From Newsgroup: sci.crypt

"""
DrMoron: A quirky HMAC-based stream cipher primitive
Core idea: Use HMAC as keystream generator with self-synchronizing feedback,
prepend large TRNG prefix (> digest size), full reverse
between two passes.

Rules (enforced by design intent, not code):
- rand_n MUST be > digest size of chosen hash (e.g. >64 for SHA-512) for strong initial entropy flood.
- Use only secure hashes (SHA-512, SHA3-512, BLAKE2b, BLAKE3 recommended).
- Key: 64-byte TRNG minimum.
- No built-in auth/MAC rCo malleable by design (ciphertext tamper raA atomic garbage output).
- Security claim: Hardness roughly equivalent to breaking HMAC-H under continuous feedback + reverse mixing.

This is raw ciphertext only rCo no bolted-on integrity. Test diffusion, differentials, stats directly.
"""

import hashlib
import hmac
import os

# 1. Improved Hex Utility
# ____________________________________________________________
def ct_bytes_to_hex(data):
"""Returns a clean hex string with 16-byte rows."""
return '\n'.join(data[i:i+16].hex(' ') for i in range(0, len(data), 16)).upper()

# 2. Key Class (Handles Raw Bytes)
# ____________________________________________________________
class ct_secret_key:
def __init__(self, hmac_key, hash_algo, rand_n):
self.hmac_key = hmac_key if isinstance(hmac_key, bytes) else hmac_key.encode()
self.hash_algo = hash_algo
self.rand_n = rand_n

def __repr__(self):
return (f"hmac_key: {self.hmac_key.hex()[:16]}...\n"
f"hash_algo: {self.hash_algo().name}\n"
f"rand_n: {self.rand_n}")

# 3. The Crypt Round Function (Raw Byte Logic)
# ____________________________________________________________
def ct_crypt_round(SK, data_in, decrypt_mode):
"""Single HMAC-feedback round."""
H = hmac.new(SK.hmac_key, None, SK.hash_algo)
H.update(SK.hmac_key[::-1]) # Reversed key for init twist

output = bytearray()
p_idx = 0
p_len = len(data_in)

while p_idx < p_len:
D = H.digest() # Keystream block
d_idx = 0
d_len = len(D)

while p_idx < p_len and d_idx < d_len:
p_byte = data_in[p_idx]
c_byte = p_byte ^ D[d_idx]
output.append(c_byte)

# Feedback: (P,C) encrypt, (C,P) decrypt
if not decrypt_mode:
H.update(bytes([p_byte, c_byte]))
else:
H.update(bytes([c_byte, p_byte]))

p_idx += 1
d_idx += 1

return bytes(output)

# 4. The Main Crypt Wrapper
# ____________________________________________________________
def ct_crypt(SK, data_in, decrypt_mode):
"""Full duplex: forward raA reverse raA forward, with TRNG prefix on encrypt."""
processed_data = data_in

if not decrypt_mode:
# Prepend fresh TRNG prefix (critical for uniqueness)
prefix = os.urandom(SK.rand_n)
processed_data = prefix + processed_data

# Round 1 forward
C = ct_crypt_round(SK, processed_data, decrypt_mode)

# Full reverse (bidirectional diffusion)
C_rev = C[::-1]

# Round 2 forward
final = ct_crypt_round(SK, C_rev, decrypt_mode)

if decrypt_mode:
final = final[SK.rand_n:] # Strip prefix

return final

# ____________________________________________________________
# Simple Test Execution
# ____________________________________________________________

if __name__ == "__main__":
# 64-byte random key (TRNG)
trng_64_bytes = os.urandom(64)

SK = ct_secret_key(
trng_64_bytes,
hashlib.sha512, # Secure default (can swap to sha3_512,
blake2b, etc.)
73 # >64-byte digest, as per rules
)

plaintext = b"ABCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCDE"

# Encrypt
ciphertext = ct_crypt(SK, plaintext, False)
print(f"Ciphertext Hex:\n{ct_bytes_to_hex(ciphertext)}")

# Decrypt & verify
decrypted = ct_crypt(SK, ciphertext, True)
print(f"\nDecrypted String: {decrypted.decode()}")
assert decrypted == plaintext, "Decryption failed!"
print("Round-trip successful.")
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: sci.crypt

On Tue, 10 Feb 2026 05:07:19 -0800
"Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> wrote:

"""
DrMoron: A quirky HMAC-based stream cipher primitive
Core idea: Use HMAC as keystream generator with self-synchronizing feedback,
prepend large TRNG prefix (> digest size), full reverse
between two passes.

Dr. Moron:

Bad name for crypto.

Good name for mind-altering Kool-Aid. Glug, glug, glug.

E for [e]ffort. E for [e]ntertain. E for [E]eyore ... hee haw!

--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: sci.crypt

On 3/2/2026 1:46 PM, Eeyore Hee Haw wrote:

On Tue, 10 Feb 2026 05:07:19 -0800
"Chris M. Thomasson" <chris.m.thomasson.1@gmail.com> wrote:

"""
DrMoron: A quirky HMAC-based stream cipher primitive
Core idea: Use HMAC as keystream generator with self-synchronizing feedback, >> prepend large TRNG prefix (> digest size), full reverse
between two passes.

Dr. Moron:

Bad name for crypto.

rofl! Yeah... ;^)

But it has not been properly tested out by professionals. So, shit
happens. By the way,

https://fractallife247.com/test/hmac_cipher/drmoron/?ct_hmac_cipher=a6ef9b673661ca5a13d2ca2f8e1bcfb19bc5702c8c83954159405725d50e2fa15f5c4c2d5b09094f025a0974d36a57e7fa8061ed528395bf7efd41416f6cd4f22f4874a78d26877c652adcfb27a57769fd7752eba69a4f4ee2c2ba678dc0514522029efd3d555ccf


:^)

Good name for mind-altering Kool-Aid. Glug, glug, glug.

E for [e]ffort. E for [e]ntertain. E for [E]eyore ... hee haw!

I personally think it is secure. Its ciphertexts are good. But! I cannot
claim that at this time. Fair enough?
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: sci.crypt

On 02/03/2026 23:26, Chris M. Thomasson wrote:

By the way,

https://fractallife247.com/test/hmac_cipher/drmoron/?[...]

You know that nobody is going to click on your links, right?
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: sci.crypt

Richard Harnden wrote:

On 02/03/2026 23:26, Chris M. Thomasson wrote:

By the way,

https://fractallife247.com/test/hmac_cipher/drmoron/?[...]

You know that nobody is going to click on your links, right?

EfaiEfai

Correct, because Chris has not (yet) secured his site with mfv[1]
nor does the community like to click on URLs when he can post the
content here! Efo|N+ArCi

[1] https://github.com/Ch1ffr3punk/mfv

But I guess he will never learn...!!!!
--
This message was sent with Nike Mailer
https://github.com/Ch1ffr3punk/Nike EfUC

--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: sci.crypt

On 3/3/2026 5:17 AM, Richard Harnden wrote:

On 02/03/2026 23:26, Chris M. Thomasson wrote:

By the way,

https://fractallife247.com/test/hmac_cipher/drmoron/?[...]

You know that nobody is going to click on your links, right?

You know that, how? Anyway, the plaintext encrypted with the default key:

Does this work for you? Thanks.
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: sci.crypt

On 3/3/2026 6:57 AM, Anonymous wrote:

Richard Harnden wrote:

On 02/03/2026 23:26, Chris M. Thomasson wrote:

By the way,

https://fractallife247.com/test/hmac_cipher/drmoron/?[...]

You know that nobody is going to click on your links, right?

EfaiEfai

Correct, because Chris has not (yet) secured his site with mfv[1]
nor does the community like to click on URLs when he can post the
content here! Efo|N+ArCi

[1] https://github.com/Ch1ffr3punk/mfv

But I guess he will never learn...!!!!

You are who? Stefan?
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: sci.crypt

Chris M. Thomasson wrote:

On 3/3/2026 6:57 AM, Anonymous wrote:

Richard Harnden wrote:

On 02/03/2026 23:26, Chris M. Thomasson wrote:

By the way,

https://fractallife247.com/test/hmac_cipher/drmoron/?[...]

You know that nobody is going to click on your links, right?

EfaiEfai

Correct, because Chris has not (yet) secured his site with mfv[1]
nor does the community like to click on URLs when he can post the
content here! Efo|N+ArCi

[1] https://github.com/Ch1ffr3punk/mfv

But I guess he will never learn...!!!!

You are who? Stefan?

It doesn't matter who posts here!

You need to finally get into the habit of
responding to user requests that
ask you
to do something, and not always
ignoring
them and then additionally always bothering
readers with your URLs!

Do you understand that?

--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: sci.crypt

On 3/6/2026 11:53 AM, Anonymous wrote:

Chris M. Thomasson wrote:

On 3/3/2026 6:57 AM, Anonymous wrote:

Richard Harnden wrote:

On 02/03/2026 23:26, Chris M. Thomasson wrote:

By the way,

https://fractallife247.com/test/hmac_cipher/drmoron/?[...]

You know that nobody is going to click on your links, right?

EfaiEfai

Correct, because Chris has not (yet) secured his site with mfv[1]
nor does the community like to click on URLs when he can post the
content here! Efo|N+ArCi

[1] https://github.com/Ch1ffr3punk/mfv

But I guess he will never learn...!!!!

You are who? Stefan?

It doesn't matter who posts here!

lol.

You need to finally get into the habit of
responding to user requests that
ask you
to do something, and not always
ignoring
them and then additionally always bothering
readers with your URLs!

Do you understand that?

You mean allow a user to see the raw hexbytes of a password ala UNICODE
in my test online version? Wrt two different codes that map to the same
visual symbol? That's a fun one, using unicode for a password... ;^)
Marcel and Rich. Thanks!

You want me to use your system on the server for a HMAC of the files comprising it? I can do that myself. But, why? My system is
experimental, and it gives a clear warning.

https://fractallife247.com/test/hmac_cipher/drmoron/ct_main.js?v=1

https://fractallife247.com/test/hmac_cipher/drmoron/?ct_hmac_cipher=95ad3b663b391cd7f8a710b6c85e085dd908d204c3b09a4aebd788e584ddd186095dfe8e2f56ff9a0e313f7ee41decc36dd32705cdbe48f7dffac76ba4bd25e5fa91ffa6b4f8939e26588f38fd40d5a154acbd5c0b81617a39f6a894cf9853726847ef40027337febf801e3ec1bbf5460b7082298d9409fdec26f6b2440b2c1f2934470c5b38b30f

Btw, your system is 100% secure? Right... Okay.

Did your shit get a proper review? If so, where can I find it?

--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: sci.crypt

Chris M. Thomasson wrote:

On 3/6/2026 11:53 AM, Anonymous wrote:

Chris M. Thomasson wrote:

On 3/3/2026 6:57 AM, Anonymous wrote:

Richard Harnden wrote:

On 02/03/2026 23:26, Chris M. Thomasson wrote:

By the way,

https://fractallife247.com/test/hmac_cipher/drmoron/?[...]

You know that nobody is going to click on your links, right?

EfaiEfai

Correct, because Chris has not (yet) secured his site with mfv[1]
nor does the community like to click on URLs when he can post the content here! Efo|N+ArCi

[1] https://github.com/Ch1ffr3punk/mfv

But I guess he will never learn...!!!!

You are who? Stefan?

It doesn't matter who posts here!

lol.

You need to finally get into the habit of
responding to user requests that
ask you
to do something, and not always
ignoring
them and then additionally always bothering
readers with your URLs!

Do you understand that?

You mean allow a user to see the raw hexbytes of a password ala UNICODE
in my test online version? Wrt two different codes that map to the same visual symbol? That's a fun one, using unicode for a password... ;^)
Marcel and Rich. Thanks!

You want me to use your system on the server for a HMAC of the files comprising it? I can do that myself. But, why? My system is
experimental, and it gives a clear warning.

https://fractallife247.com/test/hmac_cipher/drmoron/ct_main.js?v=1

https://fractallife247.com/test/hmac_cipher/drmoron/?ct_hmac_cipher=95ad3b663b391cd7f8a710b6c85e085dd908d204c3b09a4aebd788e584ddd186095dfe8e2f56ff9a0e313f7ee41decc36dd32705cdbe48f7dffac76ba4bd25e5fa91ffa6b4f8939e26588f38fd40d5a154acbd5c0b81617a39f6a894cf9853726847ef40027337febf801e3ec1bbf5460b7082298d9409fdec26f6b2440b2c1f2934470c5b38b30f

Btw, your system is 100% secure? Right... Okay.

Did your shit get a proper review? If so, where can I find it?

No wonder why the Bitmessage community is calling you and idiot
and the others here, except a few, assholes... Efye

--- Synchronet 3.21d-Linux NewsLink 1.2