From: Michael Heerdegen <michael_heerdegen@web.de>
To: help-gnu-emacs@gnu.org
Subject: Re: Noob dumb question (extending emacs)
Date: Thu, 28 Oct 2021 13:41:23 +0200 [thread overview]
Message-ID: <878rydbcm4.fsf@web.de> (raw)
In-Reply-To: 87k0hxj37u.fsf@zoho.eu
Emanuel Berg via Users list for the GNU Emacs text editor
<help-gnu-emacs@gnu.org> writes:
> Michael Heerdegen wrote:
>
> > 48 ln(2)
> > l = -------- ~ 8.13.
> > ln(60)
> >
> > That would mean that already for a length of 9 only a small
> > fraction of passwords are computable.
>
> Okay, why do you say/how do you know that?
Anything besides used entropy is deterministic.
If you initialize the seed with a certain entropy, it means that you
randomly get one seed out of N possible (known) seeds. In our case N =
2^31 (or something like that).
To understand the reasoning behind the following it can help to assume a
small N, e.g. N=2, N=10 or N=100, and then think about what
fundamentally changes if N is larger (actually nothing, you only need
accordingly more tries to guess). This is all quite trivial, only the
large numbers involved cloud a bit what is going on.
Ok. Those possible seeds are known (computable) to everyone: You start
with a random seed out of a public list of N seeds.
With each of these seeds, `random' will generate one out of N possible
predefined sequences of numbers. With the exception: If N is larger
than the number of possible different results of `random' (a finite
number of course), let's name it "M", then you must set N = M in the
following considerations.
So if you use a publicly known deterministic algorithm using `random',
your algorithm will generate one out of N possible publicly known
password sequences for each call.
Security of these passwords stands and falls with the size of N:
Say your algorithm calculates passwords using an alphabet consisting of
a number b of letters, e.g. b=60 for small and capital letters plus some
special characters. Then the entropy used is enough to generate
pseudo-random passwords of a length l when b^l ~ N (where "~" means "is
approximately").
Why? If l is smaller, b^l < N, your algorithm would often calculate the
same password for different seeds, and you would waste a portion of the
initial randomness (entropy).
If l is larger, b^l > N, the passwords per se are stronger in theory
but... that doesn't matter if you publish the algorithm that computed
the passwords (or one can guess that algorithm). Then I still have to
try only N passwords, not more than when a smaller password length is
used. One could say that those longer passwords contain redundancy: a
part of those password strings is determined by the rest of the password
string and doesn't offer additional security.
The situation would be similar to posting on your homepage:
"Any of my accounts uses a password out of this list:
{ "nx4BgzrJmZq0+!YPp<O|]8k&Q"<M2-`<nSV#|CH-",
"%d~8bqv1j^rl51\6(9#/d[!D91_X_H/=`|&S]|SQ",
":2A]sw=V;--q)RKLOIdoxd`9B+4#Q5[WY\8yFNl",
"?ljGuo\-;VF"9;F$MgU~uP|Ztk$!!9kxAsv~,Lv?",
">%M\s=>!xHP9|EMEzR[&Wu&$,\]lS`fN1y:Bc!Ey",
"igbf^Hlcxyg,A0MBa>d:!,}{x"j%?Qi^,P<YDP-|",
"/iGww)fjE:*$:uv,$>)M=M?|UF2DZ4|>*Mx"&>(;!,
"EzIRpdH|;R^1iTAG'*P5LdoJ5sS_Y2kN#S:{S_a\",
"rLBtPlQ6Unml'5`+B*l^LA}8>/8C}=I)1(']Zqz+",
"Zt.J$fP<$zU)^AH}<ymP-cNkwz%8#1=+A]<1XON!" }
Those are all very strong passwords, and the method I use to choose one
of them randomly is so clever and uses so much entropy that it's
impossible to guess it. Try it, Mentalist!"
But since all of those possible passwords are publicly known the
situation is not better than using a random password out of
{"0", "1",..., "9"}: not more secure than using random passwords of
length 1 (even less).
Or using the formula mentioned,
ln(N) ln(10)
------ = -------- < 1.
ln(b) ln(60)
Now do the same consideration with a larger N. Whether your passwords
are secure only depends on the real value of N. And it seems that in
our case N is simply too small for good security.
AFAIU the problem in Emacs is that the number of possible results of
`random' (I called it M) is too small. If you initialize the random
seed with an entropy N larger than M, there will be only M instead of N
classes of different initializations of the random number generator:
each class would consist of approximately N/M different seeds which
initialize the random generator with exactly the same state.
If you initialize the seed using large strings for example, this would
be comparable to using only the first three characters of these strings
carrying high entropy to initialize the random number generator. It
would not be, in any way, better than using only three character long
strings carrying very small entropy.
Michael.
next prev parent reply other threads:[~2021-10-28 11:41 UTC|newest]
Thread overview: 127+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-19 22:12 Noob dumb question (extending emacs) Ivano Da Milano
2021-10-20 0:36 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-20 6:34 ` Marcin Borkowski
2021-10-20 18:13 ` H. Dieter Wilhelm
2021-10-20 6:53 ` Jean Louis
2021-10-20 8:23 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-20 17:10 ` Ivano Da Milano
2021-10-20 18:41 ` Tassilo Horn
2021-10-20 18:56 ` Ken Goldman
2021-10-20 19:01 ` Ivano Da Milano
2021-10-20 19:45 ` Jean Louis
2021-10-21 5:27 ` Ivano Da Milano
2021-10-21 7:40 ` H. Dieter Wilhelm
2021-10-21 15:46 ` Ivano Da Milano
2021-10-21 16:03 ` H. Dieter Wilhelm
2021-10-21 17:49 ` Ivano Da Milano
2021-10-21 18:51 ` Jean Louis
2021-10-21 20:02 ` H. Dieter Wilhelm
2021-10-21 22:58 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-22 6:59 ` H. Dieter Wilhelm
2021-10-22 12:18 ` Jean Louis
2021-10-22 12:56 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-22 13:14 ` Yuri Khan
2021-10-22 17:51 ` Jean Louis
2021-10-22 18:50 ` Yuri Khan
2021-10-22 19:29 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-22 21:22 ` Jean Louis
2021-10-23 18:08 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-24 7:10 ` Jean Louis
2021-10-24 9:35 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-24 17:41 ` Jean Louis
2021-10-24 18:20 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-25 5:47 ` Jean Louis
2021-10-25 9:40 ` Yuri Khan
2021-10-25 10:23 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-25 12:41 ` Jean Louis
2021-10-25 19:22 ` Jean Louis
2021-10-25 19:46 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-25 19:52 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-25 19:56 ` About randomity, entropy, random passwords - was " Jean Louis
2021-10-25 20:29 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-25 20:00 ` Jean Louis
2021-10-25 19:56 ` Yuri Khan
2021-10-25 20:24 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-25 20:34 ` Jean Louis
2021-10-25 20:29 ` About randomity, entropy, random passwords - was " Jean Louis
2021-10-28 20:39 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-23 8:41 ` Michael Heerdegen
2021-10-23 10:16 ` Yuri Khan
2021-10-23 10:46 ` Michael Heerdegen
2021-10-23 18:27 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-24 8:16 ` Michael Heerdegen
2021-10-28 2:24 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-28 11:41 ` Michael Heerdegen [this message]
2021-10-28 12:07 ` tomas
2021-10-28 20:56 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-28 22:54 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-31 20:46 ` Michael Heerdegen
2021-11-01 2:09 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-11-01 19:38 ` Michael Heerdegen
2021-11-03 1:06 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-11-03 21:24 ` Michael Heerdegen
2021-11-03 22:16 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-11-05 19:03 ` Jean Louis
2021-11-05 21:50 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-31 20:42 ` Michael Heerdegen
2021-11-05 18:59 ` Jean Louis
2021-10-23 12:54 ` Michael Heerdegen
2021-10-23 13:07 ` Yuri Khan
2021-10-23 18:41 ` ERC links to man pages (was: Re: Noob dumb question (extending emacs)) Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-24 7:08 ` Noob dumb question (extending emacs) Jean Louis
2021-10-24 8:57 ` Michael Heerdegen
2021-10-24 17:59 ` Jean Louis
2021-10-25 9:18 ` Michael Heerdegen
2021-10-25 9:33 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-25 19:44 ` Jean Louis
2021-10-25 20:20 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-25 20:33 ` Jean Louis
2021-10-25 12:45 ` Jean Louis
2021-10-25 13:20 ` Michael Heerdegen
2021-10-25 19:54 ` About randomity, entropy, random passwords - was " Jean Louis
[not found] ` <YXcLIC+doASdNFll@protected.localdomain>
[not found] ` <87cznryfnz.fsf@web.de>
2021-10-26 18:52 ` Jean Louis
2021-10-23 18:22 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-23 19:52 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-24 6:43 ` Jean Louis
2021-10-24 8:28 ` Michael Heerdegen
2021-10-24 18:03 ` Jean Louis
2021-10-24 9:31 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-24 18:09 ` Jean Louis
2021-10-24 18:30 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-25 5:31 ` Jean Louis
2021-10-28 2:33 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-11-05 19:09 ` Passwords -- " Jean Louis
2021-11-05 22:00 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-23 18:17 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-24 8:42 ` Michael Heerdegen
2021-10-22 18:55 ` Yuri Khan
2021-10-22 19:30 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-22 21:31 ` Jean Louis
2021-10-22 22:21 ` H. Dieter Wilhelm
2021-10-23 10:46 ` Yuri Khan
2021-10-23 18:13 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-24 7:48 ` Yuri Khan
2021-10-24 9:37 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-24 6:45 ` Jean Louis
2021-10-24 8:50 ` Michael Heerdegen
2021-10-24 17:20 ` Jean Louis
2021-10-24 18:17 ` Yuri Khan
2021-10-24 19:07 ` Jean Louis
2021-10-24 19:05 ` Jean Louis
2021-10-25 0:12 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-25 3:54 ` Jean Louis
2021-10-22 18:57 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-22 18:53 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-22 17:48 ` Jean Louis
2021-10-22 19:26 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-21 19:45 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-20 4:04 ` Ivano Da Milano
2021-10-20 5:46 ` H. Dieter Wilhelm
2021-10-20 5:58 ` Emanuel Berg via Users list for the GNU Emacs text editor
[not found] ` <CAPWV0kyjr0=FrkVkH+Wf573fddX3pM4iiEfkQJ6oe1J_pQuNPA@mail.gmail.com>
[not found] ` <86a6j3wo7y.fsf@duenenhof-wilhelm.de>
[not found] ` <CAPWV0kyogB+u0X4dUhpyEox6pih1MJkjE2e_OoqQoP81NZceHQ@mail.gmail.com>
2021-10-20 18:31 ` Fwd: " Ivano Da Milano
2021-10-20 6:50 ` Jean Louis
2021-10-20 8:20 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-20 14:13 ` Jean Louis
2021-10-21 19:56 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-23 10:51 ` Tassilo Horn
2021-10-23 18:36 ` Emanuel Berg via Users list for the GNU Emacs text editor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=878rydbcm4.fsf@web.de \
--to=michael_heerdegen@web.de \
--cc=help-gnu-emacs@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).