possible security risk wrt my HMAC cipher...
19 views
Skip to first unread message
Chris M. Thomasson
Nov 20, 2021, 7:22:05 PM11/20/21
to
An interesting effect of my HMAC cipher... Take notice of the following
sha-256 hash that is used for my default key:
9478b59e54aaf70459fdd2ca747ff5e2a1089f09672bb8eaad741072481b9c3f
Okay... Take notice of the following three ciphertexts all encrypting
the plaintext, between the quotes, "Plaintext". It happens to be using
the default plaintext, anyway:
http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=8ae22f48161a8a0d090a486d0533f752ad10d81cc3b690dfc9fff13d48531331041c229cdb582e593d532a8ce3bda71287fb6d869a86b81144fe29ff9a5845700968dd3484f1426207
http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=36182e81241e19d6ad950bd38b2f95656ebaf7e719fbe08dc6a8836f0a6fe853d8d13fafb4f879d5b110f9545c06d92250fb101e0f1b06097580c885e642e5b6e6968d42c22f0ad8bc
http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=9cc85b3da042aebef4af5f18bd8e732b74ad0661aa3d50bfcb857983edc69e485e345f004107cc99eb025ac9308bcb45e6939aa44e6f1af00ac9d6b1d69e892e47a9f809bae398d3a7
Notice how all of the ciphertexts are all different. Okay, fine...
Now, keep in mind that the first hash is always:
9478b59e54aaf70459fdd2ca747ff5e2a1089f09672bb8eaad741072481b9c3f
YIKES! I think this is a security risk in my system... Working with the
Salsa20 core with Leo made me think of it again. I noticed it a while
back, but never really took a deep hold on it.
Even if the ciphertexts are different, if Eve can get at that initial
hash, say:
__________________________
Encrypting 73 bytes...
Round 0...
[0]:9478b59e54aaf70459fdd2ca747ff5e2a1089f09672bb8eaad741072481b9c3f
[1]:9091257e3d5baf663ea9cf9b65c8882fe5330f6992b25bdae88039bd343e37f6
[2]:609299d84aaec305111f0074e54b7718df62507bcf8a3f1750789bf804d7c395
Round 1...
[0]:9478b59e54aaf70459fdd2ca747ff5e2a1089f09672bb8eaad741072481b9c3f
[1]:17ad5c68eff7846ad36cb9579662279ce133e2f59f01825fa598887ac39b929e
[2]:72ddc6345bc6bbc6ecc11df17f54ce99a67df0c7fc191b520145eb1b3c525405
__________________________
I think she can decrypt all messages encrypted with the default secret
key. So, I am thinking about adding in a public aspect. Say a nonce. I
can put on a little spice, so to speak... Say, send a nonce in the
clear, and just concat it to the password, for starters. The default
password is "Password". So, let me manually try "Password_0",
"Password_1", "Password_n", and so on.
Here is a ciphertext using "Password_0":
http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=d8bc09ab2905a9e41c7260eab4f882e16bdf47d624a09451a7243e38b44ae814ee5d071f78d66c5506f61508c371aca61085c9b01fd0713fe676fae37da783f1ee2d0449b575630d58
Ahhh! The initial digest is different at:
ebbd54b84e43c89e3b68ffb7898b4232b9e9ef1dfb783c53d6ea508f7d4794d9
Let me try, "Password_1":
http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=3d9c265775f5d5a0c5ea0b09602359fd99a48f3f8f76b7be5296f34fe4238b365f675d88611757ffdcf118fa5935f864fe64c2d9170bbc5dc40f7ce468bf6542cd8141543420aba0fb
d7e60189854db218f135fca340269759d480de1f11dfcb8169298ee851bba6fb
Going for: "Password_2":
http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=94c783cca4d35994ce9980d29d74e6a82294d89fe764bbe78b1e6791c3245a10bd676c470289a02f658a413b40444f131a3e4d3426f514f9a1279b2175f34adfd50f56a59372ae06fc
Initial hash at:
7f05b30a302d8b504af50ddaa79482efa2bd9ad366d9ef7c134873280f692b36
Now, just augmenting the Password with a nonce... Password_n, gives
different initial hashes.
I think I should do this with the next version of my online hmac example.
;^o
Any thoughts? Thanks everybody.
sha-256 hash that is used for my default key:
9478b59e54aaf70459fdd2ca747ff5e2a1089f09672bb8eaad741072481b9c3f
Okay... Take notice of the following three ciphertexts all encrypting
the plaintext, between the quotes, "Plaintext". It happens to be using
the default plaintext, anyway:
http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=8ae22f48161a8a0d090a486d0533f752ad10d81cc3b690dfc9fff13d48531331041c229cdb582e593d532a8ce3bda71287fb6d869a86b81144fe29ff9a5845700968dd3484f1426207
http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=36182e81241e19d6ad950bd38b2f95656ebaf7e719fbe08dc6a8836f0a6fe853d8d13fafb4f879d5b110f9545c06d92250fb101e0f1b06097580c885e642e5b6e6968d42c22f0ad8bc
http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=9cc85b3da042aebef4af5f18bd8e732b74ad0661aa3d50bfcb857983edc69e485e345f004107cc99eb025ac9308bcb45e6939aa44e6f1af00ac9d6b1d69e892e47a9f809bae398d3a7
Notice how all of the ciphertexts are all different. Okay, fine...
Now, keep in mind that the first hash is always:
9478b59e54aaf70459fdd2ca747ff5e2a1089f09672bb8eaad741072481b9c3f
YIKES! I think this is a security risk in my system... Working with the
Salsa20 core with Leo made me think of it again. I noticed it a while
back, but never really took a deep hold on it.
Even if the ciphertexts are different, if Eve can get at that initial
hash, say:
__________________________
Encrypting 73 bytes...
Round 0...
[0]:9478b59e54aaf70459fdd2ca747ff5e2a1089f09672bb8eaad741072481b9c3f
[1]:9091257e3d5baf663ea9cf9b65c8882fe5330f6992b25bdae88039bd343e37f6
[2]:609299d84aaec305111f0074e54b7718df62507bcf8a3f1750789bf804d7c395
Round 1...
[0]:9478b59e54aaf70459fdd2ca747ff5e2a1089f09672bb8eaad741072481b9c3f
[1]:17ad5c68eff7846ad36cb9579662279ce133e2f59f01825fa598887ac39b929e
[2]:72ddc6345bc6bbc6ecc11df17f54ce99a67df0c7fc191b520145eb1b3c525405
__________________________
I think she can decrypt all messages encrypted with the default secret
key. So, I am thinking about adding in a public aspect. Say a nonce. I
can put on a little spice, so to speak... Say, send a nonce in the
clear, and just concat it to the password, for starters. The default
password is "Password". So, let me manually try "Password_0",
"Password_1", "Password_n", and so on.
Here is a ciphertext using "Password_0":
http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=d8bc09ab2905a9e41c7260eab4f882e16bdf47d624a09451a7243e38b44ae814ee5d071f78d66c5506f61508c371aca61085c9b01fd0713fe676fae37da783f1ee2d0449b575630d58
Ahhh! The initial digest is different at:
ebbd54b84e43c89e3b68ffb7898b4232b9e9ef1dfb783c53d6ea508f7d4794d9
Let me try, "Password_1":
http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=3d9c265775f5d5a0c5ea0b09602359fd99a48f3f8f76b7be5296f34fe4238b365f675d88611757ffdcf118fa5935f864fe64c2d9170bbc5dc40f7ce468bf6542cd8141543420aba0fb
d7e60189854db218f135fca340269759d480de1f11dfcb8169298ee851bba6fb
Going for: "Password_2":
http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=94c783cca4d35994ce9980d29d74e6a82294d89fe764bbe78b1e6791c3245a10bd676c470289a02f658a413b40444f131a3e4d3426f514f9a1279b2175f34adfd50f56a59372ae06fc
Initial hash at:
7f05b30a302d8b504af50ddaa79482efa2bd9ad366d9ef7c134873280f692b36
Now, just augmenting the Password with a nonce... Password_n, gives
different initial hashes.
I think I should do this with the next version of my online hmac example.
;^o
Any thoughts? Thanks everybody.
Rich
Nov 20, 2021, 10:00:48 PM11/20/21
to
Chris M. Thomasson <chris.m.t...@gmail.com> wrote:
> An interesting effect of my HMAC cipher... Take notice of the following
> sha-256 hash that is used for my default key:
>
> 9478b59e54aaf70459fdd2ca747ff5e2a1089f09672bb8eaad741072481b9c3f
>
> An interesting effect of my HMAC cipher... Take notice of the following
> sha-256 hash that is used for my default key:
>
> 9478b59e54aaf70459fdd2ca747ff5e2a1089f09672bb8eaad741072481b9c3f
>
> ...
> Now, keep in mind that the first hash is always:
>
> 9478b59e54aaf70459fdd2ca747ff5e2a1089f09672bb8eaad741072481b9c3f
>
> YIKES! I think this is a security risk in my system...
>
> ...
> Now, keep in mind that the first hash is always:
>
> 9478b59e54aaf70459fdd2ca747ff5e2a1089f09672bb8eaad741072481b9c3f
>
> YIKES! I think this is a security risk in my system...
>
> I think she can decrypt all messages encrypted with the default secret
> key. So, I am thinking about adding in a public aspect. Say a nonce.
nonce....
Chris M. Thomasson
Nov 26, 2021, 1:17:32 AM11/26/21
to
Leo
Nov 27, 2021, 9:56:29 AM11/27/21
to
64-byte MAC with each message. Those lengths are very overkill, but
sending short text messages isn't very demanding so it doesn't hurt the
performance in practice.
Speaking of MACs, does your HMAC cipher need one Chris? Is it possible to
alter message bits from the ciphertext and have a predictable effect on
the decrypted plaintext?
--
Leo
Chris M. Thomasson
Nov 27, 2021, 7:02:21 PM11/27/21
to
plaintext, random garbage. Changing a single bit of plaintext creates a
_radically_ different ciphertext. It might not hurt to have a HMAC
digest sent in the clear so Bob can be sure that the ciphertext was not
altered. However, when you get some free time to burn, try it out for
yourself with your python impl. Change one bit of ciphertext, and take a
look at the plaintext. My cipher is really good in this respect. It has
total ciphertext/plaintext sensitivity. Really good.
My only concern is that if Eve can somehow get the initial digest, she
can decrypt messages from that key. So, the default key on the site
generates the following initial digest:
9478b59e54aaf70459fdd2ca747ff5e2a1089f09672bb8eaad741072481b9c3f
If Eve can brute force it, well, that would be bad.
Btw, using sha512 on the site generates the following initial digest wrt
the default key:
bdc9a47c394fe2056cf9134505f66500cdf25a5b4f54876e5f8301d5f72c43552493c937b0f5a9b54ef841b66e4b6793de557a8fc062d6085b3eb3b1f975c97f
I have some ideas that can make this much harder for Eve to brute force
the initial digest.
Chris M. Thomasson
Nov 29, 2021, 4:47:42 PM11/29/21
to
On 11/27/2021 6:56 AM, Leo wrote:
> On Sun, 21 Nov 2021 03:00:41 +0000, Rich wrote:
>
>> Chris M. Thomasson <chris.m.t...@gmail.com> wrote:
>>> An interesting effect of my HMAC cipher... Take notice of the following
>>> sha-256 hash that is used for my default key:
>>>
>>> 9478b59e54aaf70459fdd2ca747ff5e2a1089f09672bb8eaad741072481b9c3f
>>>
>>> ...
>>
>>> Now, keep in mind that the first hash is always:
>>>
>>> 9478b59e54aaf70459fdd2ca747ff5e2a1089f09672bb8eaad741072481b9c3f
>>>
>>> YIKES! I think this is a security risk in my system...
>>>
>>> ...
>>
>>> I think she can decrypt all messages encrypted with the default secret
>>> key. So, I am thinking about adding in a public aspect. Say a nonce.
[...]
>
>> Chris M. Thomasson <chris.m.t...@gmail.com> wrote:
>>> An interesting effect of my HMAC cipher... Take notice of the following
>>> sha-256 hash that is used for my default key:
>>>
>>> 9478b59e54aaf70459fdd2ca747ff5e2a1089f09672bb8eaad741072481b9c3f
>>>
>>> ...
>>
>>> Now, keep in mind that the first hash is always:
>>>
>>> 9478b59e54aaf70459fdd2ca747ff5e2a1089f09672bb8eaad741072481b9c3f
>>>
>>> YIKES! I think this is a security risk in my system...
>>>
>>> ...
>>
>>> I think she can decrypt all messages encrypted with the default secret
>>> key. So, I am thinking about adding in a public aspect. Say a nonce.
Humm... The thing is if Eve was able to obtain the secret key, through
brute force, or using other clever means. Eve has found a secret key. In
my case, finding the initial digest is basically akin to finding the
secret key. The whole key is boiled down into a HMAC digest.
Is using a default digest size of 32 bytes enough? I can see how to use
multiple initial digests to increase the size of the key...
Reply all
Reply to author
Forward
0 new messages