From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Jean Louis Newsgroups: gmane.emacs.help Subject: About randomity, entropy, random passwords - was Re: Noob dumb question (extending emacs) Date: Mon, 25 Oct 2021 23:29:43 +0300 Message-ID: References: <875ytnzka1.fsf@zoho.eu> <87h7d6zrx9.fsf@zoho.eu> <87fssqxp1s.fsf@zoho.eu> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="25843"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Mutt/2.0.7+183 (3d24855) (2021-05-28) Cc: help-gnu-emacs To: Yuri Khan Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Mon Oct 25 22:32:34 2021 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mf6dz-0006UM-NZ for geh-help-gnu-emacs@m.gmane-mx.org; Mon, 25 Oct 2021 22:32:31 +0200 Original-Received: from localhost ([::1]:32808 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mf6dy-0000P4-ER for geh-help-gnu-emacs@m.gmane-mx.org; Mon, 25 Oct 2021 16:32:30 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:60938) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mf6cf-0008RS-K5 for help-gnu-emacs@gnu.org; Mon, 25 Oct 2021 16:31:09 -0400 Original-Received: from stw1.rcdrun.com ([217.170.207.13]:41377) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mf6cb-0003Ni-4i for help-gnu-emacs@gnu.org; Mon, 25 Oct 2021 16:31:09 -0400 Original-Received: from localhost ([::ffff:41.75.189.151]) (AUTH: PLAIN admin, TLS: TLS1.3,256bits,ECDHE_RSA_AES_256_GCM_SHA384) by stw1.rcdrun.com with ESMTPSA id 0000000000027F1D.0000000061771406.000047EE; Mon, 25 Oct 2021 13:31:02 -0700 Mail-Followup-To: Yuri Khan , help-gnu-emacs Content-Disposition: inline In-Reply-To: Received-SPF: pass client-ip=217.170.207.13; envelope-from=bugs@gnu.support; helo=stw1.rcdrun.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "help-gnu-emacs" Xref: news.gmane.io gmane.emacs.help:134163 Archived-At: * Yuri Khan [2021-10-25 23:12]: > On Tue, 26 Oct 2021 at 02:25, Jean Louis wrote: > > > Yuri and Michael H., you are very right, too simple password > > generation without enough entropy produces duplicate passwords. > > What tipped you to this conclusion? I did the `dotimes' and found same passwords without goods seed. Then I have improved the seed. > Still wrong! You still cannot guess the next password coming... with or without good seed. But your tips did make it more random on my side. ;-p > > (defun rcd-read-urandom (&optional length) > > "I am also free to modify the Emacs Lisp unlimited times." > > (shell-command-to-string "head -n 1 /dev/urandom")) > > Here you read the first newline-delimited line of /dev/urandom, which > may be a lot. If you have to use ‘head’, use it with -c and give a > byte count. That one I forgot the same time I wrote it, it was just thinking. I don't like external commands. > > (defun rcd-password-generate-1 (string) > > "Return capitalized or downcased single symbol from a string" > > (random (format "%s" (rcd-read-urandom))) > > Here you seed the Emacs random generator with the entropy. However, > the Emacs random generator can only use 48 bits of entropy in the best > case, so it grabs exactly that and drops the remainder on the floor. It may be, I dropped that one. > > (let* ((max (length string)) > > (rnd (random max)) > > (single (substring string rnd (+ rnd 1)))) > > single)) > > Then you proceed to generate a random password using the seeded > pseudo-random generator. Which is a step up from an unseeded > pseudo-random generator (you could generate a series of passwords from > a single seed, making it easier for the attacker who knows one to > guess others) but still not as random as you would get by just > converting raw entropy into printable characters. I'll stick to random Emacs uptime concatenated to microseconds, nanoseconds and milliseconds. -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns In support of Richard M. Stallman https://stallmansupport.org/