Sujet : Re: AI's take on my cipher...
De : chris.m.thomasson.1 (at) *nospam* gmail.com (Chris M. Thomasson)
Groupes : sci.cryptDate : 13. Jul 2025, 00:21:49
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <104uqme$2cu71$1@dont-email.me>
References : 1 2 3 4 5 6 7 8 9 10 11 12 13
User-Agent : Mozilla Thunderbird
On 7/12/2025 12:59 PM, Stefan Claas wrote:
Rich wrote:
Stefan Claas <stefan@mailchuck.com> wrote:
Richard Heathfield wrote:
On 10/07/2025 18:19, Stefan Claas wrote:
Chris M. Thomasson wrote:
On 7/9/2025 12:53 PM, Stefan Claas wrote:
>
How does it work if A encrypts on local host and B should
decrypt on his local host, with that given link from A
>
Wrt the online version:
>
A needs to send/give B the ciphertext somehow, email, snail
mail, somehow, hand signals, ect... ;^) Then B, assuming that A
and B have the same secret key, can use said ciphertext to
decrypt it. So, if you notice the online program has a
ciphertext only, without a link prefix. Say this example: I am
encrypting the message on my local host using the default key:
>
But how, for example, would you give me the secret key, from the
USA to Germany, without meeting in person?
>
Diffie-Hellman can establish a secret key in public. Then
authenticate over an encrypted channel.
>
I know, but how do you protect the key on your online device against
Pegasus or FinSpy? For proper encryption two parties have to do it
offline, but GnuPG users could never learn it, because it was never
explained to them.
>
Nor will anyone else who falls into the "average computer user
category" and thinks the "I have nothing to hide" excuse is valid.
>
You are not fighting "encryption" here, you are fighting the fact that
few care enough and are motivated to learn. And that battle will not
be won by better cryptography, nor by better user interfaces. The only
way those folks will use "secure means" is if the secure means happens
all automatically, by default, without their knowledge, for them.
And you know very well that this will not happen, because companies are
not willing to defeat this known issue and only offline encryption and
decryption is the way to go, for secure communications.
Think of an offline encrypt with say, my symmetric HMAC cipher thing. You save the ciphertext to a usb drive. Oh shit, say the offline computer is infected with a virus, and the USB is now highly suspect. Sigh... Alice gives the USB to Bob, key/viral exchange, say a new key is encrypted in the ciphertext... ;^). Bob just infected his computer with the virus before decrypt even occurs. Now, if this is all offline, then the virus should not be able to use the net to infect. However, it might have a keylogger and alter your encrypted messages right after you click encrypt or something? So, you think you encrypt the message attack at dawn. The keylogger changes dawn to dusk -before- it gets passed into the cipher to do its thing, so to speak...
So, offline encrypting Alice and Bob would need to be _sure_ that their devices are _secure_, aka, no malware, ect... and for this aspect, no internet access, wifi, bluetooth, ect, signals,... Its in a, say a fractal cloak, so to speak. Check this out: fractenna.com. They have them.
https://youtu.be/_JpMJTJXf28Make any sense to you?
AI's take on my cipher...
Re: AI's take on my cipher...