1. Forum
  2. Usenet
  3. SCI.CRYPT

  • Speaking of long-ish passwords

    From Cri-Cri@21:1/5 to All on Thu Jun 20 15:17:57 2024
    A new idea to solve the problem with a secret (well, now not so secret)
    code scheme, one that you don't have to keep hiding. Here we can hide it
    in plain sight. :)

    Go here, It's a Sudoku game:

    (bring out the link glue)

    https://www.chiark.greenend.org.uk/~sgtatham/puzzles/js/ solo.html#3x3:2b9_6i2a4c9_8c6b2_1c8b4b2a1b3b6c2_5b8c4_7c5a1i5_6b8

    You can get a link to the game and challenge your friends, or enemies, to
    solve it. But that's not my point. Instead, look at the digits. Pick each
    digit from top to bottom throughout the game plan, assemble them into a
    long string:

    29962846214621832585415678

    You can even click on Solve to get even more digits, 81 in total:

    214963587768512349539847162321675894495281673876439251682394715957128436143756928

    Similar to what "Data" did on Star Trek TNG when he locked the main
    computer, which brings up the fair question: was that string of numbers in
    the script? ;)

    One can also convert them to hex for even more obfuscation:
    ''.join([hex(ord(c))[2:] for c in n]) '3231343936333538373736383531323334393533393834373136323332313637353839343439353
    23831363733383736343339323531363832333934373135393537313238343336313433373536393
    238'

    Gpoing back to the original:

    from textwrap import wrap; ''.join([chr(int(n, 16)) for n in wrap(''.join([hex(ord(c))[2:] for c in n]), 2)]) '214963587768512349539847162321675894495281673876439251682394715957128436143756928'

    For a bit more clarity, I realized it became a little bit murky:

    h = ''.join([hex(ord(c))[2:] for c in n])
    from textwrap import wrap
    ''.join([chr(int(n, 16)) for n in wrap(h, 2)]) '214963587768512349539847162321675894495281673876439251682394715957128436143756928'

    Keeping a link to a game "someone" (ahem, fake address anyone?) in your
    inbox wouldn't be too suspicious:

    --------------------------------------------------------------------------------
    Email received: 2024-06-20@16:23:18 GMT
    From: Mr. Alan L. Terego <al-terego@ptro-mail.url>
    To: cri-cri <c-r-i@ptro-mail.url>
    Subject: Here's my challenge for you :)

    Body:

    Hi,

    Just thought you might enjoy this little challenge Sudoku game. It's quite
    easy to solve, actually. I solved it in a couple of minutes.

    https://www.chiark.greenend.org.uk/~sgtatham/puzzles/js/ solo.html#3x3:2b9_6i2a4c9_8c6b2_1c8b4b2a1b3b6c2_5b8c4_7c5a1i5_6b8

    How did you do? Let me know. :)

    Regards,
    Alan. --------------------------------------------------------------------------------

    Simon has several other games on that site as well. Maybe not all of them
    lend themselves to picking a random-ish key, but well, anyway.

    For the observant curious-minded:
    "ptro" is the (written) sound you'd make to bring a Swedish horse to a
    halt. The opposite (written) sound is "mpah-mpah." Now you know. ;)

    --
    Cri-Cri

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Rich@21:1/5 to Cri-Cri on Thu Jun 20 16:02:03 2024
    Cri-Cri <cri@cri.cri.invalid> wrote:
    A new idea to solve the problem with a secret (well, now not so secret)
    code scheme, one that you don't have to keep hiding. Here we can hide it
    in plain sight. :)

    Go here, It's a Sudoku game:

    Interesting idea. One could even obtain a paper sudoku book and
    "solve" a portion of the games, with one preselected one being "filled
    in" for the key one is transporting. Most "police" types are not
    likely to look twice at a paper sudoku book, and certianly are not
    going to "verify" that the partially solved puzzles are all correctly
    solved.

    And, if one was worried that some stazi type might "verify" the puzzles
    for correctness, then just solve ~ 50% of the puzzles in the book
    correctly, and choose one of those 'correct' puzzles to be the source
    for the 'key'.

    And key source can also be obsfucated somewhat, in that one could
    combine the numbers in a pattern (zig-zag, circular, etc., i.e.,
    anything other than left to right top to bottom).

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Cri-Cri@21:1/5 to Rich on Fri Jun 21 02:06:14 2024
    On Thu, 20 Jun 2024 16:02:03 -0000 (UTC), Rich wrote:

    And key source can also be obsfucated somewhat, in that one could
    combine the numbers in a pattern (zig-zag, circular, etc., i.e.,
    anything other than left to right top to bottom).

    Yes, it could be built upon indefinitely. I suppose even being used as a
    code in itself. For example, grouping numbers for page-row-word numbers in
    some book. If only a few words are in need of being encrypted, like
    "DELIVERY FRIDAY", 81 digits might be enough.

    And, who's to know that we aren't writing in code now? ;)

    --
    Cri-Cri

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Cri-Cri@21:1/5 to Chris M. Thomasson on Fri Jun 21 02:33:25 2024
    On Thu, 20 Jun 2024 19:16:00 -0700, Chris M. Thomasson wrote:

    http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?
    ct_hmac_cipher=4719759cad9265f6f38ec25a7fbec19144df819e9f049d87a016c43a86c864c66366e5162872b616a579549433dbcb93fa5d17601e6f8e9c6eb9c34ff0884362a13437d0d0714f18f8ff2ab75a37a4ee

    I don't get it.

    --
    Cri-Cri

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Rich@21:1/5 to Cri-Cri on Fri Jun 21 03:00:06 2024
    Cri-Cri <cri@cri.cri.invalid> wrote:
    On Thu, 20 Jun 2024 19:16:00 -0700, Chris M. Thomasson wrote:

    http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?
    ct_hmac_cipher=4719759cad9265f6f38ec25a7fbec19144df819e9f049d87a016c43a86c864c66366e5162872b616a579549433dbcb93fa5d17601e6f8e9c6eb9c34ff0884362a13437d0d0714f18f8ff2ab75a37a4ee

    I don't get it.

    Chris likes to insert his hmac cipher into every thread.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Cri-Cri@21:1/5 to Chris M. Thomasson on Fri Jun 21 18:24:15 2024
    On Thu, 20 Jun 2024 20:45:24 -0700, Chris M. Thomasson wrote:

    Decrypted: <<< that...

    ...was not what I didn't understand. I am perfectly capable of clicking on links.

    No shit! Thanks. <<< this...

    ...was what I did't understand. The way it is written it looks like an
    insult.

    --
    Cri-Cri

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Rich@21:1/5 to Cri-Cri on Fri Jun 21 22:01:41 2024
    Cri-Cri <cri@cri.cri.invalid> wrote:
    On Thu, 20 Jun 2024 20:45:24 -0700, Chris M. Thomasson wrote:

    Chris very much so likes to "insert" his hmac cipher into every
    discussion thread, even those where it is off topic (although the
    off-topicness is questionable here....).

    He did this so much that Richard Heathfield killfiled him a couple
    years back after having become frustrated with his "insertions" (among
    other things).

    It is best to just ignore his off-topic insertion of quasi-advertising
    of his hmac cipher into every thread. If this becomes too much,
    there is always the killfile method of ignoring the posts.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Richard Harnden@21:1/5 to Chris M. Thomasson on Sat Jun 22 09:54:17 2024
    On 21/06/2024 21:31, Chris M. Thomasson wrote:
    ... generating a
    complex password from a simple password...

    You can't actually increase the entropy

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Rich@21:1/5 to Oscar on Sat Jun 22 16:12:14 2024
    Oscar <oxxxxxxxxxxxs@gmail.com> wrote:
    Op 22-6-2024 om 10:54 schreef Richard Harnden:
    On 21/06/2024 21:31, Chris M. Thomasson wrote:
    ... generating a
    complex password from a simple password...

    You can't actually increase the entropy


    Perhaps, but the recent discussions here seem to boil down to "password
    based key derivation functions" which may frustrate bruteforce attacks a
    bit.

    The thread has kind of drifted in that direction. It began as a way to
    try to "remember" a complex password by encoding it as "something else"
    such that one might not need to worry should the stazi examine your
    papers and find the "something else" in your possession.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Rich@21:1/5 to Chris M. Thomasson on Sat Jun 22 16:09:05 2024
    Chris M. Thomasson <chris.m.thomasson.1@gmail.com> wrote:
    On 6/21/2024 3:01 PM, Rich wrote:
    Cri-Cri <cri@cri.cri.invalid> wrote:
    On Thu, 20 Jun 2024 20:45:24 -0700, Chris M. Thomasson wrote:

    Chris very much so likes to "insert" his hmac cipher into every
    discussion thread, even those where it is off topic (although the
    off-topicness is questionable here....).

    He did this so much that Richard Heathfield killfiled him a couple
    years back after having become frustrated with his "insertions" (among
    other things).

    Ahhh, the open secret... I gave away too many of my experiments. He got pissed.

    More accurately, you *hijacked* too many threads to insert your hmac
    cipher into them, and then did not listen and crucially, *adjust your
    behavior in the face of negative feedback* about your doing so, with
    the result that he got tired of the hijacking and killfiled you.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Rich@21:1/5 to Chris M. Thomasson on Sat Jun 22 20:37:32 2024
    Chris M. Thomasson <chris.m.thomasson.1@gmail.com> wrote:
    On 6/22/2024 9:09 AM, Rich wrote:
    Chris M. Thomasson <chris.m.thomasson.1@gmail.com> wrote:
    On 6/21/2024 3:01 PM, Rich wrote:
    Cri-Cri <cri@cri.cri.invalid> wrote:
    On Thu, 20 Jun 2024 20:45:24 -0700, Chris M. Thomasson wrote:

    Chris very much so likes to "insert" his hmac cipher into every
    discussion thread, even those where it is off topic (although the
    off-topicness is questionable here....).

    He did this so much that Richard Heathfield killfiled him a couple
    years back after having become frustrated with his "insertions" (among >>>> other things).

    Ahhh, the open secret... I gave away too many of my experiments. He got
    pissed.

    More accurately, you *hijacked* too many threads to insert your hmac
    cipher into them, and then did not listen and crucially, *adjust your
    behavior in the face of negative feedback* about your doing so, with
    the result that he got tired of the hijacking and killfiled you.


    Oh. I do remember him getting pissed off about me talking to much about
    my progress with SCOS.

    Ah, that too, you revealed some details that he asked the group not to
    reveal, in order that the 'challenge' of cracking it oneself remained
    possible.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Stefan Claas@21:1/5 to Rich on Sat Jun 29 15:20:50 2024
    Rich wrote:
    Oscar <oxxxxxxxxxxxs@gmail.com> wrote:
    Op 22-6-2024 om 10:54 schreef Richard Harnden:
    On 21/06/2024 21:31, Chris M. Thomasson wrote:
    ... generating a
    complex password from a simple password...

    You can't actually increase the entropy


    Perhaps, but the recent discussions here seem to boil down to "password based key derivation functions" which may frustrate bruteforce attacks a bit.

    The thread has kind of drifted in that direction. It began as a way to
    try to "remember" a complex password by encoding it as "something else"
    such that one might not need to worry should the stazi examine your
    papers and find the "something else" in your possession.

    Well, regarding "password based key derivation functions". I have uploaded 'red' to my GitHub repositories, which allows users to generate deterministic Ed25519 key pairs, in hex notation. and then sign, for example, Usenet messages (like this one). :-)

    https://github.com/stefanclaas/red

    --
    Regards
    Stefan

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)