From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,MAILING_LIST_MULTI,NICE_REPLY_A,RCVD_IN_DNSWL_MED autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 27850 invoked from network); 18 Nov 2022 17:09:06 -0000 Received: from zero.zsh.org (2a02:898:31:0:48:4558:7a:7368) by inbox.vuxu.org with ESMTPUTF8; 18 Nov 2022 17:09:06 -0000 ARC-Seal: i=1; cv=none; a=rsa-sha256; d=zsh.org; s=rsa-20210803; t=1668791347; b=nuL7GAlD1G/pYFx3x4ZtHp48vmK1StFTOzv1g2KBk7eCgWbHxIUAVuqRj6CXJxv5otMyLcIsPi gMglrtUH6qb0nCj0nHth4zK+LWdaKpZRIfJrgeCTtI0oCg8qurG396wL7iv1iOVQHbk1Ts3oty 6b4W1t00wYIptCmhk7LN+sMMRFQG8YIeUM3zfYdCo3zavlS7SNjIM1x00grk9miOfoAbPRS8Fr El9zKeMwPXRukKmOHFQ/KWPNrrUggpkR/6Eyavpwwrj+4Spczq1RP7RQvZEi8DE932iBuHFqu6 j+rr4+4o6AR7aC71luantq4G4Q17F19ujOVX/PrE3DQclA==; ARC-Authentication-Results: i=1; zsh.org; iprev=pass (iris.zentaur.org) smtp.remote-ip=198.58.127.206; dkim=pass header.d=zentaur.org header.s=dkim20200120 header.a=rsa-sha256; dmarc=pass header.from=zentaur.org; arc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=zsh.org; s=rsa-20210803; t=1668791347; bh=OuN7W6uhH/gKeLRk/GWE+ggkvNsq6s8iw8S0U+DALbM=; h=List-Archive:List-Owner:List-Post:List-Unsubscribe:List-Subscribe:List-Help: List-Id:Sender:Content-Transfer-Encoding:Content-Type:In-Reply-To:From: References:To:Subject:MIME-Version:Date:Message-ID:DKIM-Signature: DKIM-Signature; b=qoV36yN+6bFmFj6hKFJEt8/i5q2bdaUDW9SQzuGRIWsbjxfGQt2XrgqXORJmbPzdgTm9sBV0td i+voAzsnbqEzb0WzQoh1qI0IbfiEL+m+As0YlyCDIjZ6mrW/cMJNdvT5TuS6kulsJ+sXX7a6A1 Q3EpezpI64M1f7s24qzo/+pfE3ZlvQmsLNC0wpa6c6ODOQGnORHUmSpIgkWBerR0TQMNeNkKku oFQ0qB1m5eLduwoGUYkOR8LCY5xq57buq4+e+GdkqKj1518V5pN5af+tL5flq2C3ZdJARvOZL1 E7/D9geybOr43flB59qgmlxylmP7f9IQ4nxN04xY1etA5w==; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org; s=rsa-20210803; h=List-Archive:List-Owner:List-Post:List-Unsubscribe: List-Subscribe:List-Help:List-Id:Sender:Content-Transfer-Encoding: Content-Type:In-Reply-To:From:References:To:Subject:MIME-Version:Date: Message-ID:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From :Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID; bh=fkxcsZbwqajI7J8r2e5FksWy/EJMFqqAenPsinP0Bjc=; b=eo4Rz9Kn/avqM64lgb7qJSeDp/ OcR+d+uq8MZkel4kfnNPfSEhAauJW8asAblGlbUm0rxaNoTlwDIymh+XX6J9pcSI0jcbF20yKEYsG DMJrF/3doCR3mj4XZzuBlDpqFwjpYU6yUkdCVIVhaImVQOhjrWvJwhc8T3qUYITEoB/BIPkEaYa/F FLG452oGUc4NKJChotTT5O1Eijf+sDcjt3KqyDrrmy2xEGVroNvbHYsfZKC4LuqtpG1U+dX9A1Rci QqmcLtnLyu1I1xUFNkSI0tZs7iFLzB5TVHbmmnGJMBYZVJZN5OUGZwvyE4kjdjMQC2b0sqBZqbQxD /QSeKLLg==; Received: by zero.zsh.org with local id 1ow4rS-000FHz-GH; Fri, 18 Nov 2022 17:09:06 +0000 Authentication-Results: zsh.org; iprev=pass (iris.zentaur.org) smtp.remote-ip=198.58.127.206; dkim=pass header.d=zentaur.org header.s=dkim20200120 header.a=rsa-sha256; dmarc=pass header.from=zentaur.org; arc=none Received: from iris.zentaur.org ([198.58.127.206]:57340) by zero.zsh.org with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) id 1ow4r8-000Ewt-RP; Fri, 18 Nov 2022 17:08:47 +0000 Received: from iris.zentaur.org (localhost [127.0.0.1]) by iris.zentaur.org (Postfix) with ESMTP id 4NDNXs5tzrz3wZj for ; Fri, 18 Nov 2022 17:08:45 +0000 (UTC) Authentication-Results: iris.zentaur.org (amavisd-new); dkim=pass (2048-bit key) reason="pass (just generated, assumed good)" header.d=zentaur.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=zentaur.org; h= content-transfer-encoding:content-type:content-type:in-reply-to :from:from:references:to:content-language:subject:subject :user-agent:mime-version:date:date:message-id; s=dkim20200120; t=1668791325; x=1668794926; bh=OuN7W6uhH/gKeLRk/GWE+ggkvNsq6s8i w8S0U+DALbM=; b=gvcQ9z4OENTQ9U+9kZUxKQ+WVwwYFn7w4myT44KLzN1yUDVb nXert3sT4kF6KViXjlcpbL0yJP62Esase6CJDOorwKHVMPpG4ciyM5oz9yvBINU4 +0nb4+6Xtq1/SdqlV9tLU2VvshT6GGQeBkrPzq0tAtzmD/SA/5T6XrG8Kx0X3YJB EPCIs5g6bYuVoBMSDMfJ8Y7p42+aUpGvD+11BTT+Es3TZveZ+xSHllZlx9hfYGrf W8FLRbnFB/CgQJ0FPmt4DptZ94qVv3VGmIo1ZMG3nf3YNnaIjHZPQrUFjn/uixiY kmohxIFJJPA8BRD0Z88jJNeQdKmYRNbcPybF2A== X-Virus-Scanned: amavisd-new at iris.zentaur.org Received: from iris.zentaur.org ([127.0.0.1]) by iris.zentaur.org (iris.zentaur.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id akm32tbkPwrI for ; Fri, 18 Nov 2022 17:08:45 +0000 (UTC) Received: from [10.251.9.101] (rrcs-24-173-95-34.sw.biz.rr.com [24.173.95.34]) by iris.zentaur.org (Postfix) with ESMTPSA id 4NDNXs0LGWz3wZb for ; Fri, 18 Nov 2022 17:08:45 +0000 (UTC) Message-ID: Date: Fri, 18 Nov 2022 11:08:42 -0600 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.5.0 Subject: Re: [PATCH] zsh/random module [UPDATED] Content-Language: en-US To: zsh-workers@zsh.org References: <741b77be-b679-76cc-f8ec-49c9d89323c1@zentaur.org> <1e8ea669-7a25-b321-6024-72dbc43ac023@zentaur.org> <41205a86-8aad-4821-baa4-1d2ac9bf3c5d@app.fastmail.com> <1b2cafe6-b4b5-c59a-11f3-4dbc1e99e2bc@zentaur.org> <6275a5ac-3a47-f591-7b3c-380ec4fed5ac@zentaur.org> <20221118162325.7i3qzqljyx4a7z3h@chazelas.org> From: Clinton Bunch In-Reply-To: <20221118162325.7i3qzqljyx4a7z3h@chazelas.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Seq: 50995 Archived-At: X-Loop: zsh-workers@zsh.org Errors-To: zsh-workers-owner@zsh.org Precedence: list Precedence: bulk Sender: zsh-workers-request@zsh.org X-no-archive: yes List-Id: List-Help: , List-Subscribe: , List-Unsubscribe: , List-Post: List-Owner: List-Archive: On 11/18/2022 10:23 AM, Stephane Chazelas wrote: > I should point out first that I'm not a zsh maintainer. I have > been using zsh daily for over 25 years though, and have been > following this ML on and off for a few years. > > I should also point out that I've not read the past discussions > about your module. Sorry if I'm repeating points that have been > made earlier. > > Thanks for contributing to zsh, it's always good to get more > hands on it! > > In this instance though I'm not particularly convinced that that > new module is particularly needed. > > We already have $RANDOM and $(( rand48() )). Most if not all of > the systems I've ever used had /dev/random / /dev/urandom RANDOM and rand48 are predictable and low quality. > > You can already read n bytes from them with: > > set +o multibyte > read -ru0 -k20 bytes < /dev/random > > or > > sysread -s 20 bytes < /dev/urandom > > Split into individual bytes in an array with: > > array=3D( ${(s[])bytes ) > > convert those from/to decimal/octal/hexadecimal with printf or > the # flag or #/## arithmetic operators: > > hex=3D(); printf -v hex %02x \'$^array > > For instance or: > > set -o extendedglob > hex_string=3D${bytes//(#m)?/${(l[2][0])$(([#16] #MATCH))}} > > So it seems the functionality of that module could be > implemented in a few lines of zsh. Likely less efficiently and > more awkwardly, but maybe adding capabilities to decode bytes > (a la perl's pack/unpack) would be more useful and could be used > for other things than /dev/random. > > Some comments about the API: > >> -c COUNT >> Sets the number of returned random data. Defaults to 8, >> unless -i, -L, or -U is specified without -a, in which case >> the default is 1. COUNT must be between 1 and 64. > Why those arbitrary limits? Why not from 0 to inf? the getrandom function only guarantees 256 bytes.=C2=A0 64 32-bit integer= s.=C2=A0=20 Allowing 256 uint8 would be possible, but harder to explain and doesn't=20 work well with bounding.=C2=A0 As the difference between the lower and up= per=20 limit surpasses half the max, the number of bytes thrown away to allow=20 uniformity of distribution becomes unwieldy. Also zero would not be particularly useful :) > > Without -i you get uint8 in hex and with -i uint32 in decimal. > Why the different bases? It's possible to break a hex string into bytes in a rather straight=20 forward way.=C2=A0=C2=A0 A string of decimal numbers not so much, but dec= imal=20 numbers are easier to manipulate. If I didn't think it should do *something* when given no arguments, I'd=20 eliminate the hex string altogether. > Why limiting the bounds to unsigned 32 > bits when zsh arithmetic is in signed 64 bits? compatibility with SRANDOM in bash.=C2=A0 Return size of arc4random. Redu= cing=20 maximum count to 32. > > Other than that, it looks good to me. > > Trying to use it to get a random word with it, I came up with: > > $ set -o extendedglob > $ l=3D({A..Z} {a..z} {0..9} _) > $ getrandom -a a -c20 -L1 -U$#l > $ echo ${(j[])a//(#m)*/$l[MATCH]} > EMhKvFuQlmCVSuet5uh0 > > Doing it straight by reading /dev/urandom would have been a lot > more awkward. Could that be improved/simplified? It could be done, but a list of acceptable characters would need to be=20 agreed upon and documented.=C2=A0 Are symbols acceptable?=C2=A0 About hal= f of=20 passwords require them, but only accept certain ones and that differs=20 from website to website. >