An interesting effect of my HMAC cipher... Take notice of the following
sha-256 hash that is used for my default key:
9478b59e54aaf70459fdd2ca747ff5e2a1089f09672bb8eaad741072481b9c3f
Okay... Take notice of the following three ciphertexts all encrypting
the plaintext, between the quotes, "Plaintext". It happens to be using
the default plaintext, anyway:
http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=8ae22f48161a8a0d090a486d0533f752ad10d81cc3b690dfc9fff13d48531331041c229cdb582e593d532a8ce3bda71287fb6d869a86b81144fe29ff9a5845700968dd3484f1426207
http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=36182e81241e19d6ad950bd38b2f95656ebaf7e719fbe08dc6a8836f0a6fe853d8d13fafb4f879d5b110f9545c06d92250fb101e0f1b06097580c885e642e5b6e6968d42c22f0ad8bc
http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=9cc85b3da042aebef4af5f18bd8e732b74ad0661aa3d50bfcb857983edc69e485e345f004107cc99eb025ac9308bcb45e6939aa44e6f1af00ac9d6b1d69e892e47a9f809bae398d3a7
Notice how all of the ciphertexts are all different. Okay, fine...
Now, keep in mind that the first hash is always:
9478b59e54aaf70459fdd2ca747ff5e2a1089f09672bb8eaad741072481b9c3f
YIKES! I think this is a security risk in my system... Working with the
Salsa20 core with Leo made me think of it again. I noticed it a while
back, but never really took a deep hold on it.
Even if the ciphertexts are different, if Eve can get at that initial
hash, say:
__________________________
Encrypting 73 bytes...
Round 0...
[0]:9478b59e54aaf70459fdd2ca747ff5e2a1089f09672bb8eaad741072481b9c3f
[1]:9091257e3d5baf663ea9cf9b65c8882fe5330f6992b25bdae88039bd343e37f6
[2]:609299d84aaec305111f0074e54b7718df62507bcf8a3f1750789bf804d7c395
Round 1...
[0]:9478b59e54aaf70459fdd2ca747ff5e2a1089f09672bb8eaad741072481b9c3f
[1]:17ad5c68eff7846ad36cb9579662279ce133e2f59f01825fa598887ac39b929e
[2]:72ddc6345bc6bbc6ecc11df17f54ce99a67df0c7fc191b520145eb1b3c525405
__________________________
I think she can decrypt all messages encrypted with the default secret
key. So, I am thinking about adding in a public aspect. Say a nonce. I
can put on a little spice, so to speak... Say, send a nonce in the
clear, and just concat it to the password, for starters. The default
password is "Password". So, let me manually try "Password_0",
"Password_1", "Password_n", and so on.
Here is a ciphertext using "Password_0":
http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=d8bc09ab2905a9e41c7260eab4f882e16bdf47d624a09451a7243e38b44ae814ee5d071f78d66c5506f61508c371aca61085c9b01fd0713fe676fae37da783f1ee2d0449b575630d58
Ahhh! The initial digest is different at:
ebbd54b84e43c89e3b68ffb7898b4232b9e9ef1dfb783c53d6ea508f7d4794d9
Let me try, "Password_1":
http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=3d9c265775f5d5a0c5ea0b09602359fd99a48f3f8f76b7be5296f34fe4238b365f675d88611757ffdcf118fa5935f864fe64c2d9170bbc5dc40f7ce468bf6542cd8141543420aba0fb
d7e60189854db218f135fca340269759d480de1f11dfcb8169298ee851bba6fb
Going for: "Password_2":
http://fractallife247.com/test/hmac_cipher/ver_0_0_0_1?ct_hmac_cipher=94c783cca4d35994ce9980d29d74e6a82294d89fe764bbe78b1e6791c3245a10bd676c470289a02f658a413b40444f131a3e4d3426f514f9a1279b2175f34adfd50f56a59372ae06fc
Initial hash at:
7f05b30a302d8b504af50ddaa79482efa2bd9ad366d9ef7c134873280f692b36
Now, just augmenting the Password with a nonce... Password_n, gives
different initial hashes.
I think I should do this with the next version of my online hmac example.
;^o
Any thoughts? Thanks everybody.