Re: One-line password generator

To: debian-user@lists.debian.org
Subject: Re: One-line password generator
From: "Thomas Schmitt" <scdbackup@gmx.net>
Date: Fri, 25 Aug 2017 20:44:50 +0200
Message-id: <[🔎] 25460755325726107161@scdbackup.webframe.org>
In-reply-to: <[🔎] a22f9f09-eb54-aa38-052d-ff910e533b17@yandex.com>
References: <[🔎] a22f9f09-eb54-aa38-052d-ff910e533b17@yandex.com>

Hi,

> You say that pseudo-random number generators can not add entropy and
> this is a mathematical fact. This is true, and irrelevant.
> [...
>  lots of algebraic terms about the difficulty to revert the
>  mapping which produces the pseudo-random redundancy
> ...]

The attack described in the article does not try to revert a mapping.
It enumerates the input in a skillful way in order to produce the output
values which it compares to the captured list of values.

The only precondition is that the mapping can be reproduced without
adding an amount of possibilities which together with the possibilities
of the input establishes too much entropy.
Such additional entropy is usually called "salt". It's repeated use weakens
its unpredictability, though. And it must be kept as secret as the freshly
stolen password hash list should have been kept.


> I will justify my claim of incompetence.

So that it does not look like an intentional insult ?


> Because this is only a mathematical result.

This leaves me speechless. I resort to classic literature:

Scott: Well, Captain, er... the Klingons called you a... a tin-plated
       overbearing, swaggering dictator with delusions of godhood.

Capt. Kirk: Is that all?

Scott: No, sir. They also compared you with a Denebian slime devil.

Capt. Kirk: I see.

Scott: And then they said that you were a...

Capt. Kirk: I get the picture, Scotty.

Scott: Yes, sir.

Capt. Kirk: And after they said all this, that's when you hit the Klingons.

Scott: No, sir.

Capt. Kirk: ...No?

Scott: No, er, I didn't. You told us to avoid trouble.

Capt. Kirk: Oh, yes.

Scott: And I didn't see that it was worth fighting about. After all,
       we're big enough to take a few insults. Aren't we?

Capt. Kirk: What was it they said that started the fight?

Scott: They called the Enterprise a garbage scow! Sir.

Capt. Kirk: I see. And... that's when you hit the Klingon?

Scott: Yes, sir!

Capt. Kirk: You hit the Klingons because they insulted the Enterprise,
            not because they...

Scott: Well, sir, this was a matter of pride. 

Capt. Kirk: All right, Scotty. Dismissed. Oh... Scotty, you're restricted
            to quarters until further notice.

Scott: Yes, sir. Thank you, sir! That'll give me a chance to catch up on
       my technical journals! 

(http://www.imdb.com/title/tt0708480/quotes)


Have a nice day :)

Thomas

Reply to:

Follow-Ups:
- Re: One-line password generator
  - From: Mario Castelán Castro <marioxcc.MT@yandex.com>

References:
- Re: One-line password generator
  - From: Mario Castelán Castro <marioxcc.MT@yandex.com>

Prev by Date: Re: One-line password generator
Next by Date: Re: One-line password generator
Previous by thread: Re: One-line password generator
Next by thread: Re: One-line password generator
Index(es):
- Date
- Thread