Article <v4vcm5$24hrj$2@dont-email.me>

Deutsch English Français Italiano
<v4vcm5$24hrj$2@dont-email.me>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Rich <rich@example.invalid>
Newsgroups: sci.crypt
Subject: Re: Memorizing a 128 bit / 256 bit hex key
Date: Wed, 19 Jun 2024 19:48:21 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 40
Message-ID: <v4vcm5$24hrj$2@dont-email.me>
References: <v4s3ld$bu48$1@i2pn2.org> <v4vb9v$2478p$1@dont-email.me> <v4vbth$fvtf$1@i2pn2.org>
Injection-Date: Wed, 19 Jun 2024 21:48:21 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="30a8cfe1c385c01859adef0a92bea9ae";
	logging-data="2246515"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX189L049UtXmepoKaI9wqrdo"
User-Agent: tin/2.6.1-20211226 ("Convalmore") (Linux/5.15.139 (x86_64))
Cancel-Lock: sha1:pQfBey37raCrxY/SHbmeqowJ4rw=
Bytes: 3137

Stefan Claas <pollux@tilde.club> wrote:
> Chris M. Thomasson wrote:
>> Generate a hex key from a password? It seems like my site can do it:
>> 
>> http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=2bf63f8ee90dfed997b115aa711600c45a8212a1e35f4f75ccfa36ee459b3fedd8b5f477ebb8871dd94025e7731f39cf7650f864fd6d5ce6908bb2609f96e81a413ccf40b33380a569155cb79612def387c76dd1ae436bcb4fb8c9b959be255708d020d559e07492ba24aae3705ba700a5d9c857418a0050d9ad5935efbfc36b895329cabeacbc7cefdee04834b4d392e50501c55587361bd6ca7337083fcd16ddf95d50072ea61cf2aaeb45d4d676abf93d39ad0a386399d55f2d0dba6be91521068f1120573e96aa1d81362e62f91bf88f63fe159175c13a1abec4184aae1cadfe2e18be27cac0fbefbae0c57cec531bc71e8a86d0f15a727e98bafe0239c5fd06a250e7f6
>> 
>> It encrypts a key using the default password.  The key is generated 
>> using the same program.  This example basically generates a key 
>> using the default password, then encrypts said key using a different 
>> password.
>> 
>> Everybody can decrypt the generated key because the ciphertext in 
>> the link uses the default password:
>> 
>> https://i.ibb.co/BybrYDw/image.png
>> 
>> The plaintext is:
>> 
>> A key:
>> 
>> f65952b125ba6860e21aef9c55e69e0612b153e5fd2599ac00b67945f9bec7563d5edf8bf9fa0db27aeb78b0c8f40f0a6a69b2cd720d59ecc73a01c1ccad0933cfe9e014dda35db6eaba760c9dbdff0f4ad24c5b702baab8e225189179b8bd
> 
> Your site says it does key generation from 64 random bytes.  How do 
> you remember the key when traveling, with no device?

> Or how can you trust your site, when your are on annual leave, out of 
> your country, and some bad boy customized your site?

A valid question -- and one that *also* applies to your argon2id on 
github.  How can you be sure that some cracker did not change the 
argon2id present there while you are away on holiday.

Or, how can you trust that a github/microsoft insider with admin level
access did not swap out your good argon2id with a malicious argon2id.

Or that a three letter agency, having taken interest in you for some 
reason, has not gotten a secret court order to swap the argon2id with a 
cracked one, and included a court ordered gag to prevent 
github/microsoft from informing you of the swap?