From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Jean Louis Newsgroups: gmane.emacs.help Subject: Re: Noob dumb question (extending emacs) Date: Sun, 24 Oct 2021 10:08:12 +0300 Message-ID: References: <87o87hnrpt.fsf@zoho.eu> <87y26kkuag.fsf@web.de> <875ytnucjn.fsf@web.de> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="16053"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Mutt/2.0.7+183 (3d24855) (2021-05-28) Cc: Michael Heerdegen , help-gnu-emacs To: Yuri Khan Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Sun Oct 24 09:12:08 2021 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1meXfr-0003wX-ED for geh-help-gnu-emacs@m.gmane-mx.org; Sun, 24 Oct 2021 09:12:07 +0200 Original-Received: from localhost ([::1]:60848 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1meXfq-0001Si-6y for geh-help-gnu-emacs@m.gmane-mx.org; Sun, 24 Oct 2021 03:12:06 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:59784) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1meXeZ-0001RY-KN for help-gnu-emacs@gnu.org; Sun, 24 Oct 2021 03:10:48 -0400 Original-Received: from stw1.rcdrun.com ([217.170.207.13]:55239) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1meXeX-0002YE-FG for help-gnu-emacs@gnu.org; Sun, 24 Oct 2021 03:10:47 -0400 Original-Received: from localhost ([::ffff:41.75.191.219]) (AUTH: PLAIN admin, TLS: TLS1.3,256bits,ECDHE_RSA_AES_256_GCM_SHA384) by stw1.rcdrun.com with ESMTPSA id 0000000000065D91.00000000617506F2.00000F39; Sun, 24 Oct 2021 00:10:42 -0700 Mail-Followup-To: Yuri Khan , Michael Heerdegen , help-gnu-emacs Content-Disposition: inline In-Reply-To: Received-SPF: pass client-ip=217.170.207.13; envelope-from=bugs@gnu.support; helo=stw1.rcdrun.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "help-gnu-emacs" Xref: news.gmane.io gmane.emacs.help:134089 Archived-At: * Yuri Khan [2021-10-23 16:09]: > On Sat, 23 Oct 2021 at 19:55, Michael Heerdegen > wrote: > > > In Emacs, as far as I can tell, best case, the random > > > seed is 48 bits. > > > > Is the random number generator able to use more than 48 bits of entropy? > > Not as far as I can tell from srand48(3). > > This pseudo-random number generator is not designed to be used for > password generation and cryptography. It’s okay for simulations, > games, network retry delays, this kind of things. What is better? 1. To have users "invent" their passwors by letting them type it each time? 2. Or maybe to offer them a random password like: "6IcH8L$BnQcmL-NrnSHe" which they can anyway change if they like? In my practical password generation the latter option is more secure, then if I start inventing passwords like "So8ething98" which I consider less secure or using hands to type something random like "asdf45huji" which in the end and due to habits may not be that random at all. When making highly hypothetical observation it is not bad to remember the practical use of it. Emacs Lisp how it is can generate random passwords and that is what matters and is practically useful. If you wish to say that passwords are not random, unsafe, and so on, please demonstrate it practically, not just theoretically. For example, try to predict the outcome of the following: (random (format "%s" (random))) And provide a script in any programming language that will predict the outcome of that function. Prove it. Don't let it be just confusing. If you can do that, you have completed scientific exercise and have proven it empirically that passwords are not random. Not only theoretically, as from theory I have no practical benefit. By using (rcd-password) ⇒ "n=(3hWqlaWfPRTSDQrWV" function I have a constant daily practical benefit. Then I have to face a professional programmer of Emacs Lisp who wants to convince me that I should not be generating passwords by using Emacs Lisp. Come on. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/