Path: nntp.eternal-september.org!news.eternal-september.org!eternal-september.org!feeder3.eternal-september.org!i2pn.org!i2pn2.org!.POSTED!not-for-mail
From: Stefan Claas <stefan@mailchuck.com>
Newsgroups: sci.crypt
Subject: Re: AI's take on my cipher...
Date: Sun, 13 Jul 2025 09:09:40 +0200
Organization: i2pn2 (i2pn.org)
Message-ID: <c0a45f0f3e0abec6e1ad66b69f3e1fd0c0030265@i2pn2.org>
References: <1049c0q$10d0c$1@dont-email.me> <104hho4$34e4t$3@dont-email.me> <51f3d09a4bd7363784d3b51bf79bfd1677230f12@i2pn2.org> <104hp5s$363bm$1@dont-email.me> <e80d25a08cb77a726c77b8359c59833f871cfa1e@i2pn2.org> <104mgv5$cvfq$1@dont-email.me> <047c88f47daa342fbbf7aee669a3deb8896ce6af@i2pn2.org> <104mj60$dltj$1@dont-email.me> <4b6e233e7c3fb669fa324151f627c4addbfc9f70@i2pn2.org> <104r7eo$1i08p$1@dont-email.me> <95a6f265f6bdddcd037a7e48cf5258e77cec9b15@i2pn2.org> <104uecv$2ak1k$1@dont-email.me> <8e54a93978459bb7baa6896adc62508b9deb7d78@i2pn2.org> <104uqme$2cu71$1@dont-email.me>
MIME-Version: 1.0
Injection-Date: Sun, 13 Jul 2025 07:09:40 -0000 (UTC)
Injection-Info: i2pn2.org;
	logging-data="400938"; mail-complaints-to="usenet@i2pn2.org";
	posting-account="ieSrCjSDShpZNyqIW52mlwIkg76Hsp+TOOO6KTdfCN8";
User-Agent: flnews/1.3.0pre31 (for GNU/Linux)
Cancel-Lock: sha1:claCknGtrc7K4d68dzmZCcaS5Tc=
X-Date: It's Sun Sep 11639 09:09:40 AM CEST 1993, the September that never ends.
X-Spam-Checker-Version: SpamAssassin 4.0.0
X-Ed25519-Pub: c0ffee5a36e581eb10f60b2831b3cdb955d2e7ef680dd282a8d43ad8b84b357a
X-Ed25519-Sig: 3042efaa2a0cd301c990eaf577c9afe41d95f40d365b0f88d74a93e1c92778d3
 88779deeb48adf6f87fbc6841f33bda2bfbd3940e2b76155803ba16947edff05

Chris M. Thomasson wrote:
> On 7/12/2025 12:59 PM, Stefan Claas wrote:
> > Rich wrote:

> > > You are not fighting "encryption" here, you are fighting the fact that
> > > few care enough and are motivated to learn.  And that battle will not
> > > be won by better cryptography, nor by better user interfaces.  The only
> > > way those folks will use "secure means" is if the secure means happens
> > > all automatically, by default, without their knowledge, for them.
> > 
> > And you know very well that this will not happen, because companies are
> > not willing to defeat this known issue and only offline encryption and
> > decryption is the way to go, for secure communications.
> 
> Think of an offline encrypt with say, my symmetric HMAC cipher thing.
> You save the ciphertext to a usb drive. Oh shit, say the offline
> computer is infected with a virus, and the USB is now highly suspect.
> Sigh... Alice gives the USB to Bob, key/viral exchange, say a new key is
> encrypted in the ciphertext... ;^). Bob just infected his computer with
> the virus before decrypt even occurs. Now, if this is all offline, then
> the virus should not be able to use the net to infect. However, it might
> have a keylogger and alter your encrypted messages right after you click
> encrypt or something? So, you think you encrypt the message attack at
> dawn. The keylogger changes dawn to dusk -before- it gets passed into
> the cipher to do its thing, so to speak...
> 
> So, offline encrypting Alice and Bob would need to be _sure_ that their
> devices are _secure_, aka, no malware, ect... and for this aspect, no
> internet access, wifi, bluetooth, ect, signals,... Its in a, say a
> fractal cloak, so to speak. Check this out: fractenna.com. They have
> them.

You see, this topic is always left out by security experts, when discussing
encryption.

For an initial set-up of an offline device it can be used once online and
to install the required programs. Later you send/receive files with a 3,5
inch drive and disks. Their are so loud that you can here read/write access
and only have 1.4 MB storage capacity which you can easily inspect with
a disk monitor.

But you must hurry to get disks and a drive at Amazon, because when
stocks run out, I am not sure if they are re-filling.

Regards
Stefan