hammad93 / time_crypt

A cryptographic function that enables decryption based on units of time or a deadline.
Creative Commons Zero v1.0 Universal
1 stars 0 forks source link

Testing #1

Open hammad93 opened 2 years ago

hammad93 commented 2 years ago

Something similar to this is being used for testing, image

This one has max 8 digits for password

hammad93 commented 1 year ago

The initial functionality works and we will test it out soon, maybe tonight.

hammad93 commented 1 year ago

Was not tested because deployment had a time out and was unstable. Because there are no fail safes by design, a deployment with high availability and no downtime is necessary before further testing.

hammad93 commented 1 year ago

Original implementation will have no fail safes for testing and based on results safe guards will be implemented.

hammad93 commented 1 year ago

fail-safes will not be implemented to achieve true end-to-end encryption that is not exploitable by developer coercion

hammad93 commented 1 year ago

~Currently deployed~ at http://198.57.44.233:1337/ only for testing

hammad93 commented 1 year ago

the physical safe itself has failsafe mechanisms

hammad93 commented 1 year ago

https://blog.miguelgrinberg.com/post/running-a-flask-application-as-a-service-with-systemd

hammad93 commented 1 year ago

It worked with the lock at 10 hours with this message

wcFMA9VEM75cwJJ9AQ//esfUD2h+W+0RAP9WMdPhiynsfotUsQh6Cic3tTEQedPvLRlcNielsBu3mESxnmc5NXqi52HwIgfCS0G8LoCviSewJ9+3jBHqE1CSw8Y86MI1oi6R1XedCb1inNdyGtO+kCf5LJhlAp6jM/ukC2gY5s0krnvp9JAyRDROxh24LMIHRcQCX4Wst1ENAx7k4T4Hg+xnU+myouncFK++NtBa8SR1bmXxg/zZ42pdSR8OvmONqRMXsskfHlrh5yCc3cwDSmSvVrUMPO+x8Szmpl+4MMUnyJ6enb2ZY6ZbknfU1PvH1EPvRckObBP1v87YK5pjW5Tai7y2ZZq8UQU6YccUjC5cBAWxuBqWEZnrbKGHAS+3cfoklNQ1H3slJdr+rID0IciXPBMI7hkanDDujrVf2JIZQ7n5yuQB1MCbUhc13q0JrKedwr/fXqlXB6wsj7Y0WgC0YknFGAbL37FfIe/RT5zjNon7rkRlI+rhKgqZ3WtohowazlZvvQV1wqS8YwPCbdDqQEEkSuSDOHFAyZy1wx21E7H75kBLc7YC4gWTQuMVm0gVq2RdbnkdUoy7kMoo+Jdgfx9FxXLcBbSxQX9ZXSmR0YOHlTVG5fZdCwm+NLdeLOWlv4/ita36QsjYTpfvlyfdMz0Rd1S80/EjDnsVBCgkyZO7kj77X2cEjH2xX/nSWQHu2nr//49ipUYpAX0VuOz1kRurY7QXhX+TCAuTleVFKgRVyOYZMTYfXdjJ5LRtqimnEeHS9Ujb/1rR7o7TiQOIZ+8zd4MDLXxcnX6yG4f9H7K7Yg0cxpv/

I currently use this tool to help with mental health.

hammad93 commented 1 year ago

we can implement a failsafe (or multiple) by creating another app as a backup for the private key. This way there is a fail safe with end to end encryption

hammad93 commented 1 year ago

because it's not ssl encrypted you can easily spoof it, but it cannot not unlock a key

hammad93 commented 1 year ago

https://en.wikipedia.org/wiki/Time-delay_combination_locks https://en.wikipedia.org/wiki/Time_lock

hammad93 commented 1 year ago

image

hammad93 commented 1 year ago

what can I say, it works

hammad93 commented 1 year ago

When unlocking with IP, it doesn't really work well if it's not static. This pattern may cause headaches especially if the ISP changes. Maybe try a MAC address instead?

hammad93 commented 1 year ago

Dr Jekyl made the algorithm but Mr Hyde tested it

hammad93 commented 1 year ago

When unlocking with IP, it doesn't really work well if it's not static. This pattern may cause headaches especially if the ISP changes. Maybe try a MAC address instead?

Sending a one time only email with the key is the way

hammad93 commented 1 year ago

image a case study on 3 digit combinations in time sensitive safes and the Magic number 7 plus minus 2 compared to 8 digit combination locks

hammad93 commented 1 year ago

Perhaps lower digit combinations are more forgettable with time? I still remember the 3 digit combo a few days after

hammad93 commented 1 year ago

This was a deleted comment. Please don't delete again. "Last weekend's testing yielded a noteworthy result. After setting the passcode in the safe for a week successfully, I set another time crypt for a day. However, I didn't set the cover for the batteries and from moving around the safe, the batteries came out and into the safe. This meant that the safe was inaccessible because I put the failsafe keys inside.

Initially, I was challenged to try and recover what was inside. Some suggestions, including dislodging the spring in the locking mechanism, ultimately didn't work for this type of safe. This validated that the methodology worked because I was trying to compromise it. After all, valuables were safe. Almost all methods did not work.

There was a point where panic set in because it would be difficult and time-consuming to acquire the valuables again without opening the safe. Although I was utilizing my mind to search for hacks, there was a more primal instinct that kicked in. Personally, I practice weightlifting and exercise regularly, which gave me the confidence to exert my body to physically open the safe. Even though I am vehemently against violence in any form, there was some incredible violence that happened to break open the safe and I was transformed into something I did not recognize. I grabbed a hammer and started indiscriminately smashing the safe, which was the most violence I had ever committed in my memory.

This method is not an exploit and was barely a hack. It was extremely loud, and with every contact with the hammer, the home shook. I was not living in an apartment, and nobody was home, so this would have been infeasible in any other circumstance.

The takeaway is that this cryptographic method applies to real-world settings and that there is an incredible value that may enable many other things. However, every step of the method requires precision because there are no failsafes in the algorithm by design. Another safe from the same manufacturer was ordered. Some safes are designed to withstand physical force but designing against it may lead to violent patterns.

hammad93 commented 1 year ago

image a case study on 3 digit combinations in time sensitive safes and the Magic number 7 plus minus 2 compared to 8 digit combination locks

I still remember the 3 digit combination almost 2 weeks ago. Perhaps we can recreate another passcode but this time while multitasking? It seems like the magic number holds up since I have never remembered any of the 8 digit passcodes. There's an estimated 40 time locks with 8 digits that I've generated.

hammad93 commented 1 year ago

image a case study on 3 digit combinations in time sensitive safes and the Magic number 7 plus minus 2 compared to 8 digit combination locks

I still remember the 3 digit combination almost 2 weeks ago. Perhaps we can recreate another passcode but this time while multitasking? It seems like the magic number holds up since I have never remembered any of the 8 digit passcodes. There's an estimated 40 time locks with 8 digits that I've generated.

to be more clear, I mean trying to multitask so there are more digits in your short term memory and it might work based on the magic number

hammad93 commented 12 months ago

A few days ago I had set the lock and remembered the 8 digit passcode. 7 +- 2 means 5 to 9 and 10 digits is where the distribution gets more rare.

It may have been because some of the digits belonged to my phone number and I was able to remember.

hammad93 commented 12 months ago

I still remember the 3 digit passcode and while it took longer after a month, I don't think there's a hard limit on when I will forget it. for example, maybe the 3 digit passcode will work for time locks longer than a month?

hammad93 commented 12 months ago

Something similar to this is being used for testing,

image

This one has max 8 digits for password

There are 2 types of these safes, the biggest difference being how the codes are reset. I bought both version of the safe and one of them suffers from the "tap" vulnerability which makes it easy to unlock without the passcode.

hammad93 commented 12 months ago

Something similar to this is being used for testing,

image

This one has max 8 digits for password

There are 2 types of these safes, the biggest difference being how the codes are reset. I bought both version of the safe and one of them suffers from the "tap" vulnerability which makes it easy to unlock without the passcode.

I was just able to test this vulnerability and it worked. This is the one where the reset button isn't inside the battery compartment.

hammad93 commented 11 months ago

Ordered another newer version of the safe that has an external power in case of battery loss. This would fix the vulnerability from the first safe where my cat pushed the safe off the table and dislodged the battery, making it inaccessible unless you had the failsafe keys. It was the same price, let's see how it goes.

hammad93 commented 11 months ago

hack this

wcFMA3VbPdc/64xJAQ/+PgspsqM2Ky0iegyeuSkqGwdBYaF3YiP2t34DFbGJFJUH74DE/Km+W3/CMKc8yHbiIQv9rXQEBKKf3yWVXyo4PkKHwfx4xQBvBhwtXliJE6yaaoVTYkvSsq8u16F7BAVeVx72+cAw6YjeCqV6a296rgBDhNHwl7fvDfrmq3HeGGsJp/4r4xUeFtWsicZnOf/HGAErPzxx9MnByPnvbNBOeWhABw/4DIcFaPT7TQKloUOaERScmQ18s0Ivnyo1q8g+D2Zp4BrRPwExhV6v2CtXWJAbSVJtGsdahCHjT1uW1INJ9SCgKdPCs6ZyX6DEmW59In37By88NhKd9x+uhCgl2d5wlfmr9zzHrhtO1hOkuf4hVh8GwrzewokhPDzFLeXZ80te/R6Y22G39JIAMoKqLfMjKjWbKJNRghV6M4TXbHvA3ON0vGE00/bE3UUkTAZqpijGBQElj0RQL4vaw3tYgpVhkgOfn+NZRMSmvSc/dtwIZsxDqFweT6iwIlCnc1bJujDk1gW6BMrRkWIx2sLbLEbD/Q9S5cVxVzR8zeUviyb0TJ/78h3IrEFexvgVWdVKmj/CQCdmuvqmDWp7PavmRz8K1YljobCV+siGtBIbOL7LJKbw0cD3dC+5psnWK9Yq2msYs3oDTB8HjAkIQ98Dlh6/iOCXfl6sCCp+mPSZLTLSUAG3LG9UJxqnQHd7gPeLl2gkz39BHAOh0T7G6ZUjqthcfZmU1Vwb24ONyybxGBlDX9BYL+KjWkEAQHO6WFkQ2ygZhilo5LqDi00m+qNZ3BQw
hammad93 commented 7 months ago

I still remember the 3 digit passcode and while it took longer after a month, I don't think there's a hard limit on when I will forget it. for example, maybe the 3 digit passcode will work for time locks longer than a month?

I finally forgot, maybe what it starts with and another digit?

hammad93 commented 5 months ago

I still remember the 3 digit passcode and while it took longer after a month, I don't think there's a hard limit on when I will forget it. for example, maybe the 3 digit passcode will work for time locks longer than a month?

I finally forgot, maybe what it starts with and another digit?

Consciously I want to forget but subconsciously I haven't.

hammad93 commented 2 weeks ago

I remembered an 8 digit passcode a day after but it has repeating digits

Because we are utilizing the magic number 7 which is symbolic.

A repeating digit is often grouped symbolically.

This happened before with personally meaningful numbers like the year of birth but this is harder to put in code.

hammad93 commented 2 weeks ago

We could just generate a new passcode until we get one without repeating digits and then run it through the algorithm.

An interesting analysis would be how others have encountered the same issues. For example, in scratch tokens, there are certain characters that aren't used because they're easily scratched away.