Re: What is best way to set_rand?
- Posted by CoJaBo2 Jan 25, 2013
- 1237 views
I want to create the primitive utility for password generation by key-file (or key-picture) and key-phrase.
Hash1 = getCRC32(File) Hash2 = getCRC32(String) set_seed({Hash1, Hash2}) sequence Password = {} for i = 1 to PasswordLength do Password &= Alphabet[rand(AlphabetLength)] end for
Passwords generated this way should be crackable in a few microseconds using modern techniques (the keyspace is small enough to generate rainbow-tables of all possible generated passwords).
The correct way would to use Bcrypt (or sha2/3 if you are less paranoid) for secure hashing. Eu does not appear to implement any of these. Unfortunately, this means Eu is probably a poor choice, currently, for writing any kind of cryptographic software.
Note that keyfiles often aren't as secure as they may seem-
- I've managed to recover one, using a rather weak machine, in just under a week, simply by trying all files on the system (starting with likely candidates such as Documents). The error here was keeping the keyfile on the same drive as the protected volume.
- Many file formats don't provide a lot of entropy; the majority of them may stay the same between different files in the same format.
- If the file is from the internet, shared, or otherwise not your own private data, chances are it is hashed in a database somewhere already.
You'd have generate the keyfile from a secure random source and keep it on a flash drive, in addition to keeping a passphrase elsewhere (e.g., memorized), and of course use them with software that is itself strong.
