this post was submitted on 30 Dec 2025
3 points (80.0% liked)
Secure Coms
87 readers
2 users here now
This is a community for enthusiest who love to ponder new ways for Alice to communicate with Bob in a world where global passive adversarys probably record every bit that ever crosses the wire.
Discuss cryptography, secure key exchange, private messangers, radios, encoding, networking tools, authentication mechanisms and anything relevant to coming up for ways to Alice to get a message to Bob.
founded 3 months ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
My point is that your approach is awful. It's like you completely fumbled into your idea, and you're trying to sell it as superior to rigorously constructed cryptosystems ( nearly all exploits are due to developer incompetence not cryptographers).
"They are all grammatically valid"- yeah you have no idea what I just said. I was talking about constructing a probability matrix from a language, if you restrict the entries to grammatically valid pairs/tuples it reduces the size and is therefore easier to compute. Whether or not your ciphertext is grammatically valid English has zero effect on its strength.
The reason why you might want to take the approach I described is that you can make precise claims about the dataset and final result. Rather than saying "umm ... Chatgpt said so..".
Regardless, this has nothing to do with cryptographic security. It's just an immediate red flag when developers miss obvious solutions.
I'm not selling anything though...it's completely free? What are you talking about.
You realize it's just a database file that you can look at right? You dont think I've looked at the database?
It's a modern implementation of a ancient form of secure communication that has been used for 1000's of years supercharged by a computer. Not sure why you are so triggered. It does exactly what I'm claiming it does.
Again you have no idea what I'm talking about. I'm not a cryptographer, but I've done a bit of computational number theory (a strongly related field), I speak from that field.
I'm describing how you make rigorous provable claims, rather than "it's an ancient technique supercharged by a computer"- which quite frankly makes you sound like a child.
"It's just a database file"- You realize the contents of the database don't matter? The security comes from the mapping. The database contents could be pure nonsense symbols (in fact it should be, one of the criteria of modern cryptosystems is indistinguishability from random data, because it defeats pattern-based attacks.) I was simply pointing out that your approach was very amateurish since those databases have already existed for 30+ years.
"Not selling anything"
"Selling" is a common synonym for "convincing" or "advertising". Saying "I sold him on that"- means you convinced someone.
I'm going to let this discourse die because it seems like you don't understand what I'm saying.
I do want to reply because I think my claims are reasonable.
The only actual cryptographic function for the schema is the secrets.randbelow(). Scrutinize this function if you don't think it can achieve what I am claiming it can.
The randomize function takes each ID and assigns it a new integer. This is taking entropy at the OS level. There are no seed values used here. It's never going to repeat in a billion years. Because there are 2million+ entries, the amount of possibilities are essentially limitless. You could stack 1 petabyte drives across our entire universe and still would not be able to capture every possible state.
This function is highly documented and (as far as I know) is the one of the best available CSPRNG you can actually utilize on a device.
Here is an example of the raw shuffle map that is generated.
Before the shuffle map is loaded, if you query your word, your going to get the raw unshuffled associated message ID.
Once a shuffle map is generated and loaded into the program the query is simply looking for the new CSPRNG assigned integer.
The shuffle map can now be considered the key. Because this is a pure lookup table, there is no algorithm to attack aside from guessing how my exact device generated the shuffle map in it's exact moment of existence....that's where the strength of this schema lies.
Thanks for the discourse I've enjoyed the pushback despite we can't agree.
Edit*
Take a look at the new pack62 compression though!