1500+ entries in 0.016s
Framedragger: unless... hm! "fait" could mean "done" in french (sth like that?), and so the "fait banking partners" could mean done-for? :D
Framedragger: ah, kk. i didn't spot the phuctor downloader back then
Framedragger: mircea_popescu: would love to but not tonight. is big topic!
Framedragger: asciilifeform: they were already using a scheme which was supposed to protect it, but broke the spec, and implemented poorly. i don't remember but it's probably fixable without migrating to snakeoil or whatever framework
Framedragger: mircea_popescu: i don't think the discussion about say gossipd station keys vs 'main key' was necessarily finished? i realise that it ain't pretty
Framedragger: i don't have a super-plausible scenario. i'm saying such scenario is possible; scheme used by tox can 'minimise damage' (i realise that it's a funny word when describing 'key stolen'); it doesn't, hence that complaint on shithub.
Framedragger: no, wait, it's *you* who lost the key, not bob.
Framedragger: the idea is that your key was not stolen while attacker had root access to your box.
Framedragger: if scheme works as it should, you get a signed message from bob and you know it's bob who sent it to you.
Framedragger: i do not believe in "single key" thing. there is main-key. but you can have station keys. which can't format hdd. that's slippery slope
Framedragger: so if you have your friend bob's key and bob writes you "dude key stolen wtf", you know that shit went down. but now, attacker can be 100 bobs, with 'signed messages' or whatever, telling you "no don't listen to this impersonator not-bob, you're fine"
Framedragger: it's not an algo, i was referring to a possible fix of a further bad-thing that happens when key stolen. bad-thing is: once your key stolen, attacker (in that broken tox scheme) can impersonate as *anyone* *to* you.
Framedragger: no, there is no such thing, i said it's social. but hold on:
Framedragger: it's not deterministic, it's not guaranteed, it's pretty crap, yes, but given the option?..
Framedragger: could just be a social thing, someone literally using your key
Framedragger: other people, e.g., who yes will be alerting both you and other-you
Framedragger: (what if it's a station key? what if you wanted to be alerted of 'key stolen!')
Framedragger: right, right, i should have known (you had mentioned this). cool :)
Framedragger: (re. else, later, moving self. but just a quick note re turing complete, well yes a bignumtron should not in itself be turing complete, but i wasn't sure how much additional stuff was planned on top)
Framedragger: ^ interesting thing re above, note, your key thief can impersonate anyone *to* you, not impersonate *as you* - the latter is contained in "thief" and is unavoidable. but the former is avoidable.
☟︎ Framedragger checks clock, 10pm, tilts head, office space, mk
Framedragger: i just thought, asciilifeform's bignumtron is probably not even turing complete yes? if it's not, that *a big plus*
Framedragger: but then that whole ecosystem may need to die before there is good in the world.
Framedragger: mircea_popescu: well, you're right, damn. looking at list of thing signal gives though, it's just clean functions for doing crypto. i dunno. i think in the case of tox, its crypto may actually map well to noise, in the sense of them being able to just use stuff that noise provides, and not reimplement same shit in broken fashion
Framedragger: mircea_popescu: even then, yes, explosion of statespace, sure
Framedragger: mircea_popescu: no disagreement. i honestly don't know re framework, i do think they just abused a term (which isn't a great signal)
Framedragger: i thought you were *for* a crypto library where operator would not have to use (by which i mean abuse, because he will) low level primitives?
Framedragger: (you can use more general methods which abstract away the internals)
Framedragger: no, i mean that you can embed it in your $crapchatapp and not worry about IV reuse
Framedragger: the fact that interfaces implement literal crap in the case of openssl is of course not the best advertising for a simile...
Framedragger: yesyes, many issues, sure. and in regards to openssl, you know what i meant, the interfaces that the openssl library exports to its operators
Framedragger: makes sense to have core building blocks. i see protocol framework here in the sense of openssl being a protocol framework
Framedragger: i think by 'you can create protocol' they meant a high degree of abstraction kind of protocol. e.g. stateless or stateful transport security, etc.
Framedragger: i'm not convinced it's a very bad idea. i'm not advocating such 'we love complexiti' architecture of course
Framedragger: ah. well, i thought it was a set of lower-level crypto interfaces on which you could build higher-level protocols
Framedragger: oops by 'certainly not' i meant 'certainly pos compared to alf's
Framedragger: i mean, 'compared to what'. certainly not compared to asciilifeform's actually-fucking-constant-time crypto architecture
Framedragger: here i have a problem because i don't think noise is necessarily bad; or that e.g. signal protocol is necessarily bad (yes names are barf'y)
Framedragger: i think in the end they managed to address the fact that they should address it
Framedragger actually went on their channel (whichever it was, they have like tox-talk and -dev and just tox or sth) to see if any clever people. yes, one iphy (also on ##crypto) understood that (1) it was an issue and (2) these other 'core member' fuckwits were destroying any goodwill
Framedragger:
http://btcbase.org/log/2017-04-28#1649251 << as the case currency stands with regards to tox, the saddest thing about it is not its pos code, pos design (i think there are some attempts to have a design?), but that some arguably should-know-better smart people are sinking time into it
☝︎ Framedragger: meh. if i was told out of the blue like that, i may respond the same :) (contra is of course "ignorance is not an excuse")
Framedragger: you can view <pre> as a content/semantic tag, and 'style' would be 'shit in css'. i mean, if we truly believed in content/form separation on the web
Framedragger: thing is, you can monospace with <pre> and let browser decide on monospaced font, too
Framedragger: actually interestingly, trilema.com also renders verdana here on firefox. but i think that ben_vulpes' site somehow managed to use "verdana italic" as "regular verdana", which looked horribru. but i'm not sure what that even
☟︎ Framedragger: verdana sucks. especially when it's not antialiased
Framedragger: asciilifeform: did, with and without numlock. and the thing you're trying to catch in code (e.keyCode) is 0 in both cases. however, e.which is correct (and is more 'canonical' here anyway). but i'm on laptop currently; but that shouldn't make a difference
Framedragger: asciilifeform: e.which more browser-agnostic than e.keyCode; in my case (firefox), e.keyCode is 0, expects e.charCode for $reasons. however, e.which will also work, and 'should' work everywhere except on very old IE. am not js expert tho, so, disclaimer
Framedragger considers opening js console to check exceptions, but goes for tea to not ruin evening
Framedragger: ah, i remember the microwriter article. cool. hm yeah dun seem to work, on first attempt
Framedragger: asciilifeform: keys dun work, actually, but no matter. overall - works
Framedragger: phf: seminar group! imma read shannon's orig paper realsoonnao anyway
Framedragger: isn't it a kind of probability of possible messages / possible states, given a message / given some system. can you really infer anything about "how it came about" (infer *any* info, in terms of probability or w/e)?
☟︎ Framedragger: ah k, need to keep in mind. almost four years going, good stuff!
Framedragger: why the fuck did it tell me it had a 2012 snapshot if it's defo not available tho, lol
Framedragger: hm. definitely not live, because it's not, you know, static. you wish to see the frontend?
Framedragger: what answer did you expect? what kind of verification? it was around on 2012. offered a keycheck service. service no longer offered. raw data not available. "meh; but not stolen from phuctor" is my conclusion
Framedragger: web.archive.org/web/20121023082642/factorable.net
Framedragger: okay, look, their paper was published in 2012. people referred to it as "that 2012 paper". now it's possible all them people are sybils, but i'll go ahead and say that factorable came before phuctor.
Framedragger: also it's still around, but uses a cert that you (probably for good reason) hate