Rocksolid Light

News from da outaworlds

mail  files  register  groups  login

Message-ID:  

Q: What is the sound of one cat napping? A: Mu.


sci / sci.crypt / Re: HMAC cipher and a TRNG...

SubjectAuthor
* HMAC cipher and a TRNG...Chris M. Thomasson
+- Re: HMAC cipher and a TRNG...Chris M. Thomasson
+* Re: HMAC cipher and a TRNG...colin
|`* Re: HMAC cipher and a TRNG...Chris M. Thomasson
| `* Re: HMAC cipher and a TRNG...colin
|  `* Re: HMAC cipher and a TRNG...Chris M. Thomasson
|   +- Re: HMAC cipher and a TRNG...Chris M. Thomasson
|   `* Re: HMAC cipher and a TRNG...Rich
|    `* Re: HMAC cipher and a TRNG...Chris M. Thomasson
|     `* Re: HMAC cipher and a TRNG...Chris M. Thomasson
|      `* Re: HMAC cipher and a TRNG...Chris M. Thomasson
|       `- Re: HMAC cipher and a TRNG...Chris M. Thomasson
`- Re: HMAC cipher and a TRNG...Chris M. Thomasson

1
Subject: HMAC cipher and a TRNG...
From: Chris M. Thomasson
Newsgroups: sci.crypt
Organization: A noiseless patient Spider
Date: Fri, 5 Jul 2024 20:45 UTC
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: chris.m.thomasson.1@gmail.com (Chris M. Thomasson)
Newsgroups: sci.crypt
Subject: HMAC cipher and a TRNG...
Date: Fri, 5 Jul 2024 13:45:06 -0700
Organization: A noiseless patient Spider
Lines: 24
Message-ID: <v69m0j$3e2id$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 05 Jul 2024 22:45:08 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="76186ae1836e352550e5f273f398ee5d";
logging-data="3607117"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+PM99pXgHscriuecwgiNsnoYFjFplN7Fk="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:TcwY7Y5jJ8/jq9W2/2ozoX8Jyn8=
Content-Language: en-US
View all headers

If anybody ever chooses to play around with my HMAC cipher, be sure to
remove the call to the PRNG that is used to create the random numbers in
the plaintext. Remove the call and replace it with a TRNG. It is meant
to use a TRNG, but my experimental implementation uses Java's prng. My
cipher is not even meant to be used with a CSPRNG! It needs a TRNG, damn
it! I think it should be hard to find a period in a TRNG. For instance,
is this a number? Think of a base 10 number where each digit uses a TRNG
for its value, 0 through 9.

A decimal expansion with regard to digits, for instance:

TRNG().[TRNG(), TRNG(), TRNG(), ...]

Is this a number, or not a number.

A 10-ary die should be able to do this, right?

Here is an example of my HMAC Cipher example. You should all be able to
examine the plaintext because it was encrypted using the default key.
Now, keep in mind, that if I encrypted this again, it would have a
different ciphertext. This is where I _really_ need to use a TRNG in a
real impl, so to speak...

http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=7d1be1354c3747f47031d9957ada1d2eece3850f30739d202c7b3c8347d4e144dde0afb6626243b2a5c60434025d40f033f636c785d8f1e3b30ac1888d34c1ea4a1d33b8ed9ed114126291fc4cb7cfadb875355b269972d993bc91d5a464bdd74fc64daabaf95c92ee6b387b6d152a3f4b970a57c17764d1f4ce3513a001f9544b53f0f78d0db45783da1b3a43b4e194ba5ad7abc30422140033c587a1ccc8da843b30d341b74e01914ac26451e34ee3f4057ca1f7cc92d832157ad19664b9c96c7db724f168a3fbbc4cfedd7cdfc1a3fcfff84b46e4df556f87c63960df62140ae56d89db8af1b465e5599c1e23ecaad35fa40f5d92fe8a1dfa57ea5f5726a0d5300d93581de70d1ec8009105984c24ea9f9a3337e30dd995a59e36af4c44534db8c28d35d0c6e086043175be5022cf7e2750fb401a095d926afbdb7f4754d52565c96d12db47a317df026dee567bb15cc71ea378c114bf83be7ec65cdc56d5820caa6a01a823a14b9cdef1249cb3f6bf02cc4a7ff5c98f980c2a4a0f69c72bbfbf

Subject: Re: HMAC cipher and a TRNG...
From: Chris M. Thomasson
Newsgroups: sci.crypt
Organization: A noiseless patient Spider
Date: Fri, 5 Jul 2024 20:50 UTC
References: 1
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: chris.m.thomasson.1@gmail.com (Chris M. Thomasson)
Newsgroups: sci.crypt
Subject: Re: HMAC cipher and a TRNG...
Date: Fri, 5 Jul 2024 13:50:32 -0700
Organization: A noiseless patient Spider
Lines: 33
Message-ID: <v69map$3e2id$2@dont-email.me>
References: <v69m0j$3e2id$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 05 Jul 2024 22:50:34 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="76186ae1836e352550e5f273f398ee5d";
logging-data="3607117"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX185fOYY7EFYLh+4W1pjNSbOgu50DHuwB6M="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:zLSll3+FBeB53axMVGk8ae2y+OY=
In-Reply-To: <v69m0j$3e2id$1@dont-email.me>
Content-Language: en-US
View all headers

On 7/5/2024 1:45 PM, Chris M. Thomasson wrote:
[...]
> ... http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=7d1be135...

I cut off the link above for brevity. Here is a screenshot of what you
should get on your end such you click on the link:

https://i.ibb.co/4R2NXLM/image.png

Here is my critical code, gui aside for a moment...:

https://fractallife247.com/test/hmac_cipher/ver_0_0_0_1/ct_main.js

Notice the following function:
________________________
function ct_rand_bytes(n) {
var output = new Array();

for (var i = 0; i < n; ++i) {
var byte = Math.floor(Math.random() * 255);
output.push(byte);
}

return output;
} ________________________

Okay, Math.random() needs to be a TRNG, damn it!!!!!!!!!!!

;^o

[...]

Subject: Re: HMAC cipher and a TRNG...
From: colin
Newsgroups: sci.crypt
Organization: A noiseless patient Spider
Date: Fri, 5 Jul 2024 23:29 UTC
References: 1
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: spamcollector393@gmail.com (colin)
Newsgroups: sci.crypt
Subject: Re: HMAC cipher and a TRNG...
Date: Sat, 6 Jul 2024 11:29:03 +1200
Organization: A noiseless patient Spider
Lines: 5
Message-ID: <v69vjv$3fu1v$1@dont-email.me>
References: <v69m0j$3e2id$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sat, 06 Jul 2024 01:29:04 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="0feb3e63a9571d7b43b6d1b081f4f92c";
logging-data="3668031"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/cYM09dfYSSm143eKON9/QKtHqp34WgVM="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:34Iud8W7kxhNNrnewzalahq0Pgw=
Content-Language: en-US
In-Reply-To: <v69m0j$3e2id$1@dont-email.me>
View all headers

> Here is an example of my HMAC Cipher example. You should all be able to
> examine the plaintext because it was encrypted using the default key.
> Now, keep in mind, that if I encrypted this again, it would have a
> different ciphertext.
Security 101 - don't reuse passwords

Subject: Re: HMAC cipher and a TRNG...
From: Chris M. Thomasson
Newsgroups: sci.crypt
Organization: A noiseless patient Spider
Date: Sat, 6 Jul 2024 21:24 UTC
References: 1 2
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: chris.m.thomasson.1@gmail.com (Chris M. Thomasson)
Newsgroups: sci.crypt
Subject: Re: HMAC cipher and a TRNG...
Date: Sat, 6 Jul 2024 14:24:10 -0700
Organization: A noiseless patient Spider
Lines: 10
Message-ID: <v6cclq$3veiq$1@dont-email.me>
References: <v69m0j$3e2id$1@dont-email.me> <v69vjv$3fu1v$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sat, 06 Jul 2024 23:24:10 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="dc2c633286188c32c212ea5809bbeb3f";
logging-data="4176474"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19C6czVQBmmMUFw5vBxGwg+I0BUDsJAuFA="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:HnzZbPZp7G8LdLaDFexVHldFEak=
In-Reply-To: <v69vjv$3fu1v$1@dont-email.me>
Content-Language: en-US
View all headers

On 7/5/2024 4:29 PM, colin wrote:
>> Here is an example of my HMAC Cipher example. You should all be able
>> to examine the plaintext because it was encrypted using the default
>> key. Now, keep in mind, that if I encrypted this again, it would have
>> a different ciphertext.
> Security 101 - don't reuse passwords

:^) Indeed. However, creating radically different ciphertexts for the
same plaintext and password on a per-encryption bases is interesting to
me... Humm...

Subject: Re: HMAC cipher and a TRNG...
From: colin
Newsgroups: sci.crypt
Organization: A noiseless patient Spider
Date: Sat, 6 Jul 2024 21:58 UTC
References: 1 2 3
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: spamcollector393@gmail.com (colin)
Newsgroups: sci.crypt
Subject: Re: HMAC cipher and a TRNG...
Date: Sun, 7 Jul 2024 09:58:54 +1200
Organization: A noiseless patient Spider
Lines: 22
Message-ID: <v6cemu$3vkt2$1@dont-email.me>
References: <v69m0j$3e2id$1@dont-email.me> <v69vjv$3fu1v$1@dont-email.me>
<v6cclq$3veiq$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sat, 06 Jul 2024 23:58:55 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="13443f441876dc73da114b39731893b1";
logging-data="4182946"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX192FzLmqa5w4sUEi4kMfo0HOQU6jlh0sxM="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:hU0CvbBeQVBEjA8hb3P2axJ/cys=
Content-Language: en-US
In-Reply-To: <v6cclq$3veiq$1@dont-email.me>
View all headers

On 7/07/24 09:24, Chris M. Thomasson wrote:
> On 7/5/2024 4:29 PM, colin wrote:
>>> Here is an example of my HMAC Cipher example. You should all be able
>>> to examine the plaintext because it was encrypted using the default
>>> key. Now, keep in mind, that if I encrypted this again, it would have
>>> a different ciphertext.
>> Security 101 - don't reuse passwords
>
> :^) Indeed. However, creating radically different ciphertexts for the
> same plaintext and password on a per-encryption bases is interesting to
> me... Humm...

Your advertising campaign seems to to be pushing this fact as a selling
point.

quote -
"Fwiw, it creates new ciphertexts for every encryption even with the
same password and/or plaintext."

Where your encryption is only as strong as a compromised reused
password. ( ie: pointless )

Subject: Re: HMAC cipher and a TRNG...
From: Chris M. Thomasson
Newsgroups: sci.crypt
Organization: A noiseless patient Spider
Date: Sun, 7 Jul 2024 19:33 UTC
References: 1 2 3 4
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: chris.m.thomasson.1@gmail.com (Chris M. Thomasson)
Newsgroups: sci.crypt
Subject: Re: HMAC cipher and a TRNG...
Date: Sun, 7 Jul 2024 12:33:59 -0700
Organization: A noiseless patient Spider
Lines: 35
Message-ID: <v6eqj8$f608$1@dont-email.me>
References: <v69m0j$3e2id$1@dont-email.me> <v69vjv$3fu1v$1@dont-email.me>
<v6cclq$3veiq$1@dont-email.me> <v6cemu$3vkt2$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 07 Jul 2024 21:34:01 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="0ecdb18ed35c2abf38d5c9c78345642e";
logging-data="497672"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/99YC5TtdfZdpnY5AfTzu4yYW41JI6uCA="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:LMbF+ANky1+I3ZwgOipBn/3JvCQ=
Content-Language: en-US
In-Reply-To: <v6cemu$3vkt2$1@dont-email.me>
View all headers

On 7/6/2024 2:58 PM, colin wrote:
> On 7/07/24 09:24, Chris M. Thomasson wrote:
>> On 7/5/2024 4:29 PM, colin wrote:
>>>> Here is an example of my HMAC Cipher example. You should all be able
>>>> to examine the plaintext because it was encrypted using the default
>>>> key. Now, keep in mind, that if I encrypted this again, it would
>>>> have a different ciphertext.
>>> Security 101 - don't reuse passwords
>>
>> :^) Indeed. However, creating radically different ciphertexts for the
>> same plaintext and password on a per-encryption bases is interesting
>> to me... Humm...
>
> Your advertising campaign seems to to be pushing this fact as a selling
> point.

Selling point, what do you mean? This is an experiment! It would be fun
if somebody could bust it wide open. Where they don't need a damn
password, the ciphertext is all they need. That would be fun to learn
about. Advertising campaign as in I need it to be properly examined
before it can be used at all. Forever experimental it shall be.

:^)

> quote -
> "Fwiw, it creates new ciphertexts for every encryption even with the
> same password and/or plaintext."
>
> Where your encryption is only as strong as a compromised reused
> password. ( ie: pointless )

A compromised secret password is bad. I was just interested if I could
create different ciphertexts for the same plaintext and password, as an
experiment. See?

Subject: Re: HMAC cipher and a TRNG...
From: Chris M. Thomasson
Newsgroups: sci.crypt
Organization: A noiseless patient Spider
Date: Sun, 7 Jul 2024 19:42 UTC
References: 1 2 3 4 5
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: chris.m.thomasson.1@gmail.com (Chris M. Thomasson)
Newsgroups: sci.crypt
Subject: Re: HMAC cipher and a TRNG...
Date: Sun, 7 Jul 2024 12:42:49 -0700
Organization: A noiseless patient Spider
Lines: 44
Message-ID: <v6er3q$f608$2@dont-email.me>
References: <v69m0j$3e2id$1@dont-email.me> <v69vjv$3fu1v$1@dont-email.me>
<v6cclq$3veiq$1@dont-email.me> <v6cemu$3vkt2$1@dont-email.me>
<v6eqj8$f608$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 07 Jul 2024 21:42:50 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="0ecdb18ed35c2abf38d5c9c78345642e";
logging-data="497672"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18mQxPstKUf82MRnpV9nzQrHDgdsDzAXfQ="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:CAK16iqPhqTYr3I3hH7MYSB5Zyw=
In-Reply-To: <v6eqj8$f608$1@dont-email.me>
Content-Language: en-US
View all headers

On 7/7/2024 12:33 PM, Chris M. Thomasson wrote:
> On 7/6/2024 2:58 PM, colin wrote:
>> On 7/07/24 09:24, Chris M. Thomasson wrote:
>>> On 7/5/2024 4:29 PM, colin wrote:
>>>>> Here is an example of my HMAC Cipher example. You should all be
>>>>> able to examine the plaintext because it was encrypted using the
>>>>> default key. Now, keep in mind, that if I encrypted this again, it
>>>>> would have a different ciphertext.
>>>> Security 101 - don't reuse passwords
>>>
>>> :^) Indeed. However, creating radically different ciphertexts for the
>>> same plaintext and password on a per-encryption bases is interesting
>>> to me... Humm...
>>
>> Your advertising campaign seems to to be pushing this fact as a
>> selling point.
>
> Selling point, what do you mean? This is an experiment! It would be fun
> if somebody could bust it wide open. Where they don't need a damn
> password, the ciphertext is all they need. That would be fun to learn
> about. Advertising campaign as in I need it to be properly examined
> before it can be used at all. Forever experimental it shall be.
>
> :^)
>
>
>> quote -
>> "Fwiw, it creates new ciphertexts for every encryption even with the
>> same password and/or plaintext."
>>
>> Where your encryption is only as strong as a compromised reused
>> password. ( ie: pointless )

If somebody has your secret key for any symmetric cipher, well, that is
bad, right? I must be missing something.

>
> A compromised secret password is bad. I was just interested if I could
> create different ciphertexts for the same plaintext and password, as an
> experiment. See?

Subject: Re: HMAC cipher and a TRNG...
From: Rich
Newsgroups: sci.crypt
Organization: A noiseless patient Spider
Date: Mon, 8 Jul 2024 03:10 UTC
References: 1 2 3 4 5
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: rich@example.invalid (Rich)
Newsgroups: sci.crypt
Subject: Re: HMAC cipher and a TRNG...
Date: Mon, 8 Jul 2024 03:10:03 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 66
Message-ID: <v6flab$n028$1@dont-email.me>
References: <v69m0j$3e2id$1@dont-email.me> <v69vjv$3fu1v$1@dont-email.me> <v6cclq$3veiq$1@dont-email.me> <v6cemu$3vkt2$1@dont-email.me> <v6eqj8$f608$1@dont-email.me>
Injection-Date: Mon, 08 Jul 2024 05:10:03 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="649b734433f5eb74ab2c403ed8e138ef";
logging-data="753736"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/Faf9LW4ENHR0R94W98nOe"
User-Agent: tin/2.6.1-20211226 ("Convalmore") (Linux/5.15.139 (x86_64))
Cancel-Lock: sha1:fRYKzig9p3azeWvHrrKlLeKfX9g=
View all headers

Chris M. Thomasson <chris.m.thomasson.1@gmail.com> wrote:
> A compromised secret password is bad. I was just interested if I
> could create different ciphertexts for the same plaintext and
> password, as an experiment. See?

Slightly revisionist history.

IIRC you were worried about having all bits of the plaintext change if
any one bit of the ciphertext was changed by Eve.

Because if all you were worried about was different ciphertexts from
same key and plaintext, that is already available from standard
constructions. Note this short example:

#!/usr/bin/tclsh

package require aes ;# aes encryption module

proc hexdump {value} {
binary scan $value H* hex
return $hex
}

set fd [open /dev/urandom {RDONLY BINARY}]

# IV #1
set iv1 [read $fd 16]

# IV #2
set iv2 [read $fd 16]

# key
set key [read $fd 16]

# plaintext
set pt [read $fd 32]

# ciphertext #1
puts "before creating ciphertext #1"
puts key=[hexdump $key]
puts "pt =[hexdump $pt]"
set ct1 [aes::aes -mode cbc -dir encrypt -key $key -iv $iv1 $pt]

# ciphertext #2 - same plaintext and key
puts "before creating ciphertext #2"
puts key=[hexdump $key]
puts "pt =[hexdump $pt]"
set ct2 [aes::aes -mode cbc -dir encrypt -key $key -iv $iv2 $pt]

# display cipher texts
puts ct1=[hexdump $ct1]
puts ct2=[hexdump $ct2]

This uses AES, and CBC mode. Running the above code (assuming you have
Tcl and Tcllib installed, results in:

before creating ciphertext #1
key=5726ed430f6b2f4ec4c18e68d77385a2
pt =e17752182f07dd0239ce09308b6f4912a043567f0df79fb176baf996d0772e4c
before creating ciphertext #2
key=5726ed430f6b2f4ec4c18e68d77385a2
pt =e17752182f07dd0239ce09308b6f4912a043567f0df79fb176baf996d0772e4c
ct1=ee68def5cb2978215356b585fe87d74a99a7786c08c6559594c82d0102c258b2
ct2=ae0b908dc7049a4608e57cd94249d00850b63ae1d1b9d4416fb8dda692df0da2

Same key, same plaintext, two different ciphertexts.

Subject: Re: HMAC cipher and a TRNG...
From: Chris M. Thomasson
Newsgroups: sci.crypt
Organization: A noiseless patient Spider
Date: Mon, 8 Jul 2024 05:34 UTC
References: 1 2 3 4 5 6
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: chris.m.thomasson.1@gmail.com (Chris M. Thomasson)
Newsgroups: sci.crypt
Subject: Re: HMAC cipher and a TRNG...
Date: Sun, 7 Jul 2024 22:34:06 -0700
Organization: A noiseless patient Spider
Lines: 28
Message-ID: <v6ftof$od4m$1@dont-email.me>
References: <v69m0j$3e2id$1@dont-email.me> <v69vjv$3fu1v$1@dont-email.me>
<v6cclq$3veiq$1@dont-email.me> <v6cemu$3vkt2$1@dont-email.me>
<v6eqj8$f608$1@dont-email.me> <v6flab$n028$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 08 Jul 2024 07:34:07 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="d261bcbd6346c8c1e41bc57b2f9d4cc7";
logging-data="799894"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/baRb1DD8JQkgbZICc/JW7pycVl0y4ZJ8="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:nq1KOzBGFfEV9zSq3pSM04Srf6Y=
In-Reply-To: <v6flab$n028$1@dont-email.me>
Content-Language: en-US
View all headers

On 7/7/2024 8:10 PM, Rich wrote:
> Chris M. Thomasson <chris.m.thomasson.1@gmail.com> wrote:
>> A compromised secret password is bad. I was just interested if I
>> could create different ciphertexts for the same plaintext and
>> password, as an experiment. See?
>
> Slightly revisionist history.
>
> IIRC you were worried about having all bits of the plaintext change if
> any one bit of the ciphertext was changed by Eve.
>
> Because if all you were worried about was different ciphertexts from
> same key and plaintext, that is already available from standard
> constructions. Note this short example:
[...]

> Same key, same plaintext, two different ciphertexts.

Both. I wanted each encryption using the same key and plaintext to
create radically different ciphertexts.

Also, I wanted it to be bit sensitive. If a single bit of ciphertext is
altered it will decrypt to random junk.

My HMAC Cipher experiment does both.

I think those are interesting things.

Subject: Re: HMAC cipher and a TRNG...
From: Chris M. Thomasson
Newsgroups: sci.crypt
Organization: A noiseless patient Spider
Date: Mon, 8 Jul 2024 05:37 UTC
References: 1 2 3 4 5 6 7
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: chris.m.thomasson.1@gmail.com (Chris M. Thomasson)
Newsgroups: sci.crypt
Subject: Re: HMAC cipher and a TRNG...
Date: Sun, 7 Jul 2024 22:37:09 -0700
Organization: A noiseless patient Spider
Lines: 20
Message-ID: <v6ftu6$od4m$2@dont-email.me>
References: <v69m0j$3e2id$1@dont-email.me> <v69vjv$3fu1v$1@dont-email.me>
<v6cclq$3veiq$1@dont-email.me> <v6cemu$3vkt2$1@dont-email.me>
<v6eqj8$f608$1@dont-email.me> <v6flab$n028$1@dont-email.me>
<v6ftof$od4m$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 08 Jul 2024 07:37:10 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="d261bcbd6346c8c1e41bc57b2f9d4cc7";
logging-data="799894"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+28bB8Psrr6PsQSkFmc8T6QbFwPM10c78="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:YYxP3Fq4JAUt5CMsJpGyNIKTKg0=
In-Reply-To: <v6ftof$od4m$1@dont-email.me>
Content-Language: en-US
View all headers

On 7/7/2024 10:34 PM, Chris M. Thomasson wrote:
> On 7/7/2024 8:10 PM, Rich wrote:
>> Chris M. Thomasson <chris.m.thomasson.1@gmail.com> wrote:
[...]
>> Same key, same plaintext, two different ciphertexts.
>
> Both. I wanted each encryption using the same key and plaintext to
> create radically different ciphertexts.
>
> Also, I wanted it to be bit sensitive. If a single bit of ciphertext is
> altered it will decrypt to random junk.
>
> My HMAC Cipher experiment does both.
>
> I think those are interesting things.

You can play around with this on my site. Try altering the ciphertext in
anyway, and hit decrypt. The plaintext will be random garbage. It would
help if my site used a real TRNG, but oh well for now.

Subject: Re: HMAC cipher and a TRNG...
From: Chris M. Thomasson
Newsgroups: sci.crypt
Organization: A noiseless patient Spider
Date: Mon, 8 Jul 2024 05:41 UTC
References: 1 2 3 4 5 6 7 8
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: chris.m.thomasson.1@gmail.com (Chris M. Thomasson)
Newsgroups: sci.crypt
Subject: Re: HMAC cipher and a TRNG...
Date: Sun, 7 Jul 2024 22:41:15 -0700
Organization: A noiseless patient Spider
Lines: 31
Message-ID: <v6fu5s$od4m$3@dont-email.me>
References: <v69m0j$3e2id$1@dont-email.me> <v69vjv$3fu1v$1@dont-email.me>
<v6cclq$3veiq$1@dont-email.me> <v6cemu$3vkt2$1@dont-email.me>
<v6eqj8$f608$1@dont-email.me> <v6flab$n028$1@dont-email.me>
<v6ftof$od4m$1@dont-email.me> <v6ftu6$od4m$2@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 08 Jul 2024 07:41:17 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="d261bcbd6346c8c1e41bc57b2f9d4cc7";
logging-data="799894"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/hxGiBfhWqjYUVVA7/S1YwOV6nr8DZXd4="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:AwlxVd4RW4z4J/do66pNSrZJYws=
In-Reply-To: <v6ftu6$od4m$2@dont-email.me>
Content-Language: en-US
View all headers

On 7/7/2024 10:37 PM, Chris M. Thomasson wrote:
> On 7/7/2024 10:34 PM, Chris M. Thomasson wrote:
>> On 7/7/2024 8:10 PM, Rich wrote:
>>> Chris M. Thomasson <chris.m.thomasson.1@gmail.com> wrote:
> [...]
>>> Same key, same plaintext, two different ciphertexts.
>>
>> Both. I wanted each encryption using the same key and plaintext to
>> create radically different ciphertexts.
>>
>> Also, I wanted it to be bit sensitive. If a single bit of ciphertext
>> is altered it will decrypt to random junk.
>>
>> My HMAC Cipher experiment does both.
>>
>> I think those are interesting things.
>
> You can play around with this on my site. Try altering the ciphertext in
> anyway, and hit decrypt. The plaintext will be random garbage. It would
> help if my site used a real TRNG, but oh well for now.
>

Right now it's using hexbytes for ciphertext for the online version, my
parser could be better. Anyway, here is a version of it in C that you
can play around with:

https://groups.google.com/g/comp.lang.c/c/a53VxN8cwkY/m/XKl1-0a8DAAJ

Subject: Re: HMAC cipher and a TRNG...
From: Chris M. Thomasson
Newsgroups: sci.crypt
Organization: A noiseless patient Spider
Date: Tue, 9 Jul 2024 06:40 UTC
References: 1
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: chris.m.thomasson.1@gmail.com (Chris M. Thomasson)
Newsgroups: sci.crypt
Subject: Re: HMAC cipher and a TRNG...
Date: Mon, 8 Jul 2024 23:40:48 -0700
Organization: A noiseless patient Spider
Lines: 8
Message-ID: <v6im1h$19cv8$3@dont-email.me>
References: <v69m0j$3e2id$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Tue, 09 Jul 2024 08:40:50 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="ce358e0d0d9664a700ff455d87f9b3cd";
logging-data="1356776"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/eHCbUCbEbe/QfwHAaW2MXHeOAzHY/xxI="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:bmieP/mOWyYXqhxTABD9GjEpMik=
Content-Language: en-US
In-Reply-To: <v69m0j$3e2id$1@dont-email.me>
View all headers

On 7/5/2024 1:45 PM, Chris M. Thomasson wrote:
> If anybody ever chooses to play around with my HMAC cipher, be sure to
>[...]
If you don't like my hmac cipher, you might like this:

https://paulbourke.org/fractals/multijulia

:^)

Subject: Re: HMAC cipher and a TRNG...
From: Chris M. Thomasson
Newsgroups: sci.crypt
Organization: A noiseless patient Spider
Date: Wed, 24 Jul 2024 23:44 UTC
References: 1 2 3 4 5 6 7 8 9
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: chris.m.thomasson.1@gmail.com (Chris M. Thomasson)
Newsgroups: sci.crypt
Subject: Re: HMAC cipher and a TRNG...
Date: Wed, 24 Jul 2024 16:44:39 -0700
Organization: A noiseless patient Spider
Lines: 32
Message-ID: <v7s3l7$1uq6p$2@dont-email.me>
References: <v69m0j$3e2id$1@dont-email.me> <v69vjv$3fu1v$1@dont-email.me>
<v6cclq$3veiq$1@dont-email.me> <v6cemu$3vkt2$1@dont-email.me>
<v6eqj8$f608$1@dont-email.me> <v6flab$n028$1@dont-email.me>
<v6ftof$od4m$1@dont-email.me> <v6ftu6$od4m$2@dont-email.me>
<v6fu5s$od4m$3@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Thu, 25 Jul 2024 01:44:40 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="3a3d42b0da11387c2e7b664ec6f3325e";
logging-data="2058457"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18u5flmm8ONWmJrl1KF8tCLja+qgZiiSvM="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:1Ny9vQ9566oO1tmFOM4xeGA66/M=
In-Reply-To: <v6fu5s$od4m$3@dont-email.me>
Content-Language: en-US
View all headers

On 7/7/2024 10:41 PM, Chris M. Thomasson wrote:
> On 7/7/2024 10:37 PM, Chris M. Thomasson wrote:
>> On 7/7/2024 10:34 PM, Chris M. Thomasson wrote:
>>> On 7/7/2024 8:10 PM, Rich wrote:
>>>> Chris M. Thomasson <chris.m.thomasson.1@gmail.com> wrote:
>> [...]
>>>> Same key, same plaintext, two different ciphertexts.
>>>
>>> Both. I wanted each encryption using the same key and plaintext to
>>> create radically different ciphertexts.
>>>
>>> Also, I wanted it to be bit sensitive. If a single bit of ciphertext
>>> is altered it will decrypt to random junk.
>>>
>>> My HMAC Cipher experiment does both.
>>>
>>> I think those are interesting things.
>>
>> You can play around with this on my site. Try altering the ciphertext
>> in anyway, and hit decrypt. The plaintext will be random garbage. It
>> would help if my site used a real TRNG, but oh well for now.
>>
>
> Right now it's using hexbytes for ciphertext for the online version, my
> parser could be better. Anyway, here is a version of it in C that you
> can play around with:
>
> https://groups.google.com/g/comp.lang.c/c/a53VxN8cwkY/m/XKl1-0a8DAAJ

Just wondering if you found some time to compile my work in C99. If so,
did you give it a go? run it? Then you can perform your personal tests
against it. Have fun!

1

rocksolid light 0.9.8
clearnet tor