Discussion:
Speaking of long-ish passwords
(too old to reply)
Cri-Cri
2024-06-20 15:17:57 UTC
Permalink
A new idea to solve the problem with a secret (well, now not so secret)
code scheme, one that you don't have to keep hiding. Here we can hide it
in plain sight. :)

Go here, It's a Sudoku game:

(bring out the link glue)

https://www.chiark.greenend.org.uk/~sgtatham/puzzles/js/
solo.html#3x3:2b9_6i2a4c9_8c6b2_1c8b4b2a1b3b6c2_5b8c4_7c5a1i5_6b8

You can get a link to the game and challenge your friends, or enemies, to
solve it. But that's not my point. Instead, look at the digits. Pick each
digit from top to bottom throughout the game plan, assemble them into a
long string:

29962846214621832585415678

You can even click on Solve to get even more digits, 81 in total:

214963587768512349539847162321675894495281673876439251682394715957128436143756928

Similar to what "Data" did on Star Trek TNG when he locked the main
computer, which brings up the fair question: was that string of numbers in
the script? ;)
''.join([hex(ord(c))[2:] for c in n])
'3231343936333538373736383531323334393533393834373136323332313637353839343439353
23831363733383736343339323531363832333934373135393537313238343336313433373536393
238'
from textwrap import wrap; ''.join([chr(int(n, 16)) for n in
wrap(''.join([hex(ord(c))[2:] for c in n]), 2)])
'214963587768512349539847162321675894495281673876439251682394715957128436143756928'
h = ''.join([hex(ord(c))[2:] for c in n])
from textwrap import wrap
''.join([chr(int(n, 16)) for n in wrap(h, 2)])
'214963587768512349539847162321675894495281673876439251682394715957128436143756928'

Keeping a link to a game "someone" (ahem, fake address anyone?) in your
inbox wouldn't be too suspicious:

--------------------------------------------------------------------------------
Email received: 2024-06-***@16:23:18 GMT
From: Mr. Alan L. Terego <al-***@ptro-mail.url>
To: cri-cri <c-r-***@ptro-mail.url>
Subject: Here's my challenge for you :)

Body:

Hi,

Just thought you might enjoy this little challenge Sudoku game. It's quite
easy to solve, actually. I solved it in a couple of minutes.

https://www.chiark.greenend.org.uk/~sgtatham/puzzles/js/
solo.html#3x3:2b9_6i2a4c9_8c6b2_1c8b4b2a1b3b6c2_5b8c4_7c5a1i5_6b8

How did you do? Let me know. :)

Regards,
Alan.
--------------------------------------------------------------------------------

Simon has several other games on that site as well. Maybe not all of them
lend themselves to picking a random-ish key, but well, anyway.

For the observant curious-minded:
"ptro" is the (written) sound you'd make to bring a Swedish horse to a
halt. The opposite (written) sound is "mpah-mpah." Now you know. ;)
--
Cri-Cri
Rich
2024-06-20 16:02:03 UTC
Permalink
Post by Cri-Cri
A new idea to solve the problem with a secret (well, now not so secret)
code scheme, one that you don't have to keep hiding. Here we can hide it
in plain sight. :)
Interesting idea. One could even obtain a paper sudoku book and
"solve" a portion of the games, with one preselected one being "filled
in" for the key one is transporting. Most "police" types are not
likely to look twice at a paper sudoku book, and certianly are not
going to "verify" that the partially solved puzzles are all correctly
solved.

And, if one was worried that some stazi type might "verify" the puzzles
for correctness, then just solve ~ 50% of the puzzles in the book
correctly, and choose one of those 'correct' puzzles to be the source
for the 'key'.

And key source can also be obsfucated somewhat, in that one could
combine the numbers in a pattern (zig-zag, circular, etc., i.e.,
anything other than left to right top to bottom).
Cri-Cri
2024-06-21 02:06:14 UTC
Permalink
Post by Rich
And key source can also be obsfucated somewhat, in that one could
combine the numbers in a pattern (zig-zag, circular, etc., i.e.,
anything other than left to right top to bottom).
Yes, it could be built upon indefinitely. I suppose even being used as a
code in itself. For example, grouping numbers for page-row-word numbers in
some book. If only a few words are in need of being encrypted, like
"DELIVERY FRIDAY", 81 digits might be enough.

And, who's to know that we aren't writing in code now? ;)
--
Cri-Cri
Chris M. Thomasson
2024-06-21 02:16:00 UTC
Permalink
Post by Cri-Cri
Post by Rich
And key source can also be obsfucated somewhat, in that one could
combine the numbers in a pattern (zig-zag, circular, etc., i.e.,
anything other than left to right top to bottom).
Yes, it could be built upon indefinitely. I suppose even being used as a
code in itself. For example, grouping numbers for page-row-word numbers in
some book. If only a few words are in need of being encrypted, like
"DELIVERY FRIDAY", 81 digits might be enough.
And, who's to know that we aren't writing in code now? ;)
http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=4719759cad9265f6f38ec25a7fbec19144df819e9f049d87a016c43a86c864c66366e5162872b616a579549433dbcb93fa5d17601e6f8e9c6eb9c34ff0884362a13437d0d0714f18f8ff2ab75a37a4ee
Cri-Cri
2024-06-21 02:33:25 UTC
Permalink
Post by Chris M. Thomasson
http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?
ct_hmac_cipher=4719759cad9265f6f38ec25a7fbec19144df819e9f049d87a016c43a86c864c66366e5162872b616a579549433dbcb93fa5d17601e6f8e9c6eb9c34ff0884362a13437d0d0714f18f8ff2ab75a37a4ee

I don't get it.
--
Cri-Cri
Rich
2024-06-21 03:00:06 UTC
Permalink
Post by Chris M. Thomasson
Post by Chris M. Thomasson
http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?
ct_hmac_cipher=4719759cad9265f6f38ec25a7fbec19144df819e9f049d87a016c43a86c864c66366e5162872b616a579549433dbcb93fa5d17601e6f8e9c6eb9c34ff0884362a13437d0d0714f18f8ff2ab75a37a4ee
I don't get it.
Chris likes to insert his hmac cipher into every thread.
Chris M. Thomasson
2024-06-21 03:45:24 UTC
Permalink
Post by Chris M. Thomasson
Post by Chris M. Thomasson
http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?
ct_hmac_cipher=4719759cad9265f6f38ec25a7fbec19144df819e9f049d87a016c43a86c864c66366e5162872b616a579549433dbcb93fa5d17601e6f8e9c6eb9c34ff0884362a13437d0d0714f18f8ff2ab75a37a4ee
I don't get it.
Decrypted:

No shit! Thanks.


A screenshot:

Loading Image...

Fwiw, it creates new ciphertexts for every encryption even with the same
password and/or plaintext. I suppose this not ideal for complex password
out of simple password because of this aspect. For instance the
following ciphertexts all decrypt to the same plaintext using the
default password:

http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=3640b7867c54d6772eaae63b82668e36540dad000fb6e4f2671ca3bd9446da70e6490d30d8bf7d202d441e54f8c04dd626c408726cdea0910319cede6dc0e6ea9c52ce33bfcb872e38723794598cb26b2ca9


http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=3c4b00215bca08f21d738457ff87595ea75ecb58a7953591155880d35b86f77923a307cc7fd66e3bb62935924b25486cdadb85080d61947f399fbbf2d61e59c8a5d015f096121432438ab295bbb4cae72932



http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=4a5c14cd33c892bb7fa341d795c6541a174c398a4dee445d13b698833adf41b426153b90d969e7c2b6b000e5819977dae69a2bf947f5f287158973135a55508a91aaf575b11f3345d971a0307afccfd32eff


Max head room? lol.


Chris M. Thomasson
2024-06-21 03:48:43 UTC
Permalink
Post by Chris M. Thomasson
Post by Chris M. Thomasson
Post by Chris M. Thomasson
http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?
ct_hmac_cipher=4719759cad9265f6f38ec25a7fbec19144df819e9f049d87a016c43a86c864c66366e5162872b616a579549433dbcb93fa5d17601e6f8e9c6eb9c34ff0884362a13437d0d0714f18f8ff2ab75a37a4ee
I don't get it.
No shit! Thanks.
https://i.ibb.co/LZ4trty/image.png
Fwiw, it creates new ciphertexts for every encryption even with the same
password and/or plaintext. I suppose this not ideal for complex password
out of simple password because of this aspect. For instance the
following ciphertexts all decrypt to the same plaintext using the
http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=3640b7867c54d6772eaae63b82668e36540dad000fb6e4f2671ca3bd9446da70e6490d30d8bf7d202d441e54f8c04dd626c408726cdea0910319cede6dc0e6ea9c52ce33bfcb872e38723794598cb26b2ca9
http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=3c4b00215bca08f21d738457ff87595ea75ecb58a7953591155880d35b86f77923a307cc7fd66e3bb62935924b25486cdadb85080d61947f399fbbf2d61e59c8a5d015f096121432438ab295bbb4cae72932
http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=4a5c14cd33c892bb7fa341d795c6541a174c398a4dee445d13b698833adf41b426153b90d969e7c2b6b000e5819977dae69a2bf947f5f287158973135a55508a91aaf575b11f3345d971a0307afccfd32eff
Max head room? lol.
http://youtu.be/6epzmRZk6UU
Same plaintext and default password ciphertext:

http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=e3522db2752690acf8ec1772e3ec539d308179a0a83f60d486c5bae8d753174325a6e7bb9e7436b40085db5e234ffb897d0183bd6c2cf01ffb6c5850ea0b2b85f932976e2940b579447d8dbe839d04c6c710
Cri-Cri
2024-06-21 18:24:15 UTC
Permalink
Decrypted: <<< that...
...was not what I didn't understand. I am perfectly capable of clicking on
links.
No shit! Thanks. <<< this...
...was what I did't understand. The way it is written it looks like an
insult.
--
Cri-Cri
Chris M. Thomasson
2024-06-21 20:31:39 UTC
Permalink
Post by Cri-Cri
Decrypted: <<< that...
...was not what I didn't understand. I am perfectly capable of clicking on
links.
No shit! Thanks. <<< this...
...was what I did't understand. The way it is written it looks like an
insult.
No insult at all. I was just thinking that the way my HMAC program
creates a new ciphertext for each encryption even if the plaintext
and/or password is the same might not work so good for generating a
complex password from a simple password...
Richard Harnden
2024-06-22 08:54:17 UTC
Permalink
... generating a
complex password from a simple password...
You can't actually increase the entropy
Oscar
2024-06-22 11:16:12 UTC
Permalink
Post by Richard Harnden
... generating a
complex password from a simple password...
You can't actually increase the entropy
Perhaps, but the recent discussions here seem to boil down to "password
based key derivation functions" which may frustrate bruteforce attacks a
bit.

cheers
Oscar
Rich
2024-06-22 16:12:14 UTC
Permalink
Post by Oscar
Post by Richard Harnden
... generating a
complex password from a simple password...
You can't actually increase the entropy
Perhaps, but the recent discussions here seem to boil down to "password
based key derivation functions" which may frustrate bruteforce attacks a
bit.
The thread has kind of drifted in that direction. It began as a way to
try to "remember" a complex password by encoding it as "something else"
such that one might not need to worry should the stazi examine your
papers and find the "something else" in your possession.
Stefan Claas
2024-06-29 15:20:50 UTC
Permalink
Post by Rich
Post by Oscar
Post by Richard Harnden
... generating a
complex password from a simple password...
You can't actually increase the entropy
Perhaps, but the recent discussions here seem to boil down to "password
based key derivation functions" which may frustrate bruteforce attacks a
bit.
The thread has kind of drifted in that direction. It began as a way to
try to "remember" a complex password by encoding it as "something else"
such that one might not need to worry should the stazi examine your
papers and find the "something else" in your possession.
Well, regarding "password based key derivation functions". I have uploaded
'red' to my GitHub repositories, which allows users to generate deterministic
Ed25519 key pairs, in hex notation. and then sign, for example, Usenet messages
(like this one). :-)

https://github.com/stefanclaas/red
--
Regards
Stefan
Chris M. Thomasson
2024-06-22 20:30:43 UTC
Permalink
Post by Richard Harnden
... generating a
complex password from a simple password...
You can't actually increase the entropy
I think so. However, it's interesting to use HMAC wrt a simple password,
in my case: (the password _and_ the plaintext) to generate a more
"complex" password? The problem I have with my work wrt this task
(complex password derived from simple password) is that it generates a
new ciphertext even if the plaintext and/or password have not been
altered at all. I am thinking of adding in something to the UI to
control this aspect.
Rich
2024-06-21 22:01:41 UTC
Permalink
Chris very much so likes to "insert" his hmac cipher into every
discussion thread, even those where it is off topic (although the
off-topicness is questionable here....).

He did this so much that Richard Heathfield killfiled him a couple
years back after having become frustrated with his "insertions" (among
other things).

It is best to just ignore his off-topic insertion of quasi-advertising
of his hmac cipher into every thread. If this becomes too much,
there is always the killfile method of ignoring the posts.
Chris M. Thomasson
2024-06-22 05:12:25 UTC
Permalink
Post by Rich
Chris very much so likes to "insert" his hmac cipher into every
discussion thread, even those where it is off topic (although the
off-topicness is questionable here....).
He did this so much that Richard Heathfield killfiled him a couple
years back after having become frustrated with his "insertions" (among
other things).
It is best to just ignore his off-topic insertion of quasi-advertising
of his hmac cipher into every thread. If this becomes too much,
there is always the killfile method of ignoring the posts.
I was just thinking of how to create a complex password from a simple
password. My work came to mind, however, it does not work because it
creates a new ciphertext for every encryption. So, that sucks for the
task at hand.
Chris M. Thomasson
2024-06-22 06:48:09 UTC
Permalink
Post by Chris M. Thomasson
Post by Rich
Chris very much so likes to "insert" his hmac cipher into every
discussion thread, even those where it is off topic (although the
off-topicness is questionable here....).
He did this so much that Richard Heathfield killfiled him a couple
years back after having become frustrated with his "insertions" (among
other things).
It is best to just ignore his off-topic insertion of quasi-advertising
of his hmac cipher into every thread.  If this becomes too much,
there is always the killfile method of ignoring the posts.
I was just thinking of how to create a complex password from a simple
password. My work came to mind, however, it does not work because it
creates a new ciphertext for every encryption. So, that sucks for the
task at hand.
Humm... I wonder if I should alter the UI to allow for a user to turn
this aspect on or off... Hummm... Default would be the way it is.
Turning it off means that a simple password will always generate the
same complex password. Humm...
Chris M. Thomasson
2024-06-22 05:13:09 UTC
Permalink
Post by Rich
Chris very much so likes to "insert" his hmac cipher into every
discussion thread, even those where it is off topic (although the
off-topicness is questionable here....).
He did this so much that Richard Heathfield killfiled him a couple
years back after having become frustrated with his "insertions" (among
other things).
Ahhh, the open secret... I gave away too many of my experiments. He got
pissed.
Post by Rich
It is best to just ignore his off-topic insertion of quasi-advertising
of his hmac cipher into every thread. If this becomes too much,
there is always the killfile method of ignoring the posts.
Rich
2024-06-22 16:09:05 UTC
Permalink
Post by Chris M. Thomasson
Post by Rich
Chris very much so likes to "insert" his hmac cipher into every
discussion thread, even those where it is off topic (although the
off-topicness is questionable here....).
He did this so much that Richard Heathfield killfiled him a couple
years back after having become frustrated with his "insertions" (among
other things).
Ahhh, the open secret... I gave away too many of my experiments. He got
pissed.
More accurately, you *hijacked* too many threads to insert your hmac
cipher into them, and then did not listen and crucially, *adjust your
behavior in the face of negative feedback* about your doing so, with
the result that he got tired of the hijacking and killfiled you.
Chris M. Thomasson
2024-06-22 19:11:30 UTC
Permalink
Post by Rich
Post by Chris M. Thomasson
Post by Rich
Chris very much so likes to "insert" his hmac cipher into every
discussion thread, even those where it is off topic (although the
off-topicness is questionable here....).
He did this so much that Richard Heathfield killfiled him a couple
years back after having become frustrated with his "insertions" (among
other things).
Ahhh, the open secret... I gave away too many of my experiments. He got
pissed.
More accurately, you *hijacked* too many threads to insert your hmac
cipher into them, and then did not listen and crucially, *adjust your
behavior in the face of negative feedback* about your doing so, with
the result that he got tired of the hijacking and killfiled you.
Oh. I do remember him getting pissed off about me talking to much about
my progress with SCOS.
Rich
2024-06-22 20:37:32 UTC
Permalink
Post by Chris M. Thomasson
Post by Rich
Post by Chris M. Thomasson
Post by Rich
Chris very much so likes to "insert" his hmac cipher into every
discussion thread, even those where it is off topic (although the
off-topicness is questionable here....).
He did this so much that Richard Heathfield killfiled him a couple
years back after having become frustrated with his "insertions" (among
other things).
Ahhh, the open secret... I gave away too many of my experiments. He got
pissed.
More accurately, you *hijacked* too many threads to insert your hmac
cipher into them, and then did not listen and crucially, *adjust your
behavior in the face of negative feedback* about your doing so, with
the result that he got tired of the hijacking and killfiled you.
Oh. I do remember him getting pissed off about me talking to much about
my progress with SCOS.
Ah, that too, you revealed some details that he asked the group not to
reveal, in order that the 'challenge' of cracking it oneself remained
possible.
Loading...