[...]
I updated my site to use HTTPS. So, I need to alter my link code to
include https://*

sorry about that shit!

;^o

There your larger concern would be someone hiding a backdoor in the
python library you utilize to perform the HMAC. I.e., someone
slipping compressed and obsfucated test files into the tests directory
for the library, then modifying the python build system in a sly way to
deobsfucate and decompress the test files, yielding "backdoor code"
that is slyly inserted into the copy of the library your example on the
web loads when it does its work.

While that is tricky to keep hidden, it is by far your bigger threat
than worrying that there's a backdoor in the underlying HMAC algorithm.
The underlying algorithm (assuming it is SHA or one of the other known
ones) has likely been vetted enough that it (if followed to the letter
by a given library) does not have a probem.

But the library you use, do you carefully check just exactly what
changed when you upgrade to a new version (for whatever reason you
might upgrade to a new version)? That's the path to being backdoored,
something getting slipped into the library code you are using.

And, note, the library could be backdoored such that when you feed it
data, it produces the exact expected outputs (while also doing
something else as well). Which would mean any tests you might have
yourself to verify the library produces correct hash outputs would
pass, even though the "backdoor code" got inserted.

Write-once CDs are also good.

Peter Fairbrother

Hopefully it would be manufactured by myself. Say, it's actually clean.
No problems wrt adulteration.
Hopefully a minimalist OS that "everybody" deemed to be clean. Okay to use.
Hopefully it passed all inspection _before_ this total destruction event
can occur.
So, is there a way to use a clean room, a clean computer and a clean
medium to store the encrypted file? Assuming clean means clean... ;^o
Damn again!

The magic word is "air-gapped".

Plus "Faraday caged". Though a faraday cage can transmit magnetic
fields, so "magnetically shielded". And the power supply can transmit
info, so "internally powered". And to stop remote
over-the-shoulder-surfing, "opaque". "Soundproof", of course. Und so weiter.
A writable CD is better, less places to put a hardware back door. A
blowtorch works well for later secure deletion of the CD. For those who
might object to the fumes, you could print out the ciphertext as a
series of QR type codes on paper, then burn them.



However even then a backdoor might reveal the key in the ciphertext in
eg padding, nonces, through limiting possible key selections etc. etc;
perhaps in encrypted form so only the unintended recipient can read it,
and to make it look random as good ciphertext should look and thus
harder to detect.

That might sound complicated but if you know which encryption algorithms
are to be used and have hardware or software access to the computer
before the encryption is done it is fairly straightforward to implement.
For the rest of us mortals (or perhaps more importantly, for our
clients), it can be a matter of life and death, for a lifetime.


100% security is very very very hard, often impossible. Yet security is
still a Boolean (tenth law).

Peter Fairbrother

http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=7cd81c0eb4f827492e1f5cd2c2b8125a66c42bd7448bc55fb1fd02051f30ca503accfe75a9e5bb0adb8eb90ae15dcc3de421c3fdf43a88853dc04a5c20a8d373327fc04cb8e3b0a8f00dd2bf577e8751eacd4239769f4980eb7b4c17d620b1b3bae1d2d48bad80b1136b47bced287007efa7d19102