So, every hacker [s/is slowly forgetting due to global gaslighting and abuse/knows firmly/] that plaintext, unsigned communications are pointless because all the political influences between you and the person you're communicating with will alter your communications. In order to connect we have to find each other on networks that are more reliable than e-mail. A clue to finding these networks, people, and other exotic information, is weird strings of numbers and letters that seem like random gobbledygook, almost as if we were copy and pasting computer glitches to each other. No, these confusing strings of characters are the words of computer hackers: especially if the alphabetic characters never exceed 'f' in the alphabet, which does not stand for 'fuck this is confusing', but rather for 'we made computers highly efficient by braking them into powers of two'. It's called hexadecimal.
On 10/12/20, Stefan Claas
wrote: [snip...] Regards Stefan
-- NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 The computer helps us to solve problems, we did not have without him.
Here, we have a hexadecimal string associated with the phrase 'NaClbox'. 'NaCl' is a stupid-people-who-use-computers word for encryption and verification. 'box' is the same for computer. Let's search for it and see i we can find this random string of hexadecimal! This time, I'm going to [s/heal my injured spine/wise up to the manipulative marketing AIs/] just a smidge, and use a search engine other than google. Even better would be _asking a human being_, but we're not quite that smart yet. I'll try duckduckgo. I typed 'naclbox' into duckduckgo and the first hit is ... https://www.naclbox.com/ ! This has to be it, right? It has the right domain name! A computer game thing! This hacker must have been asking us to play computer games with them, how friendly! Let's do some wizardry called a 'dns lookup' on that url. There's a way, given _any url_, to get information on who purchased it and stuff like that. If [s/you're actually part of a major corporate conspiracy and are frequently hired to kill people who look into the origins of coverups/you have schizophrenia from too many dns lookups/] you may have trouble doing this important research, but it's not very hard to do. Searching the internet for "lookup dns purchase command line", I see a way to copy the term that [s/gives me severe traumatic flashbacks/i haven't learned to use yet/]: "whois". My system doesn't have "whois" installed because I'm a normal person, not a mumbo-jumbo computer wizard, but I can install it like any other package, and run it on www.naclbox.com: ``` $ whois naclbox.com Domain Name: NACLBOX.COM Registry Domain ID: 1653881042_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.gandi.net Registrar URL: http://www.gandi.net Updated Date: 2020-03-27T19:42:08Z Creation Date: 2011-05-01T15:51:02Z Registry Expiry Date: 2021-05-01T15:51:02Z Registrar: Gandi SAS Registrar IANA ID: 81 Registrar Abuse Contact Email: abuse@support.gandi.net Registrar Abuse Contact Phone: +33.170377661 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: NS-1219.AWSDNS-24.ORG Name Server: NS-1965.AWSDNS-53.CO.UK Name Server: NS-259.AWSDNS-32.COM Name Server: NS-544.AWSDNS-04.NET DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
Last update of whois database: 2020-10-12T13:36:17Z <<<
This record claims that the domain was purchased on 2011 and expires
2021. It's been a really long time since I've done this, but I was
expecting to see some information on e.g. a technical contact or
something: a real human being associated with the website. Maybe I
have too look somewhere else. I tried this:
$ whois -h whois.gandhi.net naclbox.com ``` which just sits there and hangs. Anyway, it sounds like the _cryptographic_ nacl project would be able to purchase this domain in 2021 if they wanted. Farther down the duckduckgo results is a more promising link, that leads to https://pkg.go.dev/golang.org/x/crypto/nacl/box . Unfortunately, this project now calls itself "package box", not "nacl box", which is discouraging. Still, we can look it over. Woohoo! "package box" says it is a generic frontend for NaCl encryption, which implies that it's possible that the signature we found is a public key for sending somebody private messages in a reliable manner, and that any tool that does this NaCl encryption can communicate with him. "package box" links to a central nacl website: https://nacl.cr.yp.to/box.html . A great way to check if we interpreted these letters-and-numbers-mumbo-jumbo correctly is to try to use them. We'll try to send this guy ... what's their name?
NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675
We'll try to send cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 a message ! This might mean learning to use nacl. The page I found is a c++ interface, so I'll just use that since [s/my fingers and eyes spazz out uncontrollably when i use the web now/it's a good exercise for me to write a small C++ program/]. ``` $ sudo yum install nacl-devel # nacl is a software development library for secure communication that's been available on linux systems for some time now ... ``` If you've been through [s/an abusive enslavement experience where you suffered severe injuries and learned to dissociate from your memories as way of life/a corporate or government training program/] you may have difficulty forming encrypted communications with a hacker online, but rest assured everything is fine: since the worldwide digital coronavirus has thoroughly filled your device with malware, all the corporate goonies can make sure everything is okay, and since this guy is an experienced enough hacker to communicate with letters and numbers, they'll be able to tell that you aren't one of them. That doesn't mean they'll be able to keep themselves safe from your oppressive surveillance and control situations! It's your job to [s/manage those by communicating with your contacts/mourn your wake of dead hackers after the fact/]. So please make a record of what you do so that others can learn from it after somebody new [s/dies horrifically or gets forcibly enslaved by a criminal corporate dictator/gets bored and ignores the rest of us/]! First we need to generate a naclbox of our own, to send the communication from. It's just a set of small personal letters and numbers. The website has this in it: ``` #include "crypto_box.h" std::string pk; std::string sk; pk = crypto_box_keypair(&sk); ```
The crypto_box_keypair function randomly generates a secret key and a corresponding public key. It puts the secret key into sk and returns the public key. It guarantees that sk has crypto_box_SECRETKEYBYTES bytes and that pk has crypto_box_PUBLICKEYBYTES bytes.
The secret key is like your brainstem and your heart. You don't let
anybody else even get a whiff of them, _certainly_ never touch them or
see them, or you could get hurt. Since [s/I'm a corporate slave/this
is just an example/], I'll be storing my brainstem on the malware
that's infesting the system I am typing this on.
On my system, I'll have to mutate the example from the website just a
tiny bit, to get it to compile.
```
// nacl-generate.cpp
#include