits abc) (let ((abc-len (if (numberp abc) abc (when (listp abc) (length abc) )))) (when abc-len (/ (* bits (log 2)) (log abc-len)) ))) ;; (epwgen-password-length 48 60) ; 8.13 ;; (epwgen-password-length 48 '(a b c)) ; 30.28 -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-28 22:54 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-31 20:46 ` Michael Heerdegen 2021-11-01 2:09 ` Emanuel Berg via Users list for the GNU Emacs text editor 0 siblings, 1 reply; 127+ messages in thread From: Michael Heerdegen @ 2021-10-31 20:46 UTC (permalink / raw) To: help-gnu-emacs Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> writes: > See below, if we remain at 48 bits of entropy, but instead of > 60 have an alphabet of only 3 chars, the password length rises > from 8.13 chars to 30.28 ... > > Does this tell us that it is equally difficult to randomly > guess the both passwords from the two different configuration > at these lengths, or what does it tell us? If your calculation is correct, then yes, sure (if it's clear to the attacker what exact alphabet you used). As I said, it's just counting. > What does "48 bits of entropy" mean BTW? Did you have a look at the wikipedia article? Michael. ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-31 20:46 ` Michael Heerdegen @ 2021-11-01 2:09 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-11-01 19:38 ` Michael Heerdegen 2021-11-05 19:03 ` Jean Louis 0 siblings, 2 replies; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-11-01 2:09 UTC (permalink / raw) To: help-gnu-emacs Michael Heerdegen wrote: >> See below, if we remain at 48 bits of entropy, but instead >> of 60 have an alphabet of only 3 chars, the password length >> rises from 8.13 chars to 30.28 ... >> >> Does this tell us that it is equally difficult to randomly >> guess the both passwords from the two different >> configuration at these lengths, or what does it tell us? > > If your calculation is correct, then yes, sure (if it's > clear to the attacker what exact alphabet you used). > As I said, it's just counting. What do you mean by that, do you mean it doesn't say anything, it is just the relationship between these three things? If so, that's good enough for me, but then what does "password length" mean? If "sex", "love" and "god" are passwords of length 3, 4 and 3 respectively, I understand that, but what password length are we talking about when we are just counting? ;;; -*- lexical-binding: t -*- ;;; ;;; this file: ;;; https://dataswamp.org/~incal/emacs-init/epwgen.el ;;; ;;; 48 bits, alphabet length n, password length l ;;; 2^48 = n^l <=> ;;; 48*ln(2) = l*ln(n) <=> ;;; l = 48*ln(2)/ln(n) (defun epwgen-password-length (bits abc) (let ((abc-len (if (numberp abc) abc (when (listp abc) (length abc) )))) (when abc-len (/ (* bits (log 2)) (log abc-len)) ))) ;; (epwgen-password-length 48 60) ; 8.13 ;; (epwgen-password-length 48 '(a b c)) ; 30.28 (defun urandom (bits) (interactive "nbits: ") (let*((bytes (/ bits 8)) (bytes-opt (format "--bytes=%s" bytes)) ) (with-temp-buffer (set-buffer-multibyte nil) (call-process "head" "/dev/urandom" t nil bytes-opt) (string-to-list (buffer-substring-no-properties (point-min) (point-max)) )))) ;; (urandom 100) (provide 'epwgen) -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-11-01 2:09 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-11-01 19:38 ` Michael Heerdegen 2021-11-03 1:06 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-11-05 19:03 ` Jean Louis 1 sibling, 1 reply; 127+ messages in thread From: Michael Heerdegen @ 2021-11-01 19:38 UTC (permalink / raw) To: help-gnu-emacs Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> writes: > What do you mean by that, do you mean it doesn't say anything, > it is just the relationship between these three things? > > If so, that's good enough for me, but then what does "password > length" mean? If "sex", "love" and "god" are passwords of > length 3, 4 and 3 respectively, I understand that, but what > password length are we talking about when we are > just counting? I don't understand the question. The password length is the length of the string that is used as a password. The number of characters of the string. I never meant something different. Michael. ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-11-01 19:38 ` Michael Heerdegen @ 2021-11-03 1:06 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-11-03 21:24 ` Michael Heerdegen 0 siblings, 1 reply; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-11-03 1:06 UTC (permalink / raw) To: help-gnu-emacs Michael Heerdegen wrote: >> What do you mean by that, do you mean it doesn't say >> anything, it is just the relationship between these >> three things? >> >> If so, that's good enough for me, but then what does >> "password length" mean? If "sex", "love" and "god" are >> passwords of length 3, 4 and 3 respectively, I understand >> that, but what password length are we talking about when we >> are just counting? > > I don't understand the question. The password length is the > length of the string that is used as a password. The number > of characters of the string. I never meant > something different. What does that formula communicate? The password length is a function of the number of bits of entropy and the alphabet size? What password is that? A password of just that length? ... ??? And say that the alphabet is A = {a, b, c} then |A| = 3, the entropy bits is decided by /dev/urandom, so that doesn't change either, how can the formula hold for passwords of different lengths from that alphabet, e.g. "a" (length 1), "aa" (2), "abc" (3), and so on? -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-11-03 1:06 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-11-03 21:24 ` Michael Heerdegen 2021-11-03 22:16 ` Emanuel Berg via Users list for the GNU Emacs text editor 0 siblings, 1 reply; 127+ messages in thread From: Michael Heerdegen @ 2021-11-03 21:24 UTC (permalink / raw) To: help-gnu-emacs Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> writes: > What does that formula communicate? For given entropy N, a given number, it returns for what word length there are approximately N different (pass)words. > The password length is a function of the number of bits of > entropy and the alphabet size? What password is that? > A password of just that length? ... ??? The functions counts words, all possible (pass)words, no password in particular. > And say that the alphabet is A = {a, b, c} then |A| = 3, the > entropy bits is decided by /dev/urandom, so that doesn't > change either, how can the formula hold for passwords of > different lengths from that alphabet, e.g. "a" (length 1), > "aa" (2), "abc" (3), and so on? The formula returns a length. So the question doesn't make much sense to me. Unless you ask why I don't say "maximum password length" and don't include smaller passwords in the count. That would not significantly change the result though. If these were not the answers you expect I think we are somehow miscommunicating or I just don't express myself very well. All I did was counting how many different words of a given length exist for a fixed alphabet. Or did you not understand why that matters here? Michael. ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-11-03 21:24 ` Michael Heerdegen @ 2021-11-03 22:16 ` Emanuel Berg via Users list for the GNU Emacs text editor 0 siblings, 0 replies; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-11-03 22:16 UTC (permalink / raw) To: help-gnu-emacs Michael Heerdegen wrote: >> What does that formula communicate? > > For given entropy N, a given number, it returns for what > word length there are approximately N different (pass)words. Okay, so for entropy 10 and S = {a, b} the passwords have to have length 10 for there to be 10 different passwords: (epwgen-password-length 10 '(a b)) ; 10.0 What about length 4? aaaa aaab aaba ... bbbb or 2^4 = 16 passwords? (expt 2 4) ; 16 (expt 2 10) ; 1024 ? Only the first 10 are random? But none of them are ... they are a function of the alphabet length and the password length, as we see above. ;;; -*- lexical-binding: t -*- ;;; ;;; this file: ;;; https://dataswamp.org/~incal/emacs-init/epwgen.el ;;; ;;; 48 bits, alphabet length n, password length l ;;; 2^48 = n^l <=> ;;; 48*ln(2) = l*ln(n) <=> ;;; l = 48*ln(2)/ln(n) (defun epwgen-password-length (bits abc) (let ((abc-len (if (numberp abc) abc (when (listp abc) (length abc) )))) (when abc-len (/ (* bits (log 2)) (log abc-len)) ))) ;; (epwgen-password-length 48 60) ; 8.1 ;; (epwgen-password-length 48 '(a b c)) ; 30.3 ;; (epwgen-password-length 10 '(a b)) ; 10.0 (defun urandom (bits) (interactive "nbits: ") (let*((bytes (/ bits 8)) (bytes-opt (format "--bytes=%s" bytes)) ) (with-temp-buffer (set-buffer-multibyte nil) (call-process "head" "/dev/urandom" t nil bytes-opt) (string-to-list (buffer-substring-no-properties (point-min) (point-max)) )))) ;; (urandom 100) (provide 'epwgen) -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-11-01 2:09 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-11-01 19:38 ` Michael Heerdegen @ 2021-11-05 19:03 ` Jean Louis 2021-11-05 21:50 ` Emanuel Berg via Users list for the GNU Emacs text editor 1 sibling, 1 reply; 127+ messages in thread From: Jean Louis @ 2021-11-05 19:03 UTC (permalink / raw) To: help-gnu-emacs * Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-11-01 05:11]: > (defun urandom (bits) > (interactive "nbits: ") > (let*((bytes (/ bits 8)) > (bytes-opt (format "--bytes=%s" bytes)) ) > (with-temp-buffer > (set-buffer-multibyte nil) > (call-process "head" "/dev/urandom" t nil bytes-opt) > (string-to-list > (buffer-substring-no-properties (point-min) (point-max)) )))) > ;; (urandom 100) I think the above is not portable. And finally, if you use external program, then you could call `pwgen' directly. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-11-05 19:03 ` Jean Louis @ 2021-11-05 21:50 ` Emanuel Berg via Users list for the GNU Emacs text editor 0 siblings, 0 replies; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-11-05 21:50 UTC (permalink / raw) To: help-gnu-emacs Jean Louis wrote: >> (defun urandom (bits) >> (interactive "nbits: ") >> (let*((bytes (/ bits 8)) >> (bytes-opt (format "--bytes=%s" bytes)) ) >> (with-temp-buffer >> (set-buffer-multibyte nil) >> (call-process "head" "/dev/urandom" t nil bytes-opt) >> (string-to-list >> (buffer-substring-no-properties (point-min) (point-max)) )))) >> ;; (urandom 100) > > I think the above is not portable. It uses Emacs, head(1) and the, as we have seen, non-regular /dev/urandom file ... > And finally, if you use external program, then you could > call `pwgen' directly. Well, that code is focused on extracting data from /dev/urandom ... But yes, if you want to use pwgen(1), you are encouraged to do just that - and if you choose not to do that, beware that any inferior solution - portable or not portable (whatever that means BTW) external program or not - regardless of whatever, that doesn't matter, because if pwgen is superior for its particular purpose then pwgen will still be superior. And I think that's where it stands now. But cheer up Jean, a silver medal at the Olympics isn't that bad! -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-28 20:56 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-28 22:54 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-31 20:42 ` Michael Heerdegen 1 sibling, 0 replies; 127+ messages in thread From: Michael Heerdegen @ 2021-10-31 20:42 UTC (permalink / raw) To: help-gnu-emacs Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> writes: > > Or using the formula mentioned, > > > > ln(N) ln(10) > > ------ = -------- < 1. > > ln(b) ln(60) > > I don't think I saw that, what does it say? It's really only just counting. The "10" above is the same as the 2^48 below - the total number of different passwords. > I've seen the first one, this > > 48 bits, alphabet length n, password length l > 2^48 = n^l <=> > 48*ln(2) = l*ln(n) <=> > l = 48*ln(2)/ln(n) > > which in Elisp is > > (defun epwgen-space-size-2 (bits abc-len) > (/ (* bits (log 2)) (log abc-len) )) > > ;; (epwgen-space-size-2 48 60) ; 8.13 > > Are you saying, that it is saying, "with 48 bits passwords > longer than 8.13 chars don't make it more secure"? For brute force attacks and when you know how the passwords are generated, then yes. If you don't publish your algorithm then passwords are good enough (unless for some reason one can guess or reconstruct the algorithm). Michael. ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-28 2:24 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-28 11:41 ` Michael Heerdegen @ 2021-11-05 18:59 ` Jean Louis 1 sibling, 0 replies; 127+ messages in thread From: Jean Louis @ 2021-11-05 18:59 UTC (permalink / raw) To: help-gnu-emacs * Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-28 05:26]: > Michael Heerdegen wrote: > > > 48 ln(2) > > l = -------- ~ 8.13. > > ln(60) > > > > That would mean that already for a length of 9 only a small > > fraction of passwords are computable. > > Okay, why do you say/how do you know that? Programmers can make the algorithm that makes new random seed each time and increases the difficulties to compute whatever was meant with it. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-23 10:16 ` Yuri Khan 2021-10-23 10:46 ` Michael Heerdegen @ 2021-10-23 12:54 ` Michael Heerdegen 2021-10-23 13:07 ` Yuri Khan 2021-10-23 18:22 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-24 6:43 ` Jean Louis 3 siblings, 1 reply; 127+ messages in thread From: Michael Heerdegen @ 2021-10-23 12:54 UTC (permalink / raw) To: help-gnu-emacs Yuri Khan <yuri.v.khan@gmail.com> writes: > The position in the sequence, aka the random seed, contains a certain > number of bits. In Emacs, as far as I can tell, best case, the random > seed is 48 bits. Is the random number generator able to use more than 48 bits of entropy? Michael. ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-23 12:54 ` Michael Heerdegen @ 2021-10-23 13:07 ` Yuri Khan 2021-10-23 18:41 ` ERC links to man pages (was: Re: Noob dumb question (extending emacs)) Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-24 7:08 ` Noob dumb question (extending emacs) Jean Louis 0 siblings, 2 replies; 127+ messages in thread From: Yuri Khan @ 2021-10-23 13:07 UTC (permalink / raw) To: Michael Heerdegen; +Cc: help-gnu-emacs On Sat, 23 Oct 2021 at 19:55, Michael Heerdegen <michael_heerdegen@web.de> wrote: > > In Emacs, as far as I can tell, best case, the random > > seed is 48 bits. > > Is the random number generator able to use more than 48 bits of entropy? Not as far as I can tell from srand48(3). This pseudo-random number generator is not designed to be used for password generation and cryptography. It’s okay for simulations, games, network retry delays, this kind of things. ^ permalink raw reply [flat|nested] 127+ messages in thread
* ERC links to man pages (was: Re: Noob dumb question (extending emacs)) 2021-10-23 13:07 ` Yuri Khan @ 2021-10-23 18:41 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-24 7:08 ` Noob dumb question (extending emacs) Jean Louis 1 sibling, 0 replies; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-23 18:41 UTC (permalink / raw) To: help-gnu-emacs; +Cc: emacs-erc Yuri Khan wrote: > Not as far as I can tell from srand48(3) Can't we have ERC provide links to man(1) pages on that syntax, just as `gnus-article-mode' does? Since both Gnus and ERC are built in, maybe not just the same code but even the same functions (that are already available) can just be called, the same way, to achieve this? -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-23 13:07 ` Yuri Khan 2021-10-23 18:41 ` ERC links to man pages (was: Re: Noob dumb question (extending emacs)) Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-24 7:08 ` Jean Louis 2021-10-24 8:57 ` Michael Heerdegen 1 sibling, 1 reply; 127+ messages in thread From: Jean Louis @ 2021-10-24 7:08 UTC (permalink / raw) To: Yuri Khan; +Cc: Michael Heerdegen, help-gnu-emacs * Yuri Khan <yuri.v.khan@gmail.com> [2021-10-23 16:09]: > On Sat, 23 Oct 2021 at 19:55, Michael Heerdegen > <michael_heerdegen@web.de> wrote: > > > In Emacs, as far as I can tell, best case, the random > > > seed is 48 bits. > > > > Is the random number generator able to use more than 48 bits of entropy? > > Not as far as I can tell from srand48(3). > > This pseudo-random number generator is not designed to be used for > password generation and cryptography. It’s okay for simulations, > games, network retry delays, this kind of things. What is better? 1. To have users "invent" their passwors by letting them type it each time? 2. Or maybe to offer them a random password like: "6IcH8L$BnQcmL-NrnSHe" which they can anyway change if they like? In my practical password generation the latter option is more secure, then if I start inventing passwords like "So8ething98" which I consider less secure or using hands to type something random like "asdf45huji" which in the end and due to habits may not be that random at all. When making highly hypothetical observation it is not bad to remember the practical use of it. Emacs Lisp how it is can generate random passwords and that is what matters and is practically useful. If you wish to say that passwords are not random, unsafe, and so on, please demonstrate it practically, not just theoretically. For example, try to predict the outcome of the following: (random (format "%s" (random))) And provide a script in any programming language that will predict the outcome of that function. Prove it. Don't let it be just confusing. If you can do that, you have completed scientific exercise and have proven it empirically that passwords are not random. Not only theoretically, as from theory I have no practical benefit. By using (rcd-password) ⇒ "n=(3hWqlaWfPRTSDQrWV" function I have a constant daily practical benefit. Then I have to face a professional programmer of Emacs Lisp who wants to convince me that I should not be generating passwords by using Emacs Lisp. Come on. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-24 7:08 ` Noob dumb question (extending emacs) Jean Louis @ 2021-10-24 8:57 ` Michael Heerdegen 2021-10-24 17:59 ` Jean Louis 0 siblings, 1 reply; 127+ messages in thread From: Michael Heerdegen @ 2021-10-24 8:57 UTC (permalink / raw) To: help-gnu-emacs Jean Louis <bugs@gnu.support> writes: > For example, try to predict the outcome of the following: > > (random (format "%s" (random))) How many tries do I have? Michael. ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-24 8:57 ` Michael Heerdegen @ 2021-10-24 17:59 ` Jean Louis 2021-10-25 9:18 ` Michael Heerdegen 0 siblings, 1 reply; 127+ messages in thread From: Jean Louis @ 2021-10-24 17:59 UTC (permalink / raw) To: Michael Heerdegen; +Cc: help-gnu-emacs * Michael Heerdegen <michael_heerdegen@web.de> [2021-10-24 11:58]: > Jean Louis <bugs@gnu.support> writes: > > > For example, try to predict the outcome of the following: > > > > (random (format "%s" (random))) > > How many tries do I have? Unlimited. You could or should show how you can predict the outcome. I have evaluated the function now, and recorded the outcome, so let me know, mentalist. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-24 17:59 ` Jean Louis @ 2021-10-25 9:18 ` Michael Heerdegen 2021-10-25 9:33 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-25 12:45 ` Jean Louis 0 siblings, 2 replies; 127+ messages in thread From: Michael Heerdegen @ 2021-10-25 9:18 UTC (permalink / raw) To: help-gnu-emacs Jean Louis <bugs@gnu.support> writes: > Unlimited. You could or should show how you can predict the outcome. Ok, I'll do it for 5000$. Unlimited number of trials. But only with a contract we both sign. I do not know you and I do not like being cheated. Should I fail, I don't have to pay anything (attackers normally don't pay you if they fail). Deal? TIA, Michael. ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-25 9:18 ` Michael Heerdegen @ 2021-10-25 9:33 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-25 19:44 ` Jean Louis 2021-10-25 12:45 ` Jean Louis 1 sibling, 1 reply; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-25 9:33 UTC (permalink / raw) To: help-gnu-emacs Michael Heerdegen wrote: >> Unlimited. You could or should show how you can predict >> the outcome. > > Ok, I'll do it for 5000$. Unlimited number of trials. > > But only with a contract we both sign. I do not know you and > I do not like being cheated. Should I fail, I don't have to > pay anything (attackers normally don't pay you if they > fail). I can put 500 000 USD I'm right ... pwgen is better, and to invoke it from Emacs/Elisp is not a problem; it _is_ possible to do it as good from Emacs/Elisp; however doing it worse does not make you more practical than anyone else ... (clarification for Jean only: LESS) -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-25 9:33 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-25 19:44 ` Jean Louis 2021-10-25 20:20 ` Emanuel Berg via Users list for the GNU Emacs text editor 0 siblings, 1 reply; 127+ messages in thread From: Jean Louis @ 2021-10-25 19:44 UTC (permalink / raw) To: help-gnu-emacs * Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-25 12:35]: > I can put 500 000 USD I'm right ... Password generation is used by single individuals who get help with password, sometimes password is too long and has to be shortened, and user can always insert something in the generated password. It is help to quicker generate a secret token. None of passwords so far generated are not same and practically they are not predictable. Theoretically yes. Entropy can be generated by providing something random that computer did not generate. /dev/urandom I would not know how to read from Emacs Lisp, as it is not regular file. Maybe as stream, don't know now. Then I can read my own files and generate md5sum: (defun rcd-random-string-from-home () (md5 (car (directory-files (getenv "HOME") t (rcd-password-generate-alpha-1))))) (dotimes (a 100) (insert (rcd-password)) (insert "\n")) That gave me enough randomity and none of passwords is same in 100 iterations. #ff1PbEOvGTViO#TWTIC $GLyL4VodIpEfpC)FhwC %LZ}3wgbBovHJsmHaSig )G|YjRhmN0GTbvnaWgB0 -JoB1YSWR3ZHRSHCVWP^ -jhN7pBHkzkA8AFcf*PQ 17uTbUDIH$cNHj{PyYKu 1nH}HW4YYrggMEMmGJM- 3HFn{h=OBSMz7ZRAPsGC 4HJh(eNzoWCE{YZ6FuHH 66czQRulcjBgmaEe)[oT 6mhshmLB1bTnEpciU-o+ 8IVAzvsYybi}h4MfQvY# 9KIYmzOn|vABpNPv+QE0 9SZLhihsmg{0rHAIoJ}N B{ZlJ%vEzMhiT5chhW3u CkTQ$vZ&CkWHmhVLTBod CupNOF5I5UJONFGNg=v^ D1Uq%YJjGWFHTWnUYP*L DBunoT_r=blgtJS5ZGjT EKBsJqvYg48@TuAQ+iSD ENIQ@pLHt6JfFbevhyhQ EOwvJcBZBwWO07h&[fzZ ETEcuC07drGeV-OzLsOZ EaFFUlhBHgs0&[qhch1Q FfBYajlHvy7TpIl7@-CQ H$DQKNLJV]1ljuDyGZGf HGGBm6qMlp}iQNBHk|ut I7pwdE!7evRMCsHIpyo# I9DWhDHUtHMS[gh^lG7h K$#haJTKqGiQY8WM8lmb KYW0jE#7{kPrOtKojUff O%Cs*VRLytSZ8CYW5dKF Q4I[&zTQIh2QAukCnuwH QRWVO#G6ZyFCMpR%vT1n QmDH@mmw{OsIBrzZWHqT QnzHMF|HAti3*nifct9q RS7wyo^Y7wl=nJARsgoV Rm}qhhS$KOcUhqIJ4p4q RvjhvcnNqQVDldkP)KW3 SDC^1tr5SZll[EmynMQR Sh#fy=eHZE3zlYNaRHb4 SjvHRsiSygC0rmZ{LWg4 Ssa[g0PPIqjbH$vevmfs TDehKp7%LNDU#DuuHweH TM*YecWCpV+1ddR7Clfq UGs)yfNZYhClFA8Zi$ZK UsJNoUHCYzHNaa1*SCG4 VCpYj=JnQmJ03TGCzF}i VQIHWAZK7_hpdEueSr2) Vw}KYrV66zTSO)ydcGqa WCDuh}z0H%zDUPr4uVFQ W|YFhDhhiCG05tdks{CE Y2iuGWzAE8lmh[}GUgBO ZYJ|IdZWMZUz4Uw&ZgBu ZdOHAeiiSI[fH}J0P2AH ZhIIO^JklzoUj91i=hsa aJlb3n^W|hhUPlkNA8op b8Rklz-PvNTnjrwTOY-D baVKIWl8}upUJh!JTAyc caN$oyzqi*nRgItjf63i d*HqgFrLtEq9RsZi{WRE dkcWP7YUbaZlSzSHIO%# dnFHjo1TaCbHL5LE%mty e1YU%bNKLVThTe9KB@fI eHCkAQd]ytHqwM{0VC0S eHfnooy*#eZklZ0HkVDW f$ou22RgLlVHv_vTGYrI gaglUNKvG4+Fv7Wf%zfS hGs3DV9JjWyuYlP#G_Vp hR{9hByHfd)MYZQWqr3H hT2JVpNVC&zuPvJmDu-n hZT2s5emDisVyC$Ssad[ h]hTUdArzPd&3dQYtFDC hboJqzgw&jTB*MgAAH8Y hc@&HhFfHtbWhjh1TRnt idf1#jdGMRpLwNSq8Teh iiuLvDi(BCyn7EoN_ugp jDz0YulHCNaRC@V)SWVO jO7ibrIw[cThAIOBcN&P kkBIb9HCSCSw$QeZ3CmK l5qyK|JPrRujIIb*kO9n lRbrKhV5!hOHM=dn1iQL lSiJwsojB)dASLNUQ7w_ n)dDG8HyBQCZM*A7GycJ oVuvb+7D*NmVWvPBHhwB oWB0ZDjFrkeh6VsZ#NN] ok0PjCr!lCTzPNLEgJ=7 qjhi{Zl1nbhje4&AJHZl rB#JsVG7tlEHEGg1jZTW rwzMdQpmON*hWH9N+Z8B sRe{0dTThM3S@ZbWzcWP tyPTypq4f@4eBqce#ICB uggVuZihhgUEp*(1ewBz vTNkMuHT1@HE4dAd_ugm vh5vw=*5AgbUYUnhbeCa y%e{2NWIKgdJKACWhSLu yhegcG{jUkz23!NZddbR ypDSHnWYDP0R(YCJEk0* z4[hMfrn2UJGqU}Syoes Even easier and faster then reading /dev/urandom: (defun rcd-random-uptime-string () (md5 (concat (emacs-uptime) (format-time-string "%N %^N %3N")))) (rcd-random-uptime-string) ⇒ "07df010260ac5749a995039f824c040c" (dotimes (a 100) (insert (rcd-password) "\n")) And there are no duplicate lines: !AY3ghyBTsiyTRCv$H4a #AO$9QIeqqgsHIKVWSU0 %ZtEkhdwoJQpmH6@gaSM &WF%VYZ4fmMONNS5cJHO )Y-aHOBlPSnDH7NnDB3u +2$wYpcMszD7AsjKjOfI 2vobwUjiDj!e7ShjjHW- 4h%ehaFdRKpY_3LHfWBV 4rl!s6HiHdDuvd=gUgYB 5BTJ$s8tQKHz#KiMRHfD 6D)KLwhfuqA5TRvWRsf) 7]OyrJkgcWP4Tjc[Brle 9Fh-uBbDTkFsFtwHI9Y{ 9LTo@n$LPhOndbh1rbmz =ktT&kbYMIshdd6kQj9H @8Rej6COwOsHGn%VZFsO AaKGbLTtY{25woec=shp BBpVm_IqdioGAdwf2k@v BoH!Ik0JM}tzG5czRBOl D_cPsce4nWVoAcbb=6DN DzJ7heuTqQHdeqig$B&W G)DtbsqqE7sFQOjKEqm- GVzDiczd2rS9lIh+Ho#N H+U1zOsbyf3zNcgJIs}r HLJBq+RUkAhmUNE7j(5V Hg8foHqr8bq+VQHGMv[f Hlv!LVjwhPL1]ck8GSVJ JHe4U{C2NtAt(HbvVmfZ KojYhJC=us3fd3etMQW} M]Hl%6vVpa9UCicMPwAe Md%w(DNSh1bEegkJumhe N[Ri9bA6CWBRY$klMhIn NjEF5H=yzEyHWF@cOwZ4 O*hcl6l_LHGHMTA9mANc OdhHWWmJ8oaRT]G{aKvP P%lEQDAvtw1YGs4Rgb}B PYjClUibF+4^aWHEOpUH PpuE4ZTzO0kicKZBH}di QO3zZbztPH^B3Jhcqki= RHGjNEL^tN4B8qz=hKfC RUGd$e0dAVZv3fvNwHV! S9ksI9vKAo]wmtydsa=H SU*2dCcrcIkb6oJ|LRle Sa[jwR5)TLCAPhkfvYlM Tcam2KRsLg*Bi7CNiqW{ TuemgV}9QQW8&rsrqjvI USJt[6Gph4qQfbPhci)e WaluVZp@rzCFHq18)hQN [FS|PBdIDyFOt4Hef6Ji a=ahd8Iqop2suZD$OyVd a@mjKsLiHR0pCgPkMY)6 aBjQJvQwTJ^wuvK[LEe7 aaSegj8cSSpGhKO$n{7J bJACW#HTG=MD8zWgiHOE baO_St=1ZlNSughayrbl dJJjZ4HifHK#{eCHNk7y dkIdvYFGOaQU0igm!j2{ e6hZObTdeHs!(ozewy1B eO3mBCadqNVJC_Jq3@zd eTCGP5yMu{hJfsta(5KF eq3*UHHGV-kRvkOcUkzB fIGVCRunA8y6{EL#LIrH ffEulRH8ghWVl#CF*Soi gcwgGOyr5l|FU6eQU%QQ hS!dOhrLy86!CadZmeAh h[wzGgwPsengzWW-34oE iwaNR3WBewhvt=SWD]G4 jNTzThYMde]Ra5&QRMfb jejkHWy4qa*hEQhE@qvu jsWcNMdh8dK]r=5DhQYg kuHUfyY]CbBk)3HJQmgC ldR1mTFfm2HlwI)fg[PC ltSwSOh8pc-HK@ZhTRE8 lu#ceVq6FRdSihoQU|yE lvkH8TDsc2pbeBh=(dkc oDJlj$b8tL=0izHQmksl oUAcafVlzu=F]L9Otlw0 oVB(LeMgC4r6CSbwy(CN pHfFvp[K}off8JOQaA9N piHOYHUuTsEmH5P#2CgH qf^Tw^lThmIH3YHzIsSq qtqoirsYcF]+QISh7cEH rVR1dLdkQ=@7zmBpqghc ra1vGLZDEP}vOo&j7NcR rsNySb6PI8jiDf}sC&OC rs{OP23lNDZ]PYAiRHcF rzRQmK}BsZyg5dCP*Ym5 s0NEzV&qCrDj6MS(vrkO s[YbW8!EVllDQR1ASYyQ saPgKhS@BaAEgC3D%Jt6 shlIt_qwqWspsHKG81wu tO1ZufhnD)L#CAwtAFM0 vNH!pH0hMAbH8ZJ+IJmj yIVa+hQtTMf50LqRNglJ yKSkPkNHVyo1{hjiIYDo zEIvu1tLVTsmpW5aIv&% zWHNk$E0THaM|9rdaIvz zh83cvq(HyNt-tVhkVGm zzCNc!tH9WfdfDhvtt=P {FCcmKJqcZ6mlWcmHlU! -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-25 19:44 ` Jean Louis @ 2021-10-25 20:20 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-25 20:33 ` Jean Louis 0 siblings, 1 reply; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-25 20:20 UTC (permalink / raw) To: help-gnu-emacs Jean Louis wrote: > Entropy can be generated by providing something random that > computer did not generate. /dev/urandom I would not know how > to read from Emacs Lisp, as it is not regular file. Maybe as > stream, don't know now. Dynamic module, write it in C ... bring over what they did in pwgen I should say, I mean the /dev/urandom extraction part. -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-25 20:20 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-25 20:33 ` Jean Louis 0 siblings, 0 replies; 127+ messages in thread From: Jean Louis @ 2021-10-25 20:33 UTC (permalink / raw) To: help-gnu-emacs * Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-25 23:22]: > Jean Louis wrote: > > > Entropy can be generated by providing something random that > > computer did not generate. /dev/urandom I would not know how > > to read from Emacs Lisp, as it is not regular file. Maybe as > > stream, don't know now. > > Dynamic module, write it in C ... bring over what they did in > pwgen I should say, I mean the /dev/urandom extraction part. Why complicate if it need no dynamic module. There must be some way to read that irregular file from Emacs Lisp. Not that I want to read /dev/urandom -- why, when I can generate randomity myself. For example, before password generation I could ask myself or user to enter random letters and press enter. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-25 9:18 ` Michael Heerdegen 2021-10-25 9:33 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-25 12:45 ` Jean Louis 2021-10-25 13:20 ` Michael Heerdegen 1 sibling, 1 reply; 127+ messages in thread From: Jean Louis @ 2021-10-25 12:45 UTC (permalink / raw) To: Michael Heerdegen; +Cc: help-gnu-emacs * Michael Heerdegen <michael_heerdegen@web.de> [2021-10-25 12:20]: > Jean Louis <bugs@gnu.support> writes: > > > Unlimited. You could or should show how you can predict the outcome. > > Ok, I'll do it for 5000$. Unlimited number of trials. > But only with a contract we both sign. I do not know you and I do not > like being cheated. Should I fail, I don't have to pay anything > (attackers normally don't pay you if they fail). Do you say you can predict outcome of my `rcd-password' function? Example: (rcd-password) ⇒ "KsDwGMWPs_!61kbUlzwo" Code: https://gnu.support/gnu-emacs/packages/rcd-password-el.html Send contract, I sign it. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-25 12:45 ` Jean Louis @ 2021-10-25 13:20 ` Michael Heerdegen 2021-10-25 19:54 ` About randomity, entropy, random passwords - was " Jean Louis [not found] ` <YXcLIC+doASdNFll@protected.localdomain> 0 siblings, 2 replies; 127+ messages in thread From: Michael Heerdegen @ 2021-10-25 13:20 UTC (permalink / raw) To: help-gnu-emacs Jean Louis <bugs@gnu.support> writes: > Do you say you can predict outcome of my `rcd-password' function? Yes, I said I can predict the outcome using unlimited trials. > Send contract, I sign it. Cool! How do you plan to test whether your password is in my trials? You will receive a lot of trials, and I want to be sure you don't cheat. Because it will take some time. Michael. ^ permalink raw reply [flat|nested] 127+ messages in thread
* About randomity, entropy, random passwords - was Re: Noob dumb question (extending emacs) 2021-10-25 13:20 ` Michael Heerdegen @ 2021-10-25 19:54 ` Jean Louis [not found] ` <YXcLIC+doASdNFll@protected.localdomain> 1 sibling, 0 replies; 127+ messages in thread From: Jean Louis @ 2021-10-25 19:54 UTC (permalink / raw) To: help-gnu-emacs * Michael Heerdegen <michael_heerdegen@web.de> [2021-10-25 16:22]: > Jean Louis <bugs@gnu.support> writes: > > > Do you say you can predict outcome of my `rcd-password' function? > > Yes, I said I can predict the outcome using unlimited trials. > > > Send contract, I sign it. > > Cool! > > How do you plan to test whether your password is in my trials? You will > receive a lot of trials, and I want to be sure you don't cheat. Because > it will take some time. Hey... but I am not going to spend time checking terrabytes of your trials. You have got unlimited trials that you do on yourside, not that I work for you and finally pay you for my work. That is called brute force. Not an algorithm that breaks the function and predicts its outcome. Emacs Lisp function `random' is quite handy and definitely not random enough as such. But with little support of Emacs Lisp it becomes very random. The matter is solved by providing a new seed. If seed is pretty random, then `random' becomes random. Here is enough entropy that it can generate random passwords: (defun rcd-random-md5-string () (md5 (concat (emacs-uptime) (format-time-string "%N %6N %3N")))) (rcd-random-md5-string) ⇒ "37c981115ec8cd7455667e1ad57e894b" (defun rcd-password-generate-1 (string) "Return capitalized or downcased single symbol from a string" (random (rcd-random-md5-string)) (let* ((max (length string)) (rnd (random max)) (single (substring string rnd (+ rnd 1)))) single)) (rcd-password-generate-1 "!@#$%^&*()-=+_[]{}|)ABCDEFGHIJKLMNOPQRSTUVWHYZ") ⇒ "Y" (rcd-password) ⇒ "wqg9@avJ@fErcvI4rrKt" Good enough for websites, system accounts, chat accounts, etc. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
[parent not found: <YXcLIC+doASdNFll@protected.localdomain>]
[parent not found: <87cznryfnz.fsf@web.de>]
* Re: Noob dumb question (extending emacs) [not found] ` <87cznryfnz.fsf@web.de> @ 2021-10-26 18:52 ` Jean Louis 0 siblings, 0 replies; 127+ messages in thread From: Jean Louis @ 2021-10-26 18:52 UTC (permalink / raw) To: Michael Heerdegen; +Cc: help-gnu-emacs * Michael Heerdegen <michael_heerdegen@web.de> [2021-10-26 18:22]: > Jean Louis <bugs@gnu.support> writes: > > > That is called brute force. Not an algorithm that breaks the function > > and predicts its outcome. > > So your accounts all have a disclaimer saying "you are only allowed to > crack the password of this account using an algorithm that predicts the > password"? Does everybody respect it? With enough attempts every password can be cracked. Function `rcd-password' generates passwords and it is helpful and useful with websites. Purpose is fulfilled. To say that generated password is not sure enough and that somebody can predict it, then better would be to prove it. As if you are cracking a random password on a website you cannot even know how it was generated or devised. > > Emacs Lisp function `random' is quite handy and definitely not random > > enough as such. But with little support of Emacs Lisp it becomes very > > random. The matter is solved by providing a new seed. > > The part you didn't yet understand is: the random number generator used > can only generate 2^48 different results. AFAIU the code (sysdep.c) it > is even only 2^31 different results. You can use exabytes of entropy to > set a seed and it will still only be able to generate 2^31 different > results. It will only give you one out of 2^31 possible passwords. I > will only have to try these 2^31. That's just not secure enough. We > have mentioned this already several times, but you continuously ignore > it for some reason. I surely understand your hypothetical and idealistic thinking. I think that number 2³¹ is this one: (expt 2 31) ⇒ 2,147,483,648 -- you say that is too little, and somebody could "find" the possible password. I think you imply that after somebody has attempted for example 1 billion times, then this person, cracker, would get control over some of my website accounts. I don't think this is a problem neither for `pwgen' generated passwords neither for `rcd-password' generated passwords, because the probability for brute force attempts is equal, regardless how password has been generated. Let us say that there is truly random password: "jgu" -- from there it should be obvious that a brute force password cracking program would quickly solve it. You speak of entropy and in same time of with brute force method. It is disregarded that it becomes irrelevant for brute force how password has been generated, what it consists of. Further, the function `rcd-password' uses more basic functions `rcd-password-generate-1' that in turn for each generated letter uses different, again random, seed. That system increases randomity to indefinite. (defun rcd-random-md5-string () (md5 (concat (emacs-uptime) (format-time-string "%N %6N %3N")))) (defun rcd-password-generate-1 (string) "Return capitalized or downcased single symbol from a string" (random (rcd-random-md5-string)) (let* ((max (length string)) (rnd (random max)) (single (substring string rnd (+ rnd 1)))) single)) Now we come back to it, if there is way to practically predict the outcome, then show me, make the Emacs Lisp function that demonstrates it. I can for example give you list of passwords, and you can, by observing those passwords try to demonstrate to know which one will be a next password. That way you can prove the statement from your side. Unless it is proven that you or somebody, can predict a password generated, `rcd-password' is useful function to generate passwords. To crack a password generated by `rcd-password' on somebody: - you would need to know how is password generated, you have the access to source, but you cannot know what was the seed. Try to guess the seed by guessing the md5 hash of my Emacs uptime and exact microsecond, nanosecond and millisecond when password was generated; - you would need to know which website, which system account, what is the name of system account; - you would need maybe to have access to physical computer on my side; - you would need to have a program that breaks my program and finds out or predicts random passwords outcome; And more than that. If we speak only of brute force cracking that means it is irrelevant to the fact how password was generated in the first place. Brute force cracking does not prove that password generated by Emacs Lisp function is unsafe. If password is 20 chars long, than 2.2 billion times x 20 = 44000000000, I guess 44 gigabytes. I could open up VPS with 100 gigabytes, and try to generate this many passwords to try to find if any of passwords generated by `rcd-password' is same. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-23 10:16 ` Yuri Khan 2021-10-23 10:46 ` Michael Heerdegen 2021-10-23 12:54 ` Michael Heerdegen @ 2021-10-23 18:22 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-23 19:52 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-24 6:43 ` Jean Louis 3 siblings, 1 reply; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-23 18:22 UTC (permalink / raw) To: help-gnu-emacs Yuri Khan wrote: >> If you use Emacs' `random' to generate a password, an >> attacker would need to have access to your system to >> predict the result. He would at least have to know exactly >> when you started your Emacs session (that time is used to >> generate the seed). Or he would need much more >> pseudo-random numbers from you. >> >> Without any of these, no chance to guess, because there are >> too many possible pseudo-random numbers when you don't know >> at which position in the sequence the generator started. > > The position in the sequence, aka the random seed, contains > a certain number of bits. In Emacs, as far as I can tell, > best case, the random seed is 48 bits. Which means, no > matter how long a password you (the user) generate, it still > contains only 48 bits of entropy. #! /bin/zsh $ echo $(( 2**48 )) 281474976710656 Or Elisp: (expt 2 48) 281474976710656 (#o10000000000000000, #x1000000000000) > It is *not* okay to offer a library for password generation > using a weak generator to other people without explaining > its entropy characteristics so that they could assess > their risk. But what is the method stipulated then, we'll just do a `random-passwd' with that ... -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-23 18:22 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-23 19:52 ` Emanuel Berg via Users list for the GNU Emacs text editor 0 siblings, 0 replies; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-23 19:52 UTC (permalink / raw) To: help-gnu-emacs >> It is *not* okay to offer a library for password generation >> using a weak generator to other people without explaining >> its entropy characteristics so that they could assess >> their risk. > > But what is the method stipulated then, we'll just do > a `random-passwd' with that ... From pwgen on Debian 11: /* * randnum.c -- generate (good) randum numbers. * * Copyright (C) 2001,2002 by Theodore Ts'o * * This file may be distributed under the terms of the GNU Public * License. */ #include <stdio.h> #include <unistd.h> #include <stdlib.h> #include <sys/types.h> #include <sys/time.h> #include <sys/stat.h> #include <fcntl.h> #include <errno.h> #include "pwgen.h" #ifdef HAVE_DRAND48 extern double drand48(void); #endif static int get_random_fd(void); /* Borrowed/adapted from e2fsprogs's UUID generation code */ static int get_random_fd() { struct timeval tv; static int fd = -2; if (fd == -2) { gettimeofday(&tv, 0); fd = open("/dev/urandom", O_RDONLY); if (fd == -1) fd = open("/dev/random", O_RDONLY | O_NONBLOCK); } return fd; } /* * Generate a random number n, where 0 <= n < max_num, using * /dev/urandom if possible. */ int pw_random_number(max_num) int max_num; { unsigned int rand_num; int i, fd = get_random_fd(); int lose_counter = 0, nbytes = sizeof(rand_num); char *cp = (char *) &rand_num; if (fd >= 0) { while (nbytes > 0) { i = read(fd, cp, nbytes); if ((i < 0) && ((errno == EINTR) || (errno == EAGAIN))) continue; if (i <= 0) { if (lose_counter++ == 8) break; continue; } nbytes -= i; cp += i; lose_counter = 0; } } if (nbytes == 0) return (rand_num % max_num); /* We weren't able to use /dev/random, fail hard */ fprintf(stderr, "No entropy available!\n"); exit(1); } -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-23 10:16 ` Yuri Khan ` (2 preceding siblings ...) 2021-10-23 18:22 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-24 6:43 ` Jean Louis 2021-10-24 8:28 ` Michael Heerdegen 2021-10-24 9:31 ` Emanuel Berg via Users list for the GNU Emacs text editor 3 siblings, 2 replies; 127+ messages in thread From: Jean Louis @ 2021-10-24 6:43 UTC (permalink / raw) To: Yuri Khan; +Cc: Michael Heerdegen, help-gnu-emacs * Yuri Khan <yuri.v.khan@gmail.com> [2021-10-23 13:17]: > An attacker might have access to one or more passwords you generate > before and/or after the password the attacker is interested in, e.g. > by being one of the entities you have an account with, or by > possessing a leaked database of user information from a compromised > service. > > (It is also customary, when discussing security, to assume the > attacker knows exactly the algorithms you use.) > > > It is okay to generate your own passwords using a weak generator if > you are aware of that and deem the risk insignificant. I fully get this. Though ideology is a pleasant game for mind though not useful if it cannot be practically implemented. How I see it, it is very easy to set random seed by providing some automatically generated, random string to `random', such as those from the system's /proc directory. random is a built-in function in ‘C source code’. (random &optional LIMIT) Return a pseudo-random integer. By default, return a fixnum; all fixnums are equally likely. With positive integer LIMIT, return random integer in interval [0,LIMIT). With argument t, set the random number seed from the system’s entropy pool if available, otherwise from less-random volatile data such as the time. With a string argument, set the seed based on the string’s contents. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-24 6:43 ` Jean Louis @ 2021-10-24 8:28 ` Michael Heerdegen 2021-10-24 18:03 ` Jean Louis 2021-10-24 9:31 ` Emanuel Berg via Users list for the GNU Emacs text editor 1 sibling, 1 reply; 127+ messages in thread From: Michael Heerdegen @ 2021-10-24 8:28 UTC (permalink / raw) To: help-gnu-emacs Jean Louis <bugs@gnu.support> writes: > How I see it, it is very easy to set random seed by providing some > automatically generated, random string to `random', such as those from > the system's /proc directory. Then you just consult a second source of entropy. Which is more or less the conclusion: don't rely on the entropy of Emacs' `random' function. If that other source is a reliable source of more entropy, you don't need Emacs' `random' at all. If it is not, you have gained nothing. And there is another problem which would make things much worse: when Emacs `random' number generator operates with 48 bit numbers (which seems to be the case, but I didn't check the sources), each algorithm calling `random' can only generate passwords with an entropy of maximally 48 bit, no matter what the entropy of the seed is. Michael. ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-24 8:28 ` Michael Heerdegen @ 2021-10-24 18:03 ` Jean Louis 0 siblings, 0 replies; 127+ messages in thread From: Jean Louis @ 2021-10-24 18:03 UTC (permalink / raw) To: Michael Heerdegen; +Cc: help-gnu-emacs * Michael Heerdegen <michael_heerdegen@web.de> [2021-10-24 11:29]: > Jean Louis <bugs@gnu.support> writes: > > > How I see it, it is very easy to set random seed by providing some > > automatically generated, random string to `random', such as those from > > the system's /proc directory. > > Then you just consult a second source of entropy. Which is more or less > the conclusion: don't rely on the entropy of Emacs' `random' function. > > If that other source is a reliable source of more entropy, you don't > need Emacs' `random' at all. If it is not, you have gained nothing. > > And there is another problem which would make things much worse: when > Emacs `random' number generator operates with 48 bit numbers (which > seems to be the case, but I didn't check the sources), each algorithm > calling `random' can only generate passwords with an entropy of > maximally 48 bit, no matter what the entropy of the seed is. This is my basic function, practical, useful, used almost daily in other functions to generate passwords. It replaces my needs for `pwgen' and it was made not to be dependent on some outside system software. (defvar rcd-password-alpha "ABCDEFGHIJKLMNOPQRSTUVWHYZ") (defvar rcd-password-special-characters "!@#$%^&*()-=+_[]{}|") (defun rcd-password-generate-1 (string) "Return capitalized or downcased single symbol from a string" (random (format "%s" (random))) (let* ((max (length string)) (rnd (random max)) (single (substring string rnd (+ rnd 1)))) single)) (rcd-password-generate-1 rcd-password-alpha) ⇒ "M" Unless you or Yuri can predict the outcome of this function, any hypothesis is pretty much useless. And the function remain useful. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-24 6:43 ` Jean Louis 2021-10-24 8:28 ` Michael Heerdegen @ 2021-10-24 9:31 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-24 18:09 ` Jean Louis 1 sibling, 1 reply; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-24 9:31 UTC (permalink / raw) To: help-gnu-emacs Jean Louis wrote: > I fully get this. Though ideology is a pleasant game for > mind though not useful if it cannot be > practically implemented. "Ideology" :D Are you into politics now, Jean? :) But actually it isn't true, if pwgen can use /dev/urandom, /dev/random and/or the thermal noise of the HDD, that's as practical as it gets. So we shouldn't disrespect that just because Elisp cannot do it/certain individual likes to ... etc etc. -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-24 9:31 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-24 18:09 ` Jean Louis 2021-10-24 18:30 ` Emanuel Berg via Users list for the GNU Emacs text editor 0 siblings, 1 reply; 127+ messages in thread From: Jean Louis @ 2021-10-24 18:09 UTC (permalink / raw) To: help-gnu-emacs * Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-24 12:32]: > Jean Louis wrote: > > > I fully get this. Though ideology is a pleasant game for > > mind though not useful if it cannot be > > practically implemented. > > "Ideology" :D > > Are you into politics now, Jean? :) > > But actually it isn't true, if pwgen can use /dev/urandom, > /dev/random and/or the thermal noise of the HDD, that's as > practical as it gets. > > So we shouldn't disrespect that just because Elisp cannot do > it/certain individual likes to ... etc etc. How "disrespect"? It is not related to it. `pwgen' is system command, good for let us say shell, but Emacs is much more and is integrated into database on my side. If then Emacs Lisp programs run on different systems, I like if they don't depend on too many external commands, especially one as simple as password generation. I cannot write `ffmpeg' so I convert videos by using Emacs Lisp on remote computers calling external `ffmpeg'. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-24 18:09 ` Jean Louis @ 2021-10-24 18:30 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-25 5:31 ` Jean Louis 0 siblings, 1 reply; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-24 18:30 UTC (permalink / raw) To: help-gnu-emacs Jean Louis wrote: > `pwgen' is system command pwgen is a program. > good for let us say shell, but Emacs is much more and is > integrated into database on my side Emacs is integrated with the shell so that solution is easier (more practical that way), better, and you can still use/write your own/a custom interface (so equally practical in THAT way). Also it will take advantages of further improvements to pwgen or possible forks or other such programs with no or very small adjustments ... > If then Emacs Lisp programs run on different systems, I like > if they don't depend on too many external commands Indeed must be used to benefit the user ... > especially one as simple as password generation. But not simple enough for you do to it at the level of the CLI command ... > I cannot write `ffmpeg' so I convert videos by using Emacs > Lisp on remote computers calling external `ffmpeg'. But you cannot write a pwgen either - or at least, you haven't yet ... so what's the difference? -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-24 18:30 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-25 5:31 ` Jean Louis 2021-10-28 2:33 ` Emanuel Berg via Users list for the GNU Emacs text editor 0 siblings, 1 reply; 127+ messages in thread From: Jean Louis @ 2021-10-25 5:31 UTC (permalink / raw) To: help-gnu-emacs * Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-24 21:33]: > Jean Louis wrote: > > > `pwgen' is system command > > pwgen is a program. OS is program, Emacs is program, programs run within programs. `pwgen' is not Emacs, I hope we can agree on it. It is external program that is easily replacable in Emacs. Emacs Lisp within Emacs is environment for itself, it is not Bash nor Mate or Gnome desktop environment. Many Emacs users decide to dwell within Emacs environment, some may run Window Manager by using Emacs. Using Emacs as PID 1 seem to be possible too. And how I see it, Emacs developers try to avoid where possible using external commands, call it programs. For example I can copy or rename files within Emacs Dired without recourse to /usr/bin/cp or /usr/bin/mv, I believe it runs straight from Emacs. Mass of other functionality is integrated in Emacs. By principle we integrate features into Emacs. Picture viewer is integrated into Emacs, though for me it is often too slow. I like using M-x sxiv with external program. But when possible I don't use external programs. > Also it will take advantages of further improvements to pwgen > or possible forks or other such programs with no or very small > adjustments ... > > > If then Emacs Lisp programs run on different systems, I like > > if they don't depend on too many external commands > > Indeed must be used to benefit the user ... > > > especially one as simple as password generation. > > But not simple enough for you do to it at the level of the CLI > command ... Before I was using `pwgen' in Bash and storing passwords in appendable only file ~/.passwords and now I store it in the database by using Emacs Lisp. Thus `pwgen' is redundant. > > I cannot write `ffmpeg' so I convert videos by using Emacs > > Lisp on remote computers calling external `ffmpeg'. > > But you cannot write a pwgen either - or at least, you > haven't yet ... so what's the difference? Emacs image viewer is not `sxiv' or "Eye of Gnome" but still fulfils the purpose to view images. The function `rcd-password' fulfils the purpose of `pwgen' to generate passwords for me. https://gnu.support/gnu-emacs/packages/rcd-password-el.html -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-25 5:31 ` Jean Louis @ 2021-10-28 2:33 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-11-05 19:09 ` Passwords -- " Jean Louis 0 siblings, 1 reply; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-28 2:33 UTC (permalink / raw) To: help-gnu-emacs Jean Louis wrote: >>> I cannot write `ffmpeg' so I convert videos by using Emacs >>> Lisp on remote computers calling external `ffmpeg'. >> >> But you cannot write a pwgen either - or at least, you >> haven't yet ... so what's the difference? > > Emacs image viewer is not `sxiv' or "Eye of Gnome" but still > fulfils the purpose to view images. Try feh for a more configurable viewer. Note that you can run sxiv from Emacs with the 'sxiv' MELPA package, at least I think that's what it does. I guess not all Emacs users share your aversion to "external commands" ... > The function `rcd-password' fulfils the purpose of `pwgen' > to generate passwords for me. It isn't as good, that's the issue. No idea why on cannot read a non-regular file from Elisp, but head(1) and pwgen(1) can do it from C, and Emacs is written in C as well, so maybe it can be done as a C built-in (Lisp primitive) or, as said, in a C dynamic module ... -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Passwords -- Re: Noob dumb question (extending emacs) 2021-10-28 2:33 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-11-05 19:09 ` Jean Louis 2021-11-05 22:00 ` Emanuel Berg via Users list for the GNU Emacs text editor 0 siblings, 1 reply; 127+ messages in thread From: Jean Louis @ 2021-11-05 19:09 UTC (permalink / raw) To: help-gnu-emacs * Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-28 05:37]: > Jean Louis wrote: > > >>> I cannot write `ffmpeg' so I convert videos by using Emacs > >>> Lisp on remote computers calling external `ffmpeg'. > >> > >> But you cannot write a pwgen either - or at least, you > >> haven't yet ... so what's the difference? > > > > Emacs image viewer is not `sxiv' or "Eye of Gnome" but still > > fulfils the purpose to view images. > > Try feh for a more configurable viewer. I found `sxiv' much handier, after long term usage of `feh'. > Note that you can run sxiv from Emacs with the 'sxiv' MELPA > package, at least I think that's what it does. I guess not all > Emacs users share your aversion to "external commands" ... No aversion at all. But if something works in Emacs Lisp, I will not use external program. It is natural. > > The function `rcd-password' fulfils the purpose of `pwgen' > > to generate passwords for me. > > It isn't as good, that's the issue. No idea why on cannot read > a non-regular file from Elisp, but head(1) and pwgen(1) can do > it from C, and Emacs is written in C as well, so maybe it can > be done as a C built-in (Lisp primitive) or, as said, in > a C dynamic module ... It is as good as it can be. (rcd-password) ⇒ "jLYRd+9ntSvHacClVuP]" -- obviously random. You have my algorithm published, try to guess the next one. If you cannot guess, there is no proof that it is "not good". The purpose of generated passwords is to provide enough random password that will not be easily guessed by brute force attacks. Websites and shell accounts have often other measures to prevent multiple brute force attempts. So far nobody of theoretical password scientists on this list did not break any of my passwords, despite all the invitations and awards offered. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Passwords -- Re: Noob dumb question (extending emacs) 2021-11-05 19:09 ` Passwords -- " Jean Louis @ 2021-11-05 22:00 ` Emanuel Berg via Users list for the GNU Emacs text editor 0 siblings, 0 replies; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-11-05 22:00 UTC (permalink / raw) To: help-gnu-emacs Jean Louis wrote: >> Try feh for a more configurable viewer. > > I found `sxiv' much handier, after long term usage of `feh'. It is very common, sure, but just not as configurable as feh(1). > No aversion at all. But if something works in Emacs Lisp, > I will not use external program. It is natural. Well, pwgen(1) also works, of course. But that's not the only tendency at work here and not the most powerful one either. And BTW shell tools in general also work from Emacs/Elisp. Emacs is itself a shell tool, a very powerful/versatile and perhaps an atypical one, sure, but still. > It is as good as it can be. > > (rcd-password) ⇒ "jLYRd+9ntSvHacClVuP]" -- obviously random. > You have my algorithm published, try to guess the next one. > If you cannot guess, there is no proof that it is "not > good". That has already been proven but not in that way, which hardly would be considered a proof anyway. -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-23 8:41 ` Michael Heerdegen 2021-10-23 10:16 ` Yuri Khan @ 2021-10-23 18:17 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-24 8:42 ` Michael Heerdegen 1 sibling, 1 reply; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-23 18:17 UTC (permalink / raw) To: help-gnu-emacs Michael Heerdegen wrote: > If you use Emacs' `random' to generate a password, an > attacker would need to have access to your system to predict > the result. He would at least have to know exactly when you > started your Emacs session (that time is used to generate > the seed). Or he would need much more pseudo-random numbers > from you. > > Without any of these, no chance to guess, because there are > too many possible pseudo-random numbers when you don't know > at which position in the sequence the generator started. > > But if the attacker already has access to your session, he > can just steal the password out of your Emacs session or > system clipboard or take a screenshot or whatever. > > So I don't see a problem here. Or am I missing something? Well, obviously no one is cracking your account because `random' isn't random enough :) Well, if they do it at a industrial standard level (I didn't see such a standard myself, but I trust Yuri has) there is no reason we shouldn't be there as well ... -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-23 18:17 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-24 8:42 ` Michael Heerdegen 0 siblings, 0 replies; 127+ messages in thread From: Michael Heerdegen @ 2021-10-24 8:42 UTC (permalink / raw) To: help-gnu-emacs Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> writes: > Well, obviously no one is cracking your account because > `random' isn't random enough :) > > Well, if they do it at a industrial standard level (I didn't > see such a standard myself, but I trust Yuri has) there is no > reason we shouldn't be there as well ... Depends on what the passwords are used for. EC card PINs have only 10^4 ~ 2^13 different "passwords". But it's not possible to try them all. But when you have stolen a hashed password of a length of only 8 chars or even less, it is already in reach to restore the password with a lot of time. If the used entropy was actually less than 2^48, I think we are entering a problematic terrain. Depends on the costs of the hashing algorithm used for your account. Michael. ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-22 17:51 ` Jean Louis 2021-10-22 18:50 ` Yuri Khan @ 2021-10-22 18:55 ` Yuri Khan 2021-10-22 19:30 ` Emanuel Berg via Users list for the GNU Emacs text editor ` (2 more replies) 2021-10-22 18:57 ` Emanuel Berg via Users list for the GNU Emacs text editor 2 siblings, 3 replies; 127+ messages in thread From: Yuri Khan @ 2021-10-22 18:55 UTC (permalink / raw) To: Yuri Khan, Emanuel Berg, help-gnu-emacs (Sorry for the previous unfinished email.) On Sat, 23 Oct 2021 at 00:55, Jean Louis <bugs@gnu.support> wrote: > For people interested, manual explains about randomity: > (info "(elisp) Random Numbers") > > How I understand it, than it may be that neither `pwgen' is generating > truly random numbers. Inspecting the source shows pwgen uses /dev/urandom if available, and /dev/random otherwise, and all bytes of the password come from one of those sources. These are as random as you can get and use thermal noise in your HDD as one of the sources of randomness. On the other hand, the manual for Emacs ‘random’ says: A deterministic computer program cannot generate true random numbers. For most purposes, “pseudo-random numbers” suffice. Spoiler: secure password generation is not one of those purposes. ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-22 18:55 ` Yuri Khan @ 2021-10-22 19:30 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-22 21:31 ` Jean Louis 2021-10-24 19:05 ` Jean Louis 2 siblings, 0 replies; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-22 19:30 UTC (permalink / raw) To: help-gnu-emacs Yuri Khan wrote: > Inspecting the source shows pwgen uses /dev/urandom if > available, and /dev/random otherwise, and all bytes of the > password come from one of those sources. These are as random > as you can get and use thermal noise in your HDD as one of > the sources of randomness. Clever! Cool. Can't `random' do the same? Or add a separate `random-linux' perhaps ... Or is that what the option does? -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-22 18:55 ` Yuri Khan 2021-10-22 19:30 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-22 21:31 ` Jean Louis 2021-10-22 22:21 ` H. Dieter Wilhelm 2021-10-23 10:46 ` Yuri Khan 2021-10-24 19:05 ` Jean Louis 2 siblings, 2 replies; 127+ messages in thread From: Jean Louis @ 2021-10-22 21:31 UTC (permalink / raw) To: Yuri Khan; +Cc: help-gnu-emacs, Emanuel Berg * Yuri Khan <yuri.v.khan@gmail.com> [2021-10-22 21:56]: > (Sorry for the previous unfinished email.) > > On Sat, 23 Oct 2021 at 00:55, Jean Louis <bugs@gnu.support> wrote: > > > For people interested, manual explains about randomity: > > (info "(elisp) Random Numbers") > > > > How I understand it, than it may be that neither `pwgen' is generating > > truly random numbers. > > Inspecting the source shows pwgen uses /dev/urandom if available, and > /dev/random otherwise, and all bytes of the password come from one of > those sources. These are as random as you can get and use thermal > noise in your HDD as one of the sources of randomness. Which tells me Emacs Lisp could have access to such data and set the seed quite randomly practically: - I have noticed that file "/proc/pressure/io" is constantly changing, could not find temperature stuff now, thus: (defun first-line-of-file (file) (with-temp-buffer (insert-file-contents file) (substring (buffer-string) 0 (string-match "\n" (buffer-string))))) (let ((line (first-line-of-file "/proc/pressure/io"))) ;; Now set random seed: (random line) ;; Now generate random password (rcd-password)) ⇒ "TMqVMJiT(JKR1^8uLYzT" You say that passwords are not really random and Emacs Lisp is not made for that. I say that passwords can be generated practically to be random for the user from the users' viewpoint, and it is evident. If you can predict the password I am generating it will become evident that passwords are not truly random. Until then... they are random. ;-) -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-22 21:31 ` Jean Louis @ 2021-10-22 22:21 ` H. Dieter Wilhelm 2021-10-23 10:46 ` Yuri Khan 1 sibling, 0 replies; 127+ messages in thread From: H. Dieter Wilhelm @ 2021-10-22 22:21 UTC (permalink / raw) To: Yuri Khan; +Cc: help-gnu-emacs, Emanuel Berg Jean Louis <bugs@gnu.support> writes: > You say that passwords are not really random and Emacs Lisp is > not made for that. I've an idea, why not using the hashes of Emacs commits for lisp files? d9de0a58744d5d8f0b23a1bd4c42a0b8e4829e25 so we have both something lispy AND random! ;-) Just joking > I say that passwords can be generated practically to be random > for the user from the users' viewpoint, and it is evident. I agree Dieter -- Best wishes H. Dieter Wilhelm Zwingenberg, Germany ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-22 21:31 ` Jean Louis 2021-10-22 22:21 ` H. Dieter Wilhelm @ 2021-10-23 10:46 ` Yuri Khan 2021-10-23 18:13 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-24 6:45 ` Jean Louis 1 sibling, 2 replies; 127+ messages in thread From: Yuri Khan @ 2021-10-23 10:46 UTC (permalink / raw) To: Yuri Khan, Emanuel Berg, help-gnu-emacs On Sat, 23 Oct 2021 at 04:35, Jean Louis <bugs@gnu.support> wrote: > - I have noticed that file "/proc/pressure/io" is constantly > changing, could not find temperature stuff now, thus: “Constantly changing” does not mean it is a reliable source of randomness (entropy). Also, the word “pressure” there does not refer to any physical processes. In context, it is a metaphor, referring to the concurrent processes in your computer competing for a resource, in this case, the input/output system. Anyway: $ cat /proc/pressure/io some avg10=0.00 avg60=0.00 avg300=0.05 total=313213969 full avg10=0.00 avg60=0.00 avg300=0.04 total=238002455 $ cat /proc/pressure/io some avg10=0.13 avg60=1.09 avg300=1.08 total=318142202 full avg10=0.13 avg60=0.98 avg300=0.97 total=242407828 What we have here is some constant text that does not contribute to randomness in any way, and a few decimal numbers. A single sampling gives you 36 digits. 3 decimal digits ≈ 10 bits, so you could estimate 120 bits which would be considered a fair amount of entropy. However, if you sample it repeatedly, as you would when generating a number of passwords, you can observe they are not completely independent. The moving averages over 10/60/300 seconds are continuous functions, i.e. the next sample is a value reasonably close to the previous; and the total is a monotonically and not very rapidly rising function, so the next sample is equal to the previous plus a small value. So the added entropy for each next sample is much smaller than the original 120 bits. (Of course you could just replicate what pwgen does, and read from /dev/urandom or /dev/random, and directly convert that into characters usable in passwords.) ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-23 10:46 ` Yuri Khan @ 2021-10-23 18:13 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-24 7:48 ` Yuri Khan 2021-10-24 6:45 ` Jean Louis 1 sibling, 1 reply; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-23 18:13 UTC (permalink / raw) To: help-gnu-emacs Yuri Khan wrote: > What we have here is some constant text that does not > contribute to randomness in any way, and a few decimal > numbers. A single sampling gives you 36 digits. 3 decimal > digits ≈ 10 bits, so you could estimate 120 bits which would > be considered a fair amount of entropy. Entropy, is that a term from information theory? Please provide the definition the way you are using the term here ... > (Of course you could just replicate what pwgen does, and > read from /dev/urandom or /dev/random, and directly convert > that into characters usable in passwords.) Indeed, that's better, if we assume what they do is good enough. Use directly or replicate, as you say. -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-23 18:13 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-24 7:48 ` Yuri Khan 2021-10-24 9:37 ` Emanuel Berg via Users list for the GNU Emacs text editor 0 siblings, 1 reply; 127+ messages in thread From: Yuri Khan @ 2021-10-24 7:48 UTC (permalink / raw) To: Emanuel Berg, help-gnu-emacs On Sun, 24 Oct 2021 at 01:15, Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> wrote: > Entropy, is that a term from information theory? > Please provide the definition the way you are using the term > here ... https://en.wikipedia.org/wiki/Entropy_(computing) ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-24 7:48 ` Yuri Khan @ 2021-10-24 9:37 ` Emanuel Berg via Users list for the GNU Emacs text editor 0 siblings, 0 replies; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-24 9:37 UTC (permalink / raw) To: help-gnu-emacs Yuri Khan wrote: >> Entropy, is that a term from information theory? >> Please provide the definition the way you are using the >> term here ... > > https://en.wikipedia.org/wiki/Entropy_(computing) Yeah, I've seen it ... so what part did you like the best? -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-23 10:46 ` Yuri Khan 2021-10-23 18:13 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-24 6:45 ` Jean Louis 2021-10-24 8:50 ` Michael Heerdegen 2021-10-24 18:17 ` Yuri Khan 1 sibling, 2 replies; 127+ messages in thread From: Jean Louis @ 2021-10-24 6:45 UTC (permalink / raw) To: Yuri Khan; +Cc: help-gnu-emacs, Emanuel Berg * Yuri Khan <yuri.v.khan@gmail.com> [2021-10-23 13:47]: > On Sat, 23 Oct 2021 at 04:35, Jean Louis <bugs@gnu.support> wrote: > > > - I have noticed that file "/proc/pressure/io" is constantly > > changing, could not find temperature stuff now, thus: > > “Constantly changing” does not mean it is a reliable source of > randomness (entropy). > > Also, the word “pressure” there does not refer to any physical > processes. In context, it is a metaphor, referring to the concurrent > processes in your computer competing for a resource, in this case, the > input/output system. > > Anyway: > > $ cat /proc/pressure/io > some avg10=0.00 avg60=0.00 avg300=0.05 total=313213969 > full avg10=0.00 avg60=0.00 avg300=0.04 total=238002455 > > $ cat /proc/pressure/io > some avg10=0.13 avg60=1.09 avg300=1.08 total=318142202 > full avg10=0.13 avg60=0.98 avg300=0.97 total=242407828 > > What we have here is some constant text that does not contribute to > randomness in any way, and a few decimal numbers. A single sampling > gives you 36 digits. 3 decimal digits ≈ 10 bits, so you could estimate > 120 bits which would be considered a fair amount of entropy. Congratulation for the analysis, although myself I cannot follow it. > (Of course you could just replicate what pwgen does, and read from > /dev/urandom or /dev/random, and directly convert that into characters > usable in passwords.) I agree, though I don't need it personally, as no analyst so far has cracked any of my Emacs Lisp generated passwords. I will give US $1,000 if you crack any of my passwords in any of websites I am subscribed within next 2 years. OK? -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-24 6:45 ` Jean Louis @ 2021-10-24 8:50 ` Michael Heerdegen 2021-10-24 17:20 ` Jean Louis 2021-10-24 18:17 ` Yuri Khan 1 sibling, 1 reply; 127+ messages in thread From: Michael Heerdegen @ 2021-10-24 8:50 UTC (permalink / raw) To: help-gnu-emacs Jean Louis <bugs@gnu.support> writes: > I will give US $1,000 if you crack any of my passwords in any of > websites I am subscribed within next 2 years. OK? Why should he tell you? I bet one or the other of your accounts is worth much more than that. Michael. ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-24 8:50 ` Michael Heerdegen @ 2021-10-24 17:20 ` Jean Louis 0 siblings, 0 replies; 127+ messages in thread From: Jean Louis @ 2021-10-24 17:20 UTC (permalink / raw) To: Michael Heerdegen; +Cc: help-gnu-emacs * Michael Heerdegen <michael_heerdegen@web.de> [2021-10-24 11:51]: > Jean Louis <bugs@gnu.support> writes: > > > I will give US $1,000 if you crack any of my passwords in any of > > websites I am subscribed within next 2 years. OK? > > Why should he tell you? I bet one or the other of your accounts is > worth much more than that. Hahahahaha. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-24 6:45 ` Jean Louis 2021-10-24 8:50 ` Michael Heerdegen @ 2021-10-24 18:17 ` Yuri Khan 2021-10-24 19:07 ` Jean Louis 1 sibling, 1 reply; 127+ messages in thread From: Yuri Khan @ 2021-10-24 18:17 UTC (permalink / raw) To: Yuri Khan, Emanuel Berg, help-gnu-emacs On Sun, 24 Oct 2021 at 13:50, Jean Louis <bugs@gnu.support> wrote: > I will give US $1,000 if you crack any of my passwords in any of > websites I am subscribed within next 2 years. OK? I am not playing penetration testing with you. ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-24 18:17 ` Yuri Khan @ 2021-10-24 19:07 ` Jean Louis 0 siblings, 0 replies; 127+ messages in thread From: Jean Louis @ 2021-10-24 19:07 UTC (permalink / raw) To: Yuri Khan; +Cc: help-gnu-emacs, Emanuel Berg * Yuri Khan <yuri.v.khan@gmail.com> [2021-10-24 21:20]: > On Sun, 24 Oct 2021 at 13:50, Jean Louis <bugs@gnu.support> wrote: > > > I will give US $1,000 if you crack any of my passwords in any of > > websites I am subscribed within next 2 years. OK? > > I am not playing penetration testing with you. But I would not reject you. For the right price. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-22 18:55 ` Yuri Khan 2021-10-22 19:30 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-22 21:31 ` Jean Louis @ 2021-10-24 19:05 ` Jean Louis 2021-10-25 0:12 ` Emanuel Berg via Users list for the GNU Emacs text editor 2 siblings, 1 reply; 127+ messages in thread From: Jean Louis @ 2021-10-24 19:05 UTC (permalink / raw) To: Yuri Khan; +Cc: help-gnu-emacs, Emanuel Berg * Yuri Khan <yuri.v.khan@gmail.com> [2021-10-22 21:56]: > (Sorry for the previous unfinished email.) > > On Sat, 23 Oct 2021 at 00:55, Jean Louis <bugs@gnu.support> wrote: > > > For people interested, manual explains about randomity: > > (info "(elisp) Random Numbers") > > > > How I understand it, than it may be that neither `pwgen' is generating > > truly random numbers. > > Inspecting the source shows pwgen uses /dev/urandom if available, and > /dev/random otherwise, and all bytes of the password come from one of > those sources. These are as random as you can get and use thermal > noise in your HDD as one of the sources of randomness. > > On the other hand, the manual for Emacs ‘random’ says: > > A deterministic computer program cannot generate true random numbers. > For most purposes, “pseudo-random numbers” suffice. > > Spoiler: secure password generation is not one of those purposes. Password generation is not "random numbers". Spoiler is futile. All your base are belong to us. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-24 19:05 ` Jean Louis @ 2021-10-25 0:12 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-25 3:54 ` Jean Louis 0 siblings, 1 reply; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-25 0:12 UTC (permalink / raw) To: help-gnu-emacs Jean Louis wrote: >> Spoiler: secure password generation is not one of >> those purposes. > > [...] Spoiler is futile. All your base are belong to us. :) Mess with the best - die like the rest! > Password generation is not "random numbers". Password generation is, to a large extent and to the extent that is difficult/critical, random numbers. -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-25 0:12 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-25 3:54 ` Jean Louis 0 siblings, 0 replies; 127+ messages in thread From: Jean Louis @ 2021-10-25 3:54 UTC (permalink / raw) To: help-gnu-emacs * Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-25 03:13]: > Jean Louis wrote: > > >> Spoiler: secure password generation is not one of > >> those purposes. > > > > [...] Spoiler is futile. All your base are belong to us. > > :) > > Mess with the best - die like the rest! > > > Password generation is not "random numbers". > > Password generation is, to a large extent and to the extent > that is difficult/critical, random numbers. There are different ways to make passwords, one of it is random way. Purpose is to protect access to some digital resource. The purpose is what is important. You don't need a computer to construct a password, computers are new in that regard. Use pen and paper. For me is not convenient with pen and paper in home and office, but in a public Internet point I would not hesitate using it. Apart from all hypothetical discussion none can predict the next password given by (rcd-password) function. Purpose is fulfilled. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-22 17:51 ` Jean Louis 2021-10-22 18:50 ` Yuri Khan 2021-10-22 18:55 ` Yuri Khan @ 2021-10-22 18:57 ` Emanuel Berg via Users list for the GNU Emacs text editor 2 siblings, 0 replies; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-22 18:57 UTC (permalink / raw) To: help-gnu-emacs Jean Louis wrote: > For people interested, manual explains about randomity: > (info "(elisp) Random Numbers") > > How I understand it, than it may be that neither `pwgen' is > generating truly random numbers. Truly random numbers, as you say, cannot be generated since computers are deterministic by nature and definition, and that's a good thing. Maybe quantum computers can do it? For practical purposes it should be random enough as it is, I think. Or that's my superficial understanding of it anyway ... -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-22 13:14 ` Yuri Khan 2021-10-22 17:51 ` Jean Louis @ 2021-10-22 18:53 ` Emanuel Berg via Users list for the GNU Emacs text editor 1 sibling, 0 replies; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-22 18:53 UTC (permalink / raw) To: help-gnu-emacs Yuri Khan wrote: >>> Emacs Lisp is good enough to generate passwords just like >>> `pwgen' >> >> Are there some agreed-upon, formal requirements to >> a password generator? > > The first rule of password generators is to use a crypto > quality randomness generator. Which, as far as I can tell, > Elisp’s ‘random’ is not, at least unless you do a ‘(random > t)’ first. And maybe not even then. Okay, but how do one tell for sure? And, if it isn't good enough, how do we improve it and in what sense? Because, as the saying goes, random numbers are too important to be left to chance ... -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-22 12:56 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-22 13:14 ` Yuri Khan @ 2021-10-22 17:48 ` Jean Louis 2021-10-22 19:26 ` Emanuel Berg via Users list for the GNU Emacs text editor 1 sibling, 1 reply; 127+ messages in thread From: Jean Louis @ 2021-10-22 17:48 UTC (permalink / raw) To: help-gnu-emacs * Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-22 15:57]: > Jean Louis wrote: > > >> it requires an external password generator (per default > >> Gnu-Linux' pwgen) > > > > Emacs Lisp is good enough to generate passwords just like > > `pwgen' > > Are there some agreed-upon, formal requirements to > a password generator? Out of 4540 passwords maintained in my computer and demands by websites, I can conclude that passwords shall: - be very random, not similar to any dictionary words; - have mixture of upper and lower letters; - include some numbers; - include special symbols like & or % -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-22 17:48 ` Jean Louis @ 2021-10-22 19:26 ` Emanuel Berg via Users list for the GNU Emacs text editor 0 siblings, 0 replies; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-22 19:26 UTC (permalink / raw) To: help-gnu-emacs Jean Louis wrote: > Out of 4540 passwords maintained in my computer and demands > by websites, I can conclude that passwords shall: > > - be very random, not similar to any dictionary words Right, since a brute force attack would (1) iterate such existing dictionaries and those are a small subset of all possible passwords, yet if allowed, people would still use them, and more often so than any (to a human) meaningless combination of chars, so not only would it (2) decrease the search space, it would (3) increase the likelihood of a hit in that, already diminished space ... That is, it will be easier to carry out a brute force attack (point 1), and the likelihood of success will increase (points 2 and 3). Technically the search space wouldn't be decreased, on the contrary by disallowing such words, THAT will decrease it, but because of human behavior ... its a decrease that will be an increase! > - have mixture of upper and lower letters; > - include some numbers; > - include special symbols like & or % Well, this will increase the search space size. But just because it looks more cr%pt1C to a human doesn't mean it is necessarily more difficult for a computer since it will just iterate all possible chars ... However the bigger the space -> the more attempts -> the more computing power and/or time will be necessary. The search space size is easy enough to calculate, if the allowed alphabet (chars) are A = {a ... o} and the min password length is n and the max is m (so n <= m), then the number of combinations, i.e. the search space size, would be ... |A|**n + ... + |A|**i + ... + |A|**m for all integers i that are n < i < m (and including the endpoints n and m, this can be put in math using the big sigma, for summation, and below it, initialization, here i = n, above it, where the loop stops if you will, here m, yes inclusive). The math behind it is called combinatorics and is a branch of math that is very easy to a programmer's mind I'd say :) (I hope I won't regret having said that :P) Now, if one doesn't rely on passwords at all, the brute force attack guess it won't ever succeed ... -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-20 17:10 ` Ivano Da Milano ` (2 preceding siblings ...) 2021-10-20 19:45 ` Jean Louis @ 2021-10-21 19:45 ` Emanuel Berg via Users list for the GNU Emacs text editor 3 siblings, 0 replies; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-21 19:45 UTC (permalink / raw) To: help-gnu-emacs Ivano Da Milano wrote: >> > Batch rename >> >> I'm not sure exactly what you mean, but it is possible, >> either directly from Elisp or some solution/combination >> with/from Dired and/or the shell ... > > I mean renaming files all at once, applying string manipulation to the file > name All or almost all shell CLI tools that work on files are "batch" - or should be ... But as has been mentioned, the usual answer would be rename(1p) - "p" as in Perl, or the "User Contributed Perl Documentation". >> > OffLine browser (like HTTrack) >> >> You need/want a special browser for that? > > Not sure about this I'd like my ordinary browser since I'm accustomed to that and have it configured the way I want, it doesn't matter if what is being browsed is a file received from a web server or is a local file I have on disk ... -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-19 22:12 Noob dumb question (extending emacs) Ivano Da Milano 2021-10-20 0:36 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-20 4:04 ` Ivano Da Milano 2021-10-20 5:46 ` H. Dieter Wilhelm 2021-10-20 6:50 ` Jean Louis 3 siblings, 0 replies; 127+ messages in thread From: Ivano Da Milano @ 2021-10-20 4:04 UTC (permalink / raw) To: help-gnu-emacs Wow, thanks so much for your replies. Il Mer 20 Ott 2021, 00:12 Ivano Da Milano <18101982.ia@gmail.com> ha scritto: > Hello everyone. > Please, be patient, as I'm totally new to emacs, but I'm told it can do a > lot more than just editing text. > So, I ask you, are the following possible? > And how to accomplish? (if possible, point me to a ready solution, because > I know nearly nothing about lisp) > > [un]zip/tar/rar/etc archives > ASCII Art - from image, but IIRC, there's an ASCII based paint program > Batch rename > Browser (like Lynx) > Scientific calculator > Calendar > Contacts manager > DBMS (SQL Client) > Diff/patch > File manager (like Midnight Commander) > FTP Client > Id3 tag editor > IRC client > Mail client > MIDI/Music Player > OffLine browser (like HTTrack) > random password generator > Project management > Speech recognition > Spreadsheet (like sc) > System clean > Task manager (like top) > Torrent > Transcoder (with FFMPeg) > TTS (with eSpeak) > Volume mixer (like AlsaMixer) > Wave editor (with SoX) > > Thanks in advance for any help. > ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-19 22:12 Noob dumb question (extending emacs) Ivano Da Milano 2021-10-20 0:36 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-20 4:04 ` Ivano Da Milano @ 2021-10-20 5:46 ` H. Dieter Wilhelm 2021-10-20 5:58 ` Emanuel Berg via Users list for the GNU Emacs text editor [not found] ` <CAPWV0kyjr0=FrkVkH+Wf573fddX3pM4iiEfkQJ6oe1J_pQuNPA@mail.gmail.com> 2021-10-20 6:50 ` Jean Louis 3 siblings, 2 replies; 127+ messages in thread From: H. Dieter Wilhelm @ 2021-10-20 5:46 UTC (permalink / raw) To: Ivano Da Milano; +Cc: help-gnu-emacs Hello Ivano Gnu-Emacs can do a lot for you and often it can be accomplished in multiple ways or with multiple packages. I suggest to tackle one of your tasks after another and coming back with more concrete questions. By the way, on which OS is your Emacs running? Dieter Ivano Da Milano <18101982.ia@gmail.com> writes: > Hello everyone. > Please, be patient, as I'm totally new to emacs, but I'm told it can do a > lot more than just editing text. > So, I ask you, are the following possible? > And how to accomplish? (if possible, point me to a ready solution, because > I know nearly nothing about lisp) > > [un]zip/tar/rar/etc archives > ASCII Art - from image, but IIRC, there's an ASCII based paint program > Batch rename > Browser (like Lynx) > Scientific calculator > Calendar > Contacts manager > DBMS (SQL Client) > Diff/patch > File manager (like Midnight Commander) > FTP Client > Id3 tag editor > IRC client > Mail client > MIDI/Music Player > OffLine browser (like HTTrack) > random password generator > Project management > Speech recognition > Spreadsheet (like sc) > System clean > Task manager (like top) > Torrent > Transcoder (with FFMPeg) > TTS (with eSpeak) > Volume mixer (like AlsaMixer) > Wave editor (with SoX) > > Thanks in advance for any help. > -- Best wishes H. Dieter Wilhelm Zwingenberg, Germany ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-20 5:46 ` H. Dieter Wilhelm @ 2021-10-20 5:58 ` Emanuel Berg via Users list for the GNU Emacs text editor [not found] ` <CAPWV0kyjr0=FrkVkH+Wf573fddX3pM4iiEfkQJ6oe1J_pQuNPA@mail.gmail.com> 1 sibling, 0 replies; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-20 5:58 UTC (permalink / raw) To: help-gnu-emacs H. Dieter Wilhelm wrote: > Gnu-Emacs can do a lot for you and often it can be > accomplished in multiple ways or with multiple packages. Gnu-Emacs haha :) But yes ... > I suggest to tackle one of your tasks after another and > coming back with more concrete questions. Start by editing files ... -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
[parent not found: <CAPWV0kyjr0=FrkVkH+Wf573fddX3pM4iiEfkQJ6oe1J_pQuNPA@mail.gmail.com>]
[parent not found: <86a6j3wo7y.fsf@duenenhof-wilhelm.de>]
[parent not found: <CAPWV0kyogB+u0X4dUhpyEox6pih1MJkjE2e_OoqQoP81NZceHQ@mail.gmail.com>]
* Fwd: Noob dumb question (extending emacs) [not found] ` <CAPWV0kyogB+u0X4dUhpyEox6pih1MJkjE2e_OoqQoP81NZceHQ@mail.gmail.com> @ 2021-10-20 18:31 ` Ivano Da Milano 0 siblings, 0 replies; 127+ messages in thread From: Ivano Da Milano @ 2021-10-20 18:31 UTC (permalink / raw) To: help-gnu-emacs Sorry, sent to wrong address ---------- Forwarded message --------- Da: Ivano Da Milano <18101982.ia@gmail.com> Date: Mer 20 Ott 2021, 20:30 Subject: Re: Noob dumb question (extending emacs) To: H. Dieter Wilhelm <dieter@duenenhof-wilhelm.de> Yes, I have a Samsung Galaxy S9+, with "hacker's keyboards" app, and, when at home, I use it in DeX with mouse+keyboard Il Mer 20 Ott 2021, 20:22 H. Dieter Wilhelm <dieter@duenenhof-wilhelm.de> ha scritto: > Ivano Da Milano <18101982.ia@gmail.com> writes: > > >> By the way, on which OS is your Emacs running? > > > > I bet you won't believe me. Android + Termux > > I believe you, since I also ran Emacs under Termux just to SEE Emacs on > my phone and a tablet! ;-) But without a keyboard I'm lost. You > probably are running Android with better hardware, larger screen and a > keyboard, I assume. At least I hope it for you... > > Have fun > > Dieter > > -- > Best wishes > H. Dieter Wilhelm > Zwingenberg, Germany > ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-19 22:12 Noob dumb question (extending emacs) Ivano Da Milano ` (2 preceding siblings ...) 2021-10-20 5:46 ` H. Dieter Wilhelm @ 2021-10-20 6:50 ` Jean Louis 2021-10-20 8:20 ` Emanuel Berg via Users list for the GNU Emacs text editor 3 siblings, 1 reply; 127+ messages in thread From: Jean Louis @ 2021-10-20 6:50 UTC (permalink / raw) To: Ivano Da Milano; +Cc: help-gnu-emacs * Ivano Da Milano <18101982.ia@gmail.com> [2021-10-20 08:47]: > Hello everyone. > Please, be patient, as I'm totally new to emacs, but I'm told it can do a > lot more than just editing text. > So, I ask you, are the following possible? > And how to accomplish? (if possible, point me to a ready solution, because > I know nearly nothing about lisp) You should use command: M-x package-list-packages To see the available Emacs packages and browse within them to find anything you need or like. > [un]zip/tar/rar/etc archives When in Dired mode, you can press `Z' and pray it will do what you want. > ASCII Art - from image, but IIRC, there's an ASCII based paint > program M-x artist-mode > Batch rename in shell `rename' see: M-x man RET rename RET > Browser (like Lynx) M-s M-w to launch `eww' Emacs browser. > Scientific calculator M-x calc > Calendar M-x calendar > Contacts manager RCD Notes for Emacs https://hyperscope.link/3/7/1/5/5/RCD-Notes-for-Emacs-37155.html Managing 226147 contacts, relations and 16160 accounts like groups and companies with it. > DBMS (SQL Client) M-x sql-postgres or other sql- commands emacs-libpq @ Github https://github.com/anse1/emacs-libpq > Diff/patch M-x diff > File manager (like Midnight Commander) C-x C-f if you need Midnight Commander, then after C-x C-f: C-x 3 > FTP Client C-x C-f RET /ftp:server:/directory > Id3 tag editor id3v2 system command > IRC client M-x irc > Mail client https://www.mutt.org you can run it in Emacs M-x term > MIDI/Music Player In Dired, use & and customize variable `dired-guess-shell-alist-user' > OffLine browser (like HTTrack) Httrack > random password generator https://gnu.support/gnu-emacs/packages/rcd-password-el.html > Project management Evaluate: (info "(emacs) Projects") > Speech recognition M-x doctor after a while it starts recognizing speech... > Spreadsheet (like sc) M-x ses-mode or $ gnumeric > System clean Use system `sweeper' > Task manager (like top) M-x proced > Torrent M-& aria2c "magnet:your-favorite-link" > Transcoder (with FFMPeg) I use what I made, and I convert videos for Internet: First: https://gnu.support/gnu-emacs/packages/rcd-utilities-el.html (defun video-mime-type-p (file) "Determines mime type of video" (let ((mime-type (rcd-mime-type file))) (if (string-match "video" mime-type) file nil))) (defun video2webm-dired () "Converts any video to webm" (interactive) (let* ((bitrate (read-number "Bitrate: " 300)) (videos (dired-get-marked-files)) (videos (mapcar 'video-mime-type-p videos)) (videos (seq-remove 'null videos)) (async-shell-command-buffer 'new-buffer) (command (format "ffmpeg -y -i `?` -c:v libvpx-vp9 -b:v %sk -pass 1 -passlogfile `?` -speed 4 -c:a libopus -f webm /dev/null -async 1 -vsync passthrough && ffmpeg -y -i `?` -c:v libvpx-vp9 -b:v %sk -pass 2 -passlogfile `?` -speed 1 -c:a libopus \`?`.webm -async 1 -vsync passthrough && rm `?`-0.log;" bitrate bitrate))) (dired-do-async-shell-command command nil videos))) > TTS (with eSpeak) See: https://gnu.support/gnu-emacs/packages/rcd-utilities-el.html > Volume mixer (like AlsaMixer) (global-set-key (kbd "<XF86AudioLowerVolume>") 'emms-volume-lower) (global-set-key (kbd "<XF86AudioRaiseVolume>") 'emms-volume-raise) > Wave editor (with SoX) kwave -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-20 6:50 ` Jean Louis @ 2021-10-20 8:20 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-20 14:13 ` Jean Louis 0 siblings, 1 reply; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-20 8:20 UTC (permalink / raw) To: help-gnu-emacs Jean Louis wrote: > M-x package-list-packages > > To see the available Emacs packages and browse within them > to find anything you need or like. You will see ELPA that way and with this MELPA as well: (push '("melpa" . "https://melpa.org/packages/") package-archives) But there are many more packages out there ... >> File manager (like Midnight Commander) > > C-x C-f > > if you need Midnight Commander, then after C-x C-f: > > C-x 3 HA! Bravo ... > M-x irc That way you get Rcirc ... not recommended, use ERC. >> random password generator > > https://gnu.support/gnu-emacs/packages/rcd-password-el.html You can improve that code a lot ... >> Speech recognition > > M-x doctor > > after a while it starts recognizing speech... :) > I use what I made, and I convert videos for Internet: > > First: https://gnu.support/gnu-emacs/packages/rcd-utilities-el.html > > (defun video-mime-type-p (file) > "Determines mime type of video" > (let ((mime-type (rcd-mime-type file))) > (if (string-match "video" mime-type) file nil))) > > (defun video2webm-dired () > "Converts any video to webm" > (interactive) > (let* ((bitrate (read-number "Bitrate: " 300)) > (videos (dired-get-marked-files)) > (videos (mapcar 'video-mime-type-p videos)) > (videos (seq-remove 'null videos)) > (async-shell-command-buffer 'new-buffer) > (command (format "ffmpeg -y -i `?` -c:v libvpx-vp9 -b:v %sk -pass 1 -passlogfile `?` -speed 4 -c:a libopus -f webm /dev/null -async 1 -vsync passthrough && ffmpeg -y -i `?` -c:v libvpx-vp9 -b:v %sk -pass 2 -passlogfile `?` -speed 1 -c:a libopus \`?`.webm -async 1 -vsync passthrough && rm `?`-0.log;" bitrate bitrate))) > (dired-do-async-shell-command command nil videos))) :) -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-20 8:20 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-20 14:13 ` Jean Louis 2021-10-21 19:56 ` Emanuel Berg via Users list for the GNU Emacs text editor 0 siblings, 1 reply; 127+ messages in thread From: Jean Louis @ 2021-10-20 14:13 UTC (permalink / raw) To: help-gnu-emacs * Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-20 11:23]: > > M-x irc > > That way you get Rcirc ... not recommended, use ERC. M-x irc works so fine. When was last time you tried it out? And I use XMPP chat, jabber.el all day and manage teams in few countries with it. > >> random password generator > > > > https://gnu.support/gnu-emacs/packages/rcd-password-el.html > > You can improve that code a lot ... For now it just works, it pass so far 100% of websites asking for passwords and in connection with RCD Notes, passwords are stored in the database. It looks like this: ID 25 Date created "2021-03-22 16:30:25.728468" Date modified "2021-04-11 15:11:15.905016" User created "myuser" User modified "myuser" Password type "WWW Host" Person related "Jean Louis" Host name "bugs.amule.org" Username "muusername" E-mail "my@example.com" Password "\\xc30d040703025a11da979548a7bc60d24001f2e1f625056df45e9871e6e3a2a14735b878b2611c761b255adf9fbffc11be090fd0c1cb2b145bd6d05890c6a7e8dd1fa3bc3d20e3de64e9ccd124535e3451" Description nil > >> Speech recognition > > > > M-x doctor > > > > after a while it starts recognizing speech... > > :) I knew you will understand it. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/ ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-20 14:13 ` Jean Louis @ 2021-10-21 19:56 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-23 10:51 ` Tassilo Horn 0 siblings, 1 reply; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-21 19:56 UTC (permalink / raw) To: help-gnu-emacs Jean Louis wrote: >>> M-x irc >> >> That way you get Rcirc ... not recommended, use ERC. > > M-x irc works so fine. I hope so :) But I think ERC is more powerful and now (it wasn't always like that) it seems to have a very active little team of developers working on it at a very high skill level! There was a time I always cross-posted ERC matters to gmane.emacs.erc.general and gmane.emacs.help since no one ever replied on gmane.emacs.erc.general anyway ... not so anymore! Good. BTW maybe ERC should be invoked on M-x irc RET ? > When was last time you tried it out? Such things aren't logged as that would impose a huge overhead ... > And I use XMPP chat, jabber.el all day and manage teams in > few countries with it. Okay, what do these teams do? > For now it just works But Lisp is an elitist language ... > with RCD Notes What is RCD? -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-21 19:56 ` Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-23 10:51 ` Tassilo Horn 2021-10-23 18:36 ` Emanuel Berg via Users list for the GNU Emacs text editor 0 siblings, 1 reply; 127+ messages in thread From: Tassilo Horn @ 2021-10-23 10:51 UTC (permalink / raw) To: Emanuel Berg; +Cc: help-gnu-emacs Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> writes: >>>> M-x irc >>> >>> That way you get Rcirc ... not recommended, use ERC. >> >> M-x irc works so fine. > > I hope so :) > > But I think ERC is more powerful and now (it wasn't always > like that) it seems to have a very active little team of > developers working on it at a very high skill level! Hey, don't underestimate the work Philip Kaludercic has done in rcirc lately, e.g., support for several IRCv3 features, and support for SASL authentication! Also note that "rcirc" is almost part of his lastname which suggests a bright future, doesn't it? > BTW maybe ERC should be invoked on M-x irc RET ? I think that's off the table. Users who always used M-x irc RET shouldn't face a situation where another client is invoked and their configs are disregarded. Bye, Tassilo ^ permalink raw reply [flat|nested] 127+ messages in thread
* Re: Noob dumb question (extending emacs) 2021-10-23 10:51 ` Tassilo Horn @ 2021-10-23 18:36 ` Emanuel Berg via Users list for the GNU Emacs text editor 0 siblings, 0 replies; 127+ messages in thread From: Emanuel Berg via Users list for the GNU Emacs text editor @ 2021-10-23 18:36 UTC (permalink / raw) To: help-gnu-emacs Tassilo Horn wrote: >>>>> M-x irc >>>> >>>> That way you get Rcirc ... not recommended, use ERC. >>> >>> M-x irc works so fine. >> >> I hope so :) >> >> But I think ERC is more powerful and now (it wasn't always >> like that) it seems to have a very active little team of >> developers working on it at a very high skill level! > > Hey, don't underestimate the work Philip Kaludercic has done > in rcirc lately, e.g., support for several IRCv3 features, > and support for SASL authentication! Also note that "rcirc" > is almost part of his lastname which suggests a bright > future, doesn't it? Okay, heh. -- underground experts united https://dataswamp.org/~incal ^ permalink raw reply [flat|nested] 127+ messages in thread
end of thread, other threads:[~2021-11-05 22:00 UTC | newest] Thread overview: 127+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2021-10-19 22:12 Noob dumb question (extending emacs) Ivano Da Milano 2021-10-20 0:36 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-20 6:34 ` Marcin Borkowski 2021-10-20 18:13 ` H. Dieter Wilhelm 2021-10-20 6:53 ` Jean Louis 2021-10-20 8:23 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-20 17:10 ` Ivano Da Milano 2021-10-20 18:41 ` Tassilo Horn 2021-10-20 18:56 ` Ken Goldman 2021-10-20 19:01 ` Ivano Da Milano 2021-10-20 19:45 ` Jean Louis 2021-10-21 5:27 ` Ivano Da Milano 2021-10-21 7:40 ` H. Dieter Wilhelm 2021-10-21 15:46 ` Ivano Da Milano 2021-10-21 16:03 ` H. Dieter Wilhelm 2021-10-21 17:49 ` Ivano Da Milano 2021-10-21 18:51 ` Jean Louis 2021-10-21 20:02 ` H. Dieter Wilhelm 2021-10-21 22:58 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-22 6:59 ` H. Dieter Wilhelm 2021-10-22 12:18 ` Jean Louis 2021-10-22 12:56 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-22 13:14 ` Yuri Khan 2021-10-22 17:51 ` Jean Louis 2021-10-22 18:50 ` Yuri Khan 2021-10-22 19:29 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-22 21:22 ` Jean Louis 2021-10-23 18:08 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-24 7:10 ` Jean Louis 2021-10-24 9:35 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-24 17:41 ` Jean Louis 2021-10-24 18:20 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-25 5:47 ` Jean Louis 2021-10-25 9:40 ` Yuri Khan 2021-10-25 10:23 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-25 12:41 ` Jean Louis 2021-10-25 19:22 ` Jean Louis 2021-10-25 19:46 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-25 19:52 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-25 19:56 ` About randomity, entropy, random passwords - was " Jean Louis 2021-10-25 20:29 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-25 20:00 ` Jean Louis 2021-10-25 19:56 ` Yuri Khan 2021-10-25 20:24 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-25 20:34 ` Jean Louis 2021-10-25 20:29 ` About randomity, entropy, random passwords - was " Jean Louis 2021-10-28 20:39 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-23 8:41 ` Michael Heerdegen 2021-10-23 10:16 ` Yuri Khan 2021-10-23 10:46 ` Michael Heerdegen 2021-10-23 18:27 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-24 8:16 ` Michael Heerdegen 2021-10-28 2:24 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-28 11:41 ` Michael Heerdegen 2021-10-28 12:07 ` tomas 2021-10-28 20:56 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-28 22:54 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-31 20:46 ` Michael Heerdegen 2021-11-01 2:09 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-11-01 19:38 ` Michael Heerdegen 2021-11-03 1:06 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-11-03 21:24 ` Michael Heerdegen 2021-11-03 22:16 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-11-05 19:03 ` Jean Louis 2021-11-05 21:50 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-31 20:42 ` Michael Heerdegen 2021-11-05 18:59 ` Jean Louis 2021-10-23 12:54 ` Michael Heerdegen 2021-10-23 13:07 ` Yuri Khan 2021-10-23 18:41 ` ERC links to man pages (was: Re: Noob dumb question (extending emacs)) Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-24 7:08 ` Noob dumb question (extending emacs) Jean Louis 2021-10-24 8:57 ` Michael Heerdegen 2021-10-24 17:59 ` Jean Louis 2021-10-25 9:18 ` Michael Heerdegen 2021-10-25 9:33 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-25 19:44 ` Jean Louis 2021-10-25 20:20 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-25 20:33 ` Jean Louis 2021-10-25 12:45 ` Jean Louis 2021-10-25 13:20 ` Michael Heerdegen 2021-10-25 19:54 ` About randomity, entropy, random passwords - was " Jean Louis [not found] ` <YXcLIC+doASdNFll@protected.localdomain> [not found] ` <87cznryfnz.fsf@web.de> 2021-10-26 18:52 ` Jean Louis 2021-10-23 18:22 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-23 19:52 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-24 6:43 ` Jean Louis 2021-10-24 8:28 ` Michael Heerdegen 2021-10-24 18:03 ` Jean Louis 2021-10-24 9:31 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-24 18:09 ` Jean Louis 2021-10-24 18:30 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-25 5:31 ` Jean Louis 2021-10-28 2:33 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-11-05 19:09 ` Passwords -- " Jean Louis 2021-11-05 22:00 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-23 18:17 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-24 8:42 ` Michael Heerdegen 2021-10-22 18:55 ` Yuri Khan 2021-10-22 19:30 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-22 21:31 ` Jean Louis 2021-10-22 22:21 ` H. Dieter Wilhelm 2021-10-23 10:46 ` Yuri Khan 2021-10-23 18:13 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-24 7:48 ` Yuri Khan 2021-10-24 9:37 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-24 6:45 ` Jean Louis 2021-10-24 8:50 ` Michael Heerdegen 2021-10-24 17:20 ` Jean Louis 2021-10-24 18:17 ` Yuri Khan 2021-10-24 19:07 ` Jean Louis 2021-10-24 19:05 ` Jean Louis 2021-10-25 0:12 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-25 3:54 ` Jean Louis 2021-10-22 18:57 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-22 18:53 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-22 17:48 ` Jean Louis 2021-10-22 19:26 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-21 19:45 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-20 4:04 ` Ivano Da Milano 2021-10-20 5:46 ` H. Dieter Wilhelm 2021-10-20 5:58 ` Emanuel Berg via Users list for the GNU Emacs text editor [not found] ` <CAPWV0kyjr0=FrkVkH+Wf573fddX3pM4iiEfkQJ6oe1J_pQuNPA@mail.gmail.com> [not found] ` <86a6j3wo7y.fsf@duenenhof-wilhelm.de> [not found] ` <CAPWV0kyogB+u0X4dUhpyEox6pih1MJkjE2e_OoqQoP81NZceHQ@mail.gmail.com> 2021-10-20 18:31 ` Fwd: " Ivano Da Milano 2021-10-20 6:50 ` Jean Louis 2021-10-20 8:20 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-20 14:13 ` Jean Louis 2021-10-21 19:56 ` Emanuel Berg via Users list for the GNU Emacs text editor 2021-10-23 10:51 ` Tassilo Horn 2021-10-23 18:36 ` Emanuel Berg via Users list for the GNU Emacs text editor
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).