2022-01-10 20:35:02.577361+01 by Dan Lyke 5 comments
Ugh. I am writing code that is veering dangerously close to cryptography, and I understand better how bad security decisions get made...
(Wonder if there's an npm module that'd help me generate secure passwords... 🤪)
[ related topics: Interactive Drama Privacy Writing Cryptography ]
comments in ascending chronological order (reverse):
#Comment Re: Ugh I am writing code that is veering made: 2022-01-10 21:37:46.468206+01 by: spc476
When you say, "I know! I'll use an npm module!" you now have 1,654,328,503 problems.
#Comment Re: Ugh I am writing code that is veering made: 2022-01-11 01:06:11.522703+01 by: brainopener
Put those cats to work and get them to start walking across keyboards.
#Comment Re: Ugh I am writing code that is veering made: 2022-01-11 23:14:52.15323+01 by: TheSHAD0W
"Secure" is a matter of opinion...
You should be able to find a list of dictionary words. Subtract all words shorter than four characters and longer than, say, ten. Let's say you get 20,000 words.
Then simply pick a random four-word combination. 20,000^4 = 1.6X10^17 possibilities, which is quite a bit to chew through a salted hash with. (And yes, you need to salt it.)
#Comment Re: Ugh I am writing code that is veering made: 2022-01-18 01:11:39.17402+01 by: Dan Lyke
Yeah, the obvious things aren't necessarily correct. Especially since I'm getting way more collisions with 12 characters simplistically using /dev/random... So yeah, salting and the particulars of the randomness are worth getting right.
#Comment Re: Ugh I am writing code that is veering made: 2022-01-21 16:02:47.223239+01 by: TheSHAD0W
/dev/random is unpredictably bad. Properly seeding a PRNG using the right technique can get better results. Look up how to use clock jitter to generate good seeds.