From: Jean Louis <bugs@gnu.support>
To: Michael Heerdegen <michael_heerdegen@web.de>
Cc: help-gnu-emacs@gnu.org
Subject: Re: Noob dumb question (extending emacs)
Date: Tue, 26 Oct 2021 21:52:54 +0300 [thread overview]
Message-ID: <YXhOhhnj8/qetDnM@protected.localdomain> (raw)
In-Reply-To: <87cznryfnz.fsf@web.de>
* Michael Heerdegen <michael_heerdegen@web.de> [2021-10-26 18:22]:
> Jean Louis <bugs@gnu.support> writes:
>
> > That is called brute force. Not an algorithm that breaks the function
> > and predicts its outcome.
>
> So your accounts all have a disclaimer saying "you are only allowed to
> crack the password of this account using an algorithm that predicts the
> password"? Does everybody respect it?
With enough attempts every password can be cracked.
Function `rcd-password' generates passwords and it is helpful and
useful with websites. Purpose is fulfilled. To say that generated
password is not sure enough and that somebody can predict it, then
better would be to prove it. As if you are cracking a random password
on a website you cannot even know how it was generated or devised.
> > Emacs Lisp function `random' is quite handy and definitely not random
> > enough as such. But with little support of Emacs Lisp it becomes very
> > random. The matter is solved by providing a new seed.
>
> The part you didn't yet understand is: the random number generator used
> can only generate 2^48 different results. AFAIU the code (sysdep.c) it
> is even only 2^31 different results. You can use exabytes of entropy to
> set a seed and it will still only be able to generate 2^31 different
> results. It will only give you one out of 2^31 possible passwords. I
> will only have to try these 2^31. That's just not secure enough. We
> have mentioned this already several times, but you continuously ignore
> it for some reason.
I surely understand your hypothetical and idealistic thinking. I think
that number 2³¹ is this one: (expt 2 31) ⇒ 2,147,483,648 -- you say
that is too little, and somebody could "find" the possible password. I
think you imply that after somebody has attempted for example 1
billion times, then this person, cracker, would get control over some
of my website accounts. I don't think this is a problem neither for
`pwgen' generated passwords neither for `rcd-password' generated
passwords, because the probability for brute force attempts is equal,
regardless how password has been generated.
Let us say that there is truly random password: "jgu" -- from there it
should be obvious that a brute force password cracking program would
quickly solve it.
You speak of entropy and in same time of with brute force method. It
is disregarded that it becomes irrelevant for brute force how password
has been generated, what it consists of.
Further, the function `rcd-password' uses more basic functions
`rcd-password-generate-1' that in turn for each generated letter uses
different, again random, seed. That system increases randomity to
indefinite.
(defun rcd-random-md5-string ()
(md5 (concat (emacs-uptime) (format-time-string "%N %6N %3N"))))
(defun rcd-password-generate-1 (string)
"Return capitalized or downcased single symbol from a string"
(random (rcd-random-md5-string))
(let* ((max (length string))
(rnd (random max))
(single (substring string rnd (+ rnd 1))))
single))
Now we come back to it, if there is way to practically predict the
outcome, then show me, make the Emacs Lisp function that demonstrates
it.
I can for example give you list of passwords, and you can, by
observing those passwords try to demonstrate to know which one will be
a next password. That way you can prove the statement from your side.
Unless it is proven that you or somebody, can predict a password
generated, `rcd-password' is useful function to generate passwords.
To crack a password generated by `rcd-password' on somebody:
- you would need to know how is password generated, you have the
access to source, but you cannot know what was the seed. Try to
guess the seed by guessing the md5 hash of my Emacs uptime and exact
microsecond, nanosecond and millisecond when password was generated;
- you would need to know which website, which system account, what is
the name of system account;
- you would need maybe to have access to physical computer on my side;
- you would need to have a program that breaks my program and finds
out or predicts random passwords outcome;
And more than that.
If we speak only of brute force cracking that means it is irrelevant
to the fact how password was generated in the first place. Brute force
cracking does not prove that password generated by Emacs Lisp function
is unsafe.
If password is 20 chars long, than 2.2 billion times x 20 =
44000000000, I guess 44 gigabytes. I could open up VPS with 100
gigabytes, and try to generate this many passwords to try to find if
any of passwords generated by `rcd-password' is same.
--
Jean
Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns
In support of Richard M. Stallman
https://stallmansupport.org/
next prev parent reply other threads:[~2021-10-26 18:52 UTC|newest]
Thread overview: 127+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-19 22:12 Noob dumb question (extending emacs) Ivano Da Milano
2021-10-20 0:36 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-20 6:34 ` Marcin Borkowski
2021-10-20 18:13 ` H. Dieter Wilhelm
2021-10-20 6:53 ` Jean Louis
2021-10-20 8:23 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-20 17:10 ` Ivano Da Milano
2021-10-20 18:41 ` Tassilo Horn
2021-10-20 18:56 ` Ken Goldman
2021-10-20 19:01 ` Ivano Da Milano
2021-10-20 19:45 ` Jean Louis
2021-10-21 5:27 ` Ivano Da Milano
2021-10-21 7:40 ` H. Dieter Wilhelm
2021-10-21 15:46 ` Ivano Da Milano
2021-10-21 16:03 ` H. Dieter Wilhelm
2021-10-21 17:49 ` Ivano Da Milano
2021-10-21 18:51 ` Jean Louis
2021-10-21 20:02 ` H. Dieter Wilhelm
2021-10-21 22:58 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-22 6:59 ` H. Dieter Wilhelm
2021-10-22 12:18 ` Jean Louis
2021-10-22 12:56 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-22 13:14 ` Yuri Khan
2021-10-22 17:51 ` Jean Louis
2021-10-22 18:50 ` Yuri Khan
2021-10-22 19:29 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-22 21:22 ` Jean Louis
2021-10-23 18:08 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-24 7:10 ` Jean Louis
2021-10-24 9:35 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-24 17:41 ` Jean Louis
2021-10-24 18:20 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-25 5:47 ` Jean Louis
2021-10-25 9:40 ` Yuri Khan
2021-10-25 10:23 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-25 12:41 ` Jean Louis
2021-10-25 19:22 ` Jean Louis
2021-10-25 19:46 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-25 19:52 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-25 19:56 ` About randomity, entropy, random passwords - was " Jean Louis
2021-10-25 20:29 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-25 20:00 ` Jean Louis
2021-10-25 19:56 ` Yuri Khan
2021-10-25 20:24 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-25 20:34 ` Jean Louis
2021-10-25 20:29 ` About randomity, entropy, random passwords - was " Jean Louis
2021-10-28 20:39 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-23 8:41 ` Michael Heerdegen
2021-10-23 10:16 ` Yuri Khan
2021-10-23 10:46 ` Michael Heerdegen
2021-10-23 18:27 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-24 8:16 ` Michael Heerdegen
2021-10-28 2:24 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-28 11:41 ` Michael Heerdegen
2021-10-28 12:07 ` tomas
2021-10-28 20:56 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-28 22:54 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-31 20:46 ` Michael Heerdegen
2021-11-01 2:09 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-11-01 19:38 ` Michael Heerdegen
2021-11-03 1:06 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-11-03 21:24 ` Michael Heerdegen
2021-11-03 22:16 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-11-05 19:03 ` Jean Louis
2021-11-05 21:50 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-31 20:42 ` Michael Heerdegen
2021-11-05 18:59 ` Jean Louis
2021-10-23 12:54 ` Michael Heerdegen
2021-10-23 13:07 ` Yuri Khan
2021-10-23 18:41 ` ERC links to man pages (was: Re: Noob dumb question (extending emacs)) Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-24 7:08 ` Noob dumb question (extending emacs) Jean Louis
2021-10-24 8:57 ` Michael Heerdegen
2021-10-24 17:59 ` Jean Louis
2021-10-25 9:18 ` Michael Heerdegen
2021-10-25 9:33 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-25 19:44 ` Jean Louis
2021-10-25 20:20 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-25 20:33 ` Jean Louis
2021-10-25 12:45 ` Jean Louis
2021-10-25 13:20 ` Michael Heerdegen
2021-10-25 19:54 ` About randomity, entropy, random passwords - was " Jean Louis
[not found] ` <YXcLIC+doASdNFll@protected.localdomain>
[not found] ` <87cznryfnz.fsf@web.de>
2021-10-26 18:52 ` Jean Louis [this message]
2021-10-23 18:22 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-23 19:52 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-24 6:43 ` Jean Louis
2021-10-24 8:28 ` Michael Heerdegen
2021-10-24 18:03 ` Jean Louis
2021-10-24 9:31 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-24 18:09 ` Jean Louis
2021-10-24 18:30 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-25 5:31 ` Jean Louis
2021-10-28 2:33 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-11-05 19:09 ` Passwords -- " Jean Louis
2021-11-05 22:00 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-23 18:17 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-24 8:42 ` Michael Heerdegen
2021-10-22 18:55 ` Yuri Khan
2021-10-22 19:30 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-22 21:31 ` Jean Louis
2021-10-22 22:21 ` H. Dieter Wilhelm
2021-10-23 10:46 ` Yuri Khan
2021-10-23 18:13 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-24 7:48 ` Yuri Khan
2021-10-24 9:37 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-24 6:45 ` Jean Louis
2021-10-24 8:50 ` Michael Heerdegen
2021-10-24 17:20 ` Jean Louis
2021-10-24 18:17 ` Yuri Khan
2021-10-24 19:07 ` Jean Louis
2021-10-24 19:05 ` Jean Louis
2021-10-25 0:12 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-25 3:54 ` Jean Louis
2021-10-22 18:57 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-22 18:53 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-22 17:48 ` Jean Louis
2021-10-22 19:26 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-21 19:45 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-20 4:04 ` Ivano Da Milano
2021-10-20 5:46 ` H. Dieter Wilhelm
2021-10-20 5:58 ` Emanuel Berg via Users list for the GNU Emacs text editor
[not found] ` <CAPWV0kyjr0=FrkVkH+Wf573fddX3pM4iiEfkQJ6oe1J_pQuNPA@mail.gmail.com>
[not found] ` <86a6j3wo7y.fsf@duenenhof-wilhelm.de>
[not found] ` <CAPWV0kyogB+u0X4dUhpyEox6pih1MJkjE2e_OoqQoP81NZceHQ@mail.gmail.com>
2021-10-20 18:31 ` Fwd: " Ivano Da Milano
2021-10-20 6:50 ` Jean Louis
2021-10-20 8:20 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-20 14:13 ` Jean Louis
2021-10-21 19:56 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-10-23 10:51 ` Tassilo Horn
2021-10-23 18:36 ` Emanuel Berg via Users list for the GNU Emacs text editor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YXhOhhnj8/qetDnM@protected.localdomain \
--to=bugs@gnu.support \
--cc=help-gnu-emacs@gnu.org \
--cc=michael_heerdegen@web.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).