[Cryptography] Very best practice for RSA key generation

Jon Callas jon at callas.org
Thu Nov 7 17:22:36 EST 2019

> On Nov 6, 2019, at 3:59 PM, jamesd at echeque.com wrote:
> On 2019-11-05 11:58, Jon Callas wrote:
>> I made a quick check for an article I saw where people were noticing some very "high entropy" passwords that turned out to be really horrible passwords, but in some language and encoding the researchers weren't expecting.
> If you are using word lists, you need a word list in the native language of the user, giving us an internationalization headache.  Of course, we already have an internationalization headache, and this is not substantially harder, just another complication in the existing pile of complications that are part of any internationalization effort.

And if you use only an English word list, you also have an internationalization issue, just a different one. I view internationalization as just another software engineering task that I get some qualified person for.

In our case, we have a relatively small one. We don't have to internationalize in a way that has semantic content, so whatever translation we do can be coarse. Yeah, there's still plenty of things to go wrong -- I am reminded of a hilariously bad manual translated into English, and one process needed you to turn a screw. The translation of "screw" was off-base enough that I childishly snigger over it to this day.

> You already need an array of strings, one per UI target language, to populate your prompts and dialog boxes.  WxWidgets gives us flexible dialog boxes that can accommodate dialogs with variable sized strings, which makes a lot of internationalization headaches go away.
> Trouble is that we are going to need an autocorrect function for mapping user typed strings to the permitted password word list that is not English specific, as rewriting it for every language is going to get broken fast.
> Maybe just do it in the dumbest possible way, express the typed in passphrase as unicode, and use the standard diff algorithm on every word in your word list, then drop down a list of words in your word list in order of diff size.

That's kinda what I'd do for a first approximation.

> But the standard diff algorithm would have to be rewritten for this particular task, and it is not that small, and not that fast, and you are going to have to run it for every word on the word list.

You only need to do it when there's a miss. Every time I type "battery" right, you get an exact match. It's only when I type something like "battere" that you need to guess. Or you could even just let me know that what I typed in isn't one of the words on the list.


More information about the cryptography mailing list