Flutterby™! : Ugh I am writing code that is veering

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

Ugh I am writing code that is veering

2022-01-10 20:35:02.577361+01 by Dan Lyke 5 comments

Ugh. I am writing code that is veering dangerously close to cryptography, and I understand better how bad security decisions get made...

(Wonder if there's an npm module that'd help me generate secure passwords... 🤪)

[ related topics: Interactive Drama Privacy Writing Cryptography ]

comments in ascending chronological order (reverse):

#Comment Re: Ugh I am writing code that is veering made: 2022-01-10 21:37:46.468206+01 by: spc476

When you say, "I know! I'll use an npm module!" you now have 1,654,328,503 problems.

#Comment Re: Ugh I am writing code that is veering made: 2022-01-11 01:06:11.522703+01 by: brainopener

Put those cats to work and get them to start walking across keyboards.

#Comment Re: Ugh I am writing code that is veering made: 2022-01-11 23:14:52.15323+01 by: TheSHAD0W

"Secure" is a matter of opinion...

You should be able to find a list of dictionary words. Subtract all words shorter than four characters and longer than, say, ten. Let's say you get 20,000 words.

Then simply pick a random four-word combination. 20,000^4 = 1.6X10^17 possibilities, which is quite a bit to chew through a salted hash with. (And yes, you need to salt it.)

#Comment Re: Ugh I am writing code that is veering made: 2022-01-18 01:11:39.17402+01 by: Dan Lyke

Yeah, the obvious things aren't necessarily correct. Especially since I'm getting way more collisions with 12 characters simplistically using /dev/random... So yeah, salting and the particulars of the randomness are worth getting right.

#Comment Re: Ugh I am writing code that is veering made: 2022-01-21 16:02:47.223239+01 by: TheSHAD0W

/dev/random is unpredictably bad. Properly seeding a PRNG using the right technique can get better results. Look up how to use clock jitter to generate good seeds.

Comment policy

We will not edit your comments. However, we may delete your comments, or cause them to be hidden behind another link, if we feel they detract from the conversation. Commercial plugs are fine, if they are relevant to the conversation, and if you don't try to pretend to be a consumer. Annoying endorsements will be deleted if you're lucky, if you're not a whole bunch of people smarter and more articulate than you will ridicule you, and we will leave such ridicule in place.

Flutterby™ is a trademark claimed by

Dan Lyke
for the web publications at www.flutterby.com and www.flutterby.net.