A new idea to solve the problem with a secret (well, now not so secret)
code scheme, one that you don't have to keep hiding. Here we can hide it
in plain sight. :)

Go here, It's a Sudoku game:

(bring out the link glue)

https://www.chiark.greenend.org.uk/~sgtatham/puzzles/js/
solo.html#3x3:2b9_6i2a4c9_8c6b2_1c8b4b2a1b3b6c2_5b8c4_7c5a1i5_6b8

You can get a link to the game and challenge your friends, or enemies, to
solve it. But that's not my point. Instead, look at the digits. Pick each
digit from top to bottom throughout the game plan, assemble them into a
long string:

29962846214621832585415678

You can even click on Solve to get even more digits, 81 in total:

214963587768512349539847162321675894495281673876439251682394715957128436143756928

Similar to what "Data" did on Star Trek TNG when he locked the main
computer, which brings up the fair question: was that string of numbers in
the script? ;)

One can also convert them to hex for even more obfuscation:
>>> ''.join([hex(ord(c))[2:] for c in n])
'3231343936333538373736383531323334393533393834373136323332313637353839343439353
23831363733383736343339323531363832333934373135393537313238343336313433373536393
238'

Gpoing back to the original:

>>> from textwrap import wrap; ''.join([chr(int(n, 16)) for n in
wrap(''.join([hex(ord(c))[2:] for c in n]), 2)])
'214963587768512349539847162321675894495281673876439251682394715957128436143756928'

For a bit more clarity, I realized it became a little bit murky:

>>> h = ''.join([hex(ord(c))[2:] for c in n])
>>> from textwrap import wrap
>>> ''.join([chr(int(n, 16)) for n in wrap(h, 2)])
'214963587768512349539847162321675894495281673876439251682394715957128436143756928'

Keeping a link to a game "someone" (ahem, fake address anyone?) in your
inbox wouldn't be too suspicious:

--------------------------------------------------------------------------------
Email received: 2024-06-20@16:23:18 GMT
From: Mr. Alan L. Terego <al-terego@ptro-mail.url>
To: cri-cri <c-r-i@ptro-mail.url>
Subject: Here's my challenge for you :)

Body:

Hi,

Just thought you might enjoy this little challenge Sudoku game. It's quite
easy to solve, actually. I solved it in a couple of minutes.

https://www.chiark.greenend.org.uk/~sgtatham/puzzles/js/
solo.html#3x3:2b9_6i2a4c9_8c6b2_1c8b4b2a1b3b6c2_5b8c4_7c5a1i5_6b8

How did you do? Let me know. :)

Regards,
Alan.
--------------------------------------------------------------------------------

Simon has several other games on that site as well. Maybe not all of them
lend themselves to picking a random-ish key, but well, anyway.

For the observant curious-minded:
"ptro" is the (written) sound you'd make to bring a Swedish horse to a
halt. The opposite (written) sound is "mpah-mpah." Now you know. ;)

--
Cri-Cri

Cri-Cri <cri@cri.cri.invalid> wrote:
> A new idea to solve the problem with a secret (well, now not so secret)
> code scheme, one that you don't have to keep hiding. Here we can hide it
> in plain sight. :)
>
> Go here, It's a Sudoku game:

Interesting idea. One could even obtain a paper sudoku book and
"solve" a portion of the games, with one preselected one being "filled
in" for the key one is transporting. Most "police" types are not
likely to look twice at a paper sudoku book, and certianly are not
going to "verify" that the partially solved puzzles are all correctly
solved.

And, if one was worried that some stazi type might "verify" the puzzles
for correctness, then just solve ~ 50% of the puzzles in the book
correctly, and choose one of those 'correct' puzzles to be the source
for the 'key'.

And key source can also be obsfucated somewhat, in that one could
combine the numbers in a pattern (zig-zag, circular, etc., i.e.,
anything other than left to right top to bottom).

On Thu, 20 Jun 2024 16:02:03 -0000 (UTC), Rich wrote:

> And key source can also be obsfucated somewhat, in that one could
> combine the numbers in a pattern (zig-zag, circular, etc., i.e.,
> anything other than left to right top to bottom).

Yes, it could be built upon indefinitely. I suppose even being used as a
code in itself. For example, grouping numbers for page-row-word numbers in
some book. If only a few words are in need of being encrypted, like
"DELIVERY FRIDAY", 81 digits might be enough.

And, who's to know that we aren't writing in code now? ;)

--
Cri-Cri

On 6/20/2024 7:06 PM, Cri-Cri wrote:
> On Thu, 20 Jun 2024 16:02:03 -0000 (UTC), Rich wrote:
>
>> And key source can also be obsfucated somewhat, in that one could
>> combine the numbers in a pattern (zig-zag, circular, etc., i.e.,
>> anything other than left to right top to bottom).
>
> Yes, it could be built upon indefinitely. I suppose even being used as a
> code in itself. For example, grouping numbers for page-row-word numbers in
> some book. If only a few words are in need of being encrypted, like
> "DELIVERY FRIDAY", 81 digits might be enough.
>
> And, who's to know that we aren't writing in code now? ;)
>

http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=4719759cad9265f6f38ec25a7fbec19144df819e9f049d87a016c43a86c864c66366e5162872b616a579549433dbcb93fa5d17601e6f8e9c6eb9c34ff0884362a13437d0d0714f18f8ff2ab75a37a4ee

On Thu, 20 Jun 2024 19:16:00 -0700, Chris M. Thomasson wrote:

> http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?
ct_hmac_cipher=4719759cad9265f6f38ec25a7fbec19144df819e9f049d87a016c43a86c864c66366e5162872b616a579549433dbcb93fa5d17601e6f8e9c6eb9c34ff0884362a13437d0d0714f18f8ff2ab75a37a4ee

I don't get it.

--
Cri-Cri

Cri-Cri <cri@cri.cri.invalid> wrote:
> On Thu, 20 Jun 2024 19:16:00 -0700, Chris M. Thomasson wrote:
>
>> http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?
> ct_hmac_cipher=4719759cad9265f6f38ec25a7fbec19144df819e9f049d87a016c43a86c864c66366e5162872b616a579549433dbcb93fa5d17601e6f8e9c6eb9c34ff0884362a13437d0d0714f18f8ff2ab75a37a4ee
>
> I don't get it.

Chris likes to insert his hmac cipher into every thread.

On 6/20/2024 7:33 PM, Cri-Cri wrote:
> On Thu, 20 Jun 2024 19:16:00 -0700, Chris M. Thomasson wrote:
>
>> http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?
> ct_hmac_cipher=4719759cad9265f6f38ec25a7fbec19144df819e9f049d87a016c43a86c864c66366e5162872b616a579549433dbcb93fa5d17601e6f8e9c6eb9c34ff0884362a13437d0d0714f18f8ff2ab75a37a4ee
>
> I don't get it.
>

Decrypted:

No shit! Thanks.

A screenshot:

https://i.ibb.co/LZ4trty/image.png

Fwiw, it creates new ciphertexts for every encryption even with the same
password and/or plaintext. I suppose this not ideal for complex password
out of simple password because of this aspect. For instance the
following ciphertexts all decrypt to the same plaintext using the
default password:

http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=3640b7867c54d6772eaae63b82668e36540dad000fb6e4f2671ca3bd9446da70e6490d30d8bf7d202d441e54f8c04dd626c408726cdea0910319cede6dc0e6ea9c52ce33bfcb872e38723794598cb26b2ca9

http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=3c4b00215bca08f21d738457ff87595ea75ecb58a7953591155880d35b86f77923a307cc7fd66e3bb62935924b25486cdadb85080d61947f399fbbf2d61e59c8a5d015f096121432438ab295bbb4cae72932

http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=4a5c14cd33c892bb7fa341d795c6541a174c398a4dee445d13b698833adf41b426153b90d969e7c2b6b000e5819977dae69a2bf947f5f287158973135a55508a91aaf575b11f3345d971a0307afccfd32eff

Max head room? lol.

https://youtu.be/6epzmRZk6UU

On 6/20/2024 8:45 PM, Chris M. Thomasson wrote:
> On 6/20/2024 7:33 PM, Cri-Cri wrote:
>> On Thu, 20 Jun 2024 19:16:00 -0700, Chris M. Thomasson wrote:
>>
>>> http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?
>> ct_hmac_cipher=4719759cad9265f6f38ec25a7fbec19144df819e9f049d87a016c43a86c864c66366e5162872b616a579549433dbcb93fa5d17601e6f8e9c6eb9c34ff0884362a13437d0d0714f18f8ff2ab75a37a4ee
>>
>> I don't get it.
>>
>
> Decrypted:
>
> No shit! Thanks.
>
>
> A screenshot:
>
> https://i.ibb.co/LZ4trty/image.png
>
> Fwiw, it creates new ciphertexts for every encryption even with the same
> password and/or plaintext. I suppose this not ideal for complex password
> out of simple password because of this aspect. For instance the
> following ciphertexts all decrypt to the same plaintext using the
> default password:
>
> http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=3640b7867c54d6772eaae63b82668e36540dad000fb6e4f2671ca3bd9446da70e6490d30d8bf7d202d441e54f8c04dd626c408726cdea0910319cede6dc0e6ea9c52ce33bfcb872e38723794598cb26b2ca9
>
>
> http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=3c4b00215bca08f21d738457ff87595ea75ecb58a7953591155880d35b86f77923a307cc7fd66e3bb62935924b25486cdadb85080d61947f399fbbf2d61e59c8a5d015f096121432438ab295bbb4cae72932
>
>
>
> http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=4a5c14cd33c892bb7fa341d795c6541a174c398a4dee445d13b698833adf41b426153b90d969e7c2b6b000e5819977dae69a2bf947f5f287158973135a55508a91aaf575b11f3345d971a0307afccfd32eff
>
>
> Max head room? lol.
>
> https://youtu.be/6epzmRZk6UU
>
>

Same plaintext and default password ciphertext:

http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=e3522db2752690acf8ec1772e3ec539d308179a0a83f60d486c5bae8d753174325a6e7bb9e7436b40085db5e234ffb897d0183bd6c2cf01ffb6c5850ea0b2b85f932976e2940b579447d8dbe839d04c6c710

On Thu, 20 Jun 2024 20:45:24 -0700, Chris M. Thomasson wrote:

> Decrypted: <<< that...

....was not what I didn't understand. I am perfectly capable of clicking on
links.

> No shit! Thanks. <<< this...

....was what I did't understand. The way it is written it looks like an
insult.

--
Cri-Cri

On 6/21/2024 11:24 AM, Cri-Cri wrote:
> On Thu, 20 Jun 2024 20:45:24 -0700, Chris M. Thomasson wrote:
>
>> Decrypted: <<< that...
>
> ...was not what I didn't understand. I am perfectly capable of clicking on
> links.
>
>> No shit! Thanks. <<< this...
>
> ...was what I did't understand. The way it is written it looks like an
> insult.
>

No insult at all. I was just thinking that the way my HMAC program
creates a new ciphertext for each encryption even if the plaintext
and/or password is the same might not work so good for generating a
complex password from a simple password...

Cri-Cri <cri@cri.cri.invalid> wrote:
> On Thu, 20 Jun 2024 20:45:24 -0700, Chris M. Thomasson wrote:

Chris very much so likes to "insert" his hmac cipher into every
discussion thread, even those where it is off topic (although the
off-topicness is questionable here....).

He did this so much that Richard Heathfield killfiled him a couple
years back after having become frustrated with his "insertions" (among
other things).

It is best to just ignore his off-topic insertion of quasi-advertising
of his hmac cipher into every thread. If this becomes too much,
there is always the killfile method of ignoring the posts.

On 6/21/2024 3:01 PM, Rich wrote:
> Cri-Cri <cri@cri.cri.invalid> wrote:
>> On Thu, 20 Jun 2024 20:45:24 -0700, Chris M. Thomasson wrote:
>
> Chris very much so likes to "insert" his hmac cipher into every
> discussion thread, even those where it is off topic (although the
> off-topicness is questionable here....).
>
> He did this so much that Richard Heathfield killfiled him a couple
> years back after having become frustrated with his "insertions" (among
> other things).
>
> It is best to just ignore his off-topic insertion of quasi-advertising
> of his hmac cipher into every thread. If this becomes too much,
> there is always the killfile method of ignoring the posts.

I was just thinking of how to create a complex password from a simple
password. My work came to mind, however, it does not work because it
creates a new ciphertext for every encryption. So, that sucks for the
task at hand.

On 6/21/2024 3:01 PM, Rich wrote:
> Cri-Cri <cri@cri.cri.invalid> wrote:
>> On Thu, 20 Jun 2024 20:45:24 -0700, Chris M. Thomasson wrote:
>
> Chris very much so likes to "insert" his hmac cipher into every
> discussion thread, even those where it is off topic (although the
> off-topicness is questionable here....).
>
> He did this so much that Richard Heathfield killfiled him a couple
> years back after having become frustrated with his "insertions" (among
> other things).

Ahhh, the open secret... I gave away too many of my experiments. He got
pissed.

>
> It is best to just ignore his off-topic insertion of quasi-advertising
> of his hmac cipher into every thread. If this becomes too much,
> there is always the killfile method of ignoring the posts.

On 6/21/2024 10:12 PM, Chris M. Thomasson wrote:
> On 6/21/2024 3:01 PM, Rich wrote:
>> Cri-Cri <cri@cri.cri.invalid> wrote:
>>> On Thu, 20 Jun 2024 20:45:24 -0700, Chris M. Thomasson wrote:
>>
>> Chris very much so likes to "insert" his hmac cipher into every
>> discussion thread, even those where it is off topic (although the
>> off-topicness is questionable here....).
>>
>> He did this so much that Richard Heathfield killfiled him a couple
>> years back after having become frustrated with his "insertions" (among
>> other things).
>>
>> It is best to just ignore his off-topic insertion of quasi-advertising
>> of his hmac cipher into every thread.  If this becomes too much,
>> there is always the killfile method of ignoring the posts.
>
> I was just thinking of how to create a complex password from a simple
> password. My work came to mind, however, it does not work because it
> creates a new ciphertext for every encryption. So, that sucks for the
> task at hand.

Humm... I wonder if I should alter the UI to allow for a user to turn
this aspect on or off... Hummm... Default would be the way it is.
Turning it off means that a simple password will always generate the
same complex password. Humm...

On 21/06/2024 21:31, Chris M. Thomasson wrote:
> ... generating a
> complex password from a simple password...

You can't actually increase the entropy

Op 22-6-2024 om 10:54 schreef Richard Harnden:
> On 21/06/2024 21:31, Chris M. Thomasson wrote:
>> ... generating a
>> complex password from a simple password...
>
> You can't actually increase the entropy
>

Perhaps, but the recent discussions here seem to boil down to "password
based key derivation functions" which may frustrate bruteforce attacks a
bit.

cheers
Oscar

Chris M. Thomasson <chris.m.thomasson.1@gmail.com> wrote:
> On 6/21/2024 3:01 PM, Rich wrote:
>> Cri-Cri <cri@cri.cri.invalid> wrote:
>>> On Thu, 20 Jun 2024 20:45:24 -0700, Chris M. Thomasson wrote:
>>
>> Chris very much so likes to "insert" his hmac cipher into every
>> discussion thread, even those where it is off topic (although the
>> off-topicness is questionable here....).
>>
>> He did this so much that Richard Heathfield killfiled him a couple
>> years back after having become frustrated with his "insertions" (among
>> other things).
>
> Ahhh, the open secret... I gave away too many of my experiments. He got
> pissed.

More accurately, you *hijacked* too many threads to insert your hmac
cipher into them, and then did not listen and crucially, *adjust your
behavior in the face of negative feedback* about your doing so, with
the result that he got tired of the hijacking and killfiled you.

Oscar <oxxxxxxxxxxxs@gmail.com> wrote:
> Op 22-6-2024 om 10:54 schreef Richard Harnden:
>> On 21/06/2024 21:31, Chris M. Thomasson wrote:
>>> ... generating a
>>> complex password from a simple password...
>>
>> You can't actually increase the entropy
>>
>
> Perhaps, but the recent discussions here seem to boil down to "password
> based key derivation functions" which may frustrate bruteforce attacks a
> bit.

The thread has kind of drifted in that direction. It began as a way to
try to "remember" a complex password by encoding it as "something else"
such that one might not need to worry should the stazi examine your
papers and find the "something else" in your possession.

On 6/22/2024 9:09 AM, Rich wrote:
> Chris M. Thomasson <chris.m.thomasson.1@gmail.com> wrote:
>> On 6/21/2024 3:01 PM, Rich wrote:
>>> Cri-Cri <cri@cri.cri.invalid> wrote:
>>>> On Thu, 20 Jun 2024 20:45:24 -0700, Chris M. Thomasson wrote:
>>>
>>> Chris very much so likes to "insert" his hmac cipher into every
>>> discussion thread, even those where it is off topic (although the
>>> off-topicness is questionable here....).
>>>
>>> He did this so much that Richard Heathfield killfiled him a couple
>>> years back after having become frustrated with his "insertions" (among
>>> other things).
>>
>> Ahhh, the open secret... I gave away too many of my experiments. He got
>> pissed.
>
> More accurately, you *hijacked* too many threads to insert your hmac
> cipher into them, and then did not listen and crucially, *adjust your
> behavior in the face of negative feedback* about your doing so, with
> the result that he got tired of the hijacking and killfiled you.
>

Oh. I do remember him getting pissed off about me talking to much about
my progress with SCOS.

On 6/22/2024 1:54 AM, Richard Harnden wrote:
> On 21/06/2024 21:31, Chris M. Thomasson wrote:
>> ... generating a
>> complex password from a simple password...
>
> You can't actually increase the entropy
>

I think so. However, it's interesting to use HMAC wrt a simple password,
in my case: (the password _and_ the plaintext) to generate a more
"complex" password? The problem I have with my work wrt this task
(complex password derived from simple password) is that it generates a
new ciphertext even if the plaintext and/or password have not been
altered at all. I am thinking of adding in something to the UI to
control this aspect.

Chris M. Thomasson <chris.m.thomasson.1@gmail.com> wrote:
> On 6/22/2024 9:09 AM, Rich wrote:
>> Chris M. Thomasson <chris.m.thomasson.1@gmail.com> wrote:
>>> On 6/21/2024 3:01 PM, Rich wrote:
>>>> Cri-Cri <cri@cri.cri.invalid> wrote:
>>>>> On Thu, 20 Jun 2024 20:45:24 -0700, Chris M. Thomasson wrote:
>>>>
>>>> Chris very much so likes to "insert" his hmac cipher into every
>>>> discussion thread, even those where it is off topic (although the
>>>> off-topicness is questionable here....).
>>>>
>>>> He did this so much that Richard Heathfield killfiled him a couple
>>>> years back after having become frustrated with his "insertions" (among
>>>> other things).
>>>
>>> Ahhh, the open secret... I gave away too many of my experiments. He got
>>> pissed.
>>
>> More accurately, you *hijacked* too many threads to insert your hmac
>> cipher into them, and then did not listen and crucially, *adjust your
>> behavior in the face of negative feedback* about your doing so, with
>> the result that he got tired of the hijacking and killfiled you.
>>
>
> Oh. I do remember him getting pissed off about me talking to much about
> my progress with SCOS.

Ah, that too, you revealed some details that he asked the group not to
reveal, in order that the 'challenge' of cracking it oneself remained
possible.

Rich wrote:
> Oscar <oxxxxxxxxxxxs@gmail.com> wrote:
> > Op 22-6-2024 om 10:54 schreef Richard Harnden:
> > > On 21/06/2024 21:31, Chris M. Thomasson wrote:
> > > > ... generating a
> > > > complex password from a simple password...
> > >
> > > You can't actually increase the entropy
> > >
> >
> > Perhaps, but the recent discussions here seem to boil down to "password
> > based key derivation functions" which may frustrate bruteforce attacks a
> > bit.
>
> The thread has kind of drifted in that direction. It began as a way to
> try to "remember" a complex password by encoding it as "something else"
> such that one might not need to worry should the stazi examine your
> papers and find the "something else" in your possession.

Well, regarding "password based key derivation functions". I have uploaded
'red' to my GitHub repositories, which allows users to generate deterministic
Ed25519 key pairs, in hex notation. and then sign, for example, Usenet messages
(like this one). :-)

https://github.com/stefanclaas/red

--
Regards
Stefan