[Cryptography] Very best practice for RSA key generation
jamesd at echeque.com
jamesd at echeque.com
Wed Nov 6 18:59:48 EST 2019
On 2019-11-05 11:58, Jon Callas wrote:
> I made a quick check for an article I saw where people were noticing some very "high entropy" passwords that turned out to be really horrible passwords, but in some language and encoding the researchers weren't expecting.
If you are using word lists, you need a word list in the native language
of the user, giving us an internationalization headache. Of course, we
already have an internationalization headache, and this is not
substantially harder, just another complication in the existing pile of
complications that are part of any internationalization effort.
You already need an array of strings, one per UI target language, to
populate your prompts and dialog boxes. WxWidgets gives us flexible
dialog boxes that can accommodate dialogs with variable sized strings,
which makes a lot of internationalization headaches go away.
Trouble is that we are going to need an autocorrect function for mapping
user typed strings to the permitted password word list that is not
English specific, as rewriting it for every language is going to get
broken fast.
Maybe just do it in the dumbest possible way, express the typed in
passphrase as unicode, and use the standard diff algorithm on every word
in your word list, then drop down a list of words in your word list in
order of diff size.
But the standard diff algorithm would have to be rewritten for this
particular task, and it is not that small, and not that fast, and you
are going to have to run it for every word on the word list.
More information about the cryptography
mailing list