1. Forum
  2. USENET
  3. sci.crypt

  • Security Warning: Cryptographic Flaws in OCTADE's KSRNG, MegaRand, and GOLDILOCKER

    From Battosai@cuadratica@protonmail.com to sci.crypt on Thu Sep 25 05:53:57 2025
    From Newsgroup: sci.crypt

    To the sci.crypt community,

    I am writing to alert members about serious cryptographic flaws and misrepresentations in software packages recently posted by Byrl Raze
    Buckbriar (OCTADE), specifically: KSRNG, MegaRand, and GOLDILOCKER 448.

    As a researcher working with information-theoretic security and
    cryptographic implementations, I have identified fundamental errors
    that render these tools cryptographically dangerous.

    == KSRNG (Key Strike Random Generator) ==

    Claim: "Generates very, very random seeds that are truly random."

    Analysis:
    - Primary entropy source is /dev/urandom (CSPRNG), not true randomness
    - Keystroke timing provides minimal entropy (1-2 bits/keystroke)
    - Extensive shuffling/hashing operations cannot increase entropy
    - Marketing as "true random" is scientifically inaccurate

    == MegaRand ==

    Claim: "Builds a large random entropy pool with no period, pattern, or bias."

    Analysis:
    - Relies on /dev/urandom while claiming "true randomness"
    - Complex file structure provides zero cryptographic benefit
    - Final step encrypts random data with itself (cryptographic nonsense)
    - Computationally expensive security theater

    == GOLDILOCKER 448 ==

    Claim: "Generates Goldilocks (ED448) keys from a seed phrase."

    Analysis:
    - ED448 requires random generation; deterministic creation violates
    elliptic curve security assumptions
    - Manual construction of OpenSSL key headers demonstrates fundamental
    misunderstanding of cryptographic formats
    - Misuse of BIP39 specification without checksums or proper encoding
    - Will produce cryptographically broken keys

    == Common Patterns ==

    All three implementations exhibit:
    1. Reliance on /dev/urandom while claiming "true randomness"
    2. Computationally expensive operations that provide no cryptographic benefit 3. Fundamental misunderstandings of entropy and cryptographic primitives
    4. Marketing claims that contradict actual implementation

    == Security Implications ==

    These tools pose actual risks to users:
    - False sense of security through "cryptographic theater"
    - Potential use in production systems where security is critical
    - Wasted computational resources for zero security benefit

    == Recommendations ==

    1. Avoid these implementations for any security-sensitive purpose
    2. Use established, peer-reviewed cryptographic libraries
    3. Verify cryptographic claims against academic literature
    4. Report potentially dangerous cryptographic misinformation

    I welcome discussion and peer review of these findings.

    - Battosai
    Cryptography Researcher
    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Battosai@cuadratica@protonmail.com to sci.crypt on Thu Sep 25 06:18:37 2025
    From Newsgroup: sci.crypt

    Critical Analysis: Cryptographic Misrepresentations in "OCTADE's"
    Software Suite

    To the sci.crypt community,

    I am writing to alert members about serious cryptographic flaws and misrepresentations in software packages recently posted by Byrl Raze
    Buckbriar (OCTADE), specifically: KSRNG, MegaRand, and GOLDILOCKER 448.

    As a researcher working with information-theoretic security and
    cryptographic implementations, I have identified fundamental errors
    that render these tools cryptographically dangerous.

    == KSRNG (Key Strike Random Generator) ==

    Claim: "Generates very, very random seeds that are truly random."

    Analysis:
    - Primary entropy source is /dev/urandom (CSPRNG), not true randomness
    - Keystroke timing provides minimal entropy (1-2 bits/keystroke)
    - Extensive shuffling/hashing operations cannot increase entropy
    - Marketing as "true random" is scientifically inaccurate

    == MegaRand ==

    Claim: "Builds a large random entropy pool with no period, pattern, or bias."

    Analysis:
    - Relies on /dev/urandom while claiming "true randomness"
    - Complex file structure provides zero cryptographic benefit
    - Final step encrypts random data with itself (cryptographic nonsense)
    - Computationally expensive security theater

    == GOLDILOCKER 448 ==

    Claim: "Generates Goldilocks (ED448) keys from a seed phrase."

    Analysis:
    - ED448 requires random generation; deterministic creation violates
    elliptic curve security assumptions
    - Manual construction of OpenSSL key headers demonstrates fundamental
    misunderstanding of cryptographic formats
    - Misuse of BIP39 specification without checksums or proper encoding
    - Will produce cryptographically broken keys

    == Common Patterns ==

    All three implementations exhibit:
    1. Reliance on /dev/urandom while claiming "true randomness"
    2. Computationally expensive operations that provide no cryptographic benefit 3. Fundamental misunderstandings of entropy and cryptographic primitives
    4. Marketing claims that contradict actual implementation

    == Security Implications ==

    These tools pose actual risks to users:
    - False sense of security through "cryptographic theater"
    - Potential use in production systems where security is critical
    - Wasted computational resources for zero security benefit

    == Recommendations ==

    1. Avoid these implementations for any security-sensitive purpose
    2. Use established, peer-reviewed cryptographic libraries
    3. Verify cryptographic claims against academic literature
    4. Report potentially dangerous cryptographic misinformation

    I welcome discussion and peer review of these findings.

    - Battosai
    Cryptography Researcher
    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Byrl Raze Buckbriar@news0@octade.net to sci.crypt on Wed Nov 12 23:15:48 2025
    From Newsgroup: sci.crypt

    On Thu, 25 Sep 2025 05:53:57 -0000 (UTC)
    Battosai <cuadratica@protonmail.com> wrote:

    Did the cartoon character, "Battosai", use Claude AI or some other LLM to generate this mendacious misinformation? I could write a book to debunk the nonsense, ignorance, and grandstanding in this cartoon character's posts. Battosi employs ambiguous, amorphous and frightening trigger words with no scientific meaning to make things sound 'scary' with itself as the hero. As Battosai is an anonymous cartoon character I shan't waste my time addressing addled malice. I will not refute the false points in its posts because I justifiably suspect it made them just to waste my time.

    <.....>

    I welcome discussion and peer review of these findings.

    Really? A cartoon character wants to do peer review? Has Battosai published a paper for peer review?

    If Battosai posts links to its public works published under a real human name then maybe we could peer review those.

    If Battosai posts any more delusional rot under its cartoon character nym don't expect any response from me. It could take reams of writing to refute nonsense. Therefore refusing to respond to anonymous cranks is not an admission of their claims. I owe no duty to debate with a anonymous cartoon. Whatever anontroll lunacy this cartoon is trying to draw me into--I'm not interested.

    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Rich@rich@example.invalid to sci.crypt on Sat Nov 15 02:22:38 2025
    From Newsgroup: sci.crypt

    Byrl Raze Buckbriar <news0@octade.net> wrote:
    On Thu, 25 Sep 2025 05:53:57 -0000 (UTC)
    Battosai <cuadratica@protonmail.com> wrote:

    Did the cartoon character, "Battosai", use Claude AI or some other
    LLM to generate this mendacious misinformation?

    It hardly matters. Battosai's rebuttal is by far more believable than
    your grandiose claims about your scheme.

    I could write a book to debunk the nonsense, ignorance, and
    grandstanding in this cartoon character's posts.

    Please do if you find it so easy.

    Battosi employs ambiguous, amorphous and frightening trigger words
    with no scientific meaning to make things sound 'scary' with itself
    as the hero. As Battosai is an anonymous cartoon character I shan't
    waste my time addressing addled malice. I will not refute the false
    points in its posts because I justifiably suspect it made them just
    to waste my time.

    Battosi's analysis uses standard words in standard ways relevant to cryptography/randomness generation.

    Your posts use ambiguous, amorphous ... words with no scientific
    meaning.

    I welcome discussion and peer review of these findings.

    Really? A cartoon character wants to do peer review? Has Battosai published a paper for peer review?

    Have you?

    If Battosai posts links to its public works published under a real
    human name then maybe we could peer review those.

    If Battosai posts any more delusional rot under its cartoon character
    nym don't expect any response from me.

    That would be best for the group, as it would mean you would go away.

    --- Synchronet 3.21a-Linux NewsLink 1.2
  • From Byrl Raze Buckbriar@news0@octade.net to sci.crypt on Sun Dec 7 11:00:40 2025
    From Newsgroup: sci.crypt

    On Sat, 15 Nov 2025 02:22:38 -0000 (UTC)
    Richard Cranium the predatory lying snake wrote:

    If Battosai posts any more delusional rot under its cartoon character
    nym don't expect any response from me.

    That would be best for the group, as it would mean you would go away.

    Why should I go away when you already have gone away?


    ((( PLONK )))

    ((( FOAD )))

    ((( ESAD )))

    --- Synchronet 3.21a-Linux NewsLink 1.2