[Cryptography] Very best practice for RSA key generation

[jamesd at echeque.com]

On 2019-11-05 11:58, Jon Callas wrote:
> I made a quick check for an article I saw where people were noticing some very "high entropy" passwords that turned out to be really horrible passwords, but in some language and encoding the researchers weren't expecting.

If you are using word lists, you need a word list in the native language 
of the user, giving us an internationalization headache.  Of course, we 
already have an internationalization headache, and this is not 
substantially harder, just another complication in the existing pile of 
complications that are part of any internationalization effort.

You already need an array of strings, one per UI target language, to 
populate your prompts and dialog boxes.  WxWidgets gives us flexible 
dialog boxes that can accommodate dialogs with variable sized strings, 
which makes a lot of internationalization headaches go away.

Trouble is that we are going to need an autocorrect function for mapping 
user typed strings to the permitted password word list that is not 
English specific, as rewriting it for every language is going to get 
broken fast.

Maybe just do it in the dumbest possible way, express the typed in 
passphrase as unicode, and use the standard diff algorithm on every word 
in your word list, then drop down a list of words in your word list in 
order of diff size.

But the standard diff algorithm would have to be rewritten for this 
particular task, and it is not that small, and not that fast, and you 
are going to have to run it for every word on the word list.