1600+ entries in 0.62s
jurov: the
PGP monkeys just did not foresaw any need to put into signature hash of signed document alone
assbot: Searching
pgp.mit.edu for key with fingerprint: E3A490547D5E8A590A5608B0C31CB3DFF91576C7. This may take a few moments.
ag3nt_zer0: trinque: ok sounds good... maybe I am looking at the "keys" wrong... since
pgp is called the bitcoin-standard in encrypted communications, I just assumed it would have a public key/private key situation similar to BTC and that this would be how to encrypt and decrypt
mircea_popescu: the 80% automation is what we do now anyway, for instance when using
pgp pete_dushenski: kalki: don't worry too much about the 'advice' of the newest mac
pgp client
pete_dushenski: more like "Snowden’s actions have also led to terrorist groups to discard new encryption technology in favour of good ol'
pgp. "
ascii_field: i can 'reduce entropy' of mircea_popescu's
pgp key by telling that the factors are odd. what of it.
mircea_popescu: jurov seems to be working fine for
pgp comments on trilema
mircea_popescu: because god fucking forbid you download
pgp signed matter and verify it locally
alphonse23_: oh, so if you want to store your
pgp some where, so anyone can verify it's you, you upload it to sks
williamdunne: danielpbarron: She doesn't have her password unfortunately to here
PGP key D:
assbot: Searching
pgp.mit.edu for key with fingerprint: A364FCEAC68953860519C8A5A66E2D65273F03BD. This may take a few moments.
assbot: No valid OpenPGP data found on
pgp.mit.edu.
assbot: Searching
pgp.mit.edu for key with fingerprint: A364FCEAC68953860519C8A5A66E2D65273F03BD. This may take a few moments.
assbot: Searching
pgp.mit.edu for key with fingerprint: A886215D072240C8D8632DA8564F4D7DAEEA5571. This may take a few moments.
williamdunne has just been flagged to NSA by facebook as someone who uses
PGP assbot: Logged on 31-05-2015 03:03:55; asciilifeform: ;;later tell mircea_popescu this is yet another attribute of the animal we are hunting (the yet-undiscovered diddled
pgp client.) almost certainly it shows the claimed fp rather than the actual.
ascii_field: i conjecture that the overlap of these and the folks using chump-
pgp is a null set
ascii_field: unrelated: anybody locate the inevitable
pgp client which only looks at bottom (or top) 32 bits of each 64-bit modulus chunk when computing fingerprint ?
mircea_popescu: you put that on the page, they verify they can use
pgp, that's it.
copypaste: i could make a
PGP key with just any data.
mircea_popescu: copypaste this is how
pgp evens the odds : a new sig costs about 10x more cycles to make
cazalla: i can go and create 6 million
pgp keys
copypaste: i'll think about it some more in the morning. what would stop bots from generating
PGP keys? unless i forced them into being at a certain
PGp level of course
mircea_popescu:
http://log.bitcoin-assets.com/?date=25-05-2015#1144917 << the idea is that key/identity maintenance is expensive, and so people don't generally want to do it unless needed, which reduces to, unless some woman spent 9 months with it in the oven and then what came out was smart enough to bother. if you want to / need to
pgp, use either of our sigs.
☝︎ assbot: Searching
pgp.mit.edu for key with fingerprint: D191CE495914F681F7CA94EB31040DE39974C0B2. This may take a few moments.
assbot: Searching
pgp.mit.edu for key with fingerprint: 2F13A45085FBE5A7E22E16211AA79029251E74D6. This may take a few moments.
mircea_popescu: but no, what i want is dual rsa-cs for b-a's dream-reimplementaton of
pgp funkenstein_: so one reason it would be nice to have ECDSA as an asym. crypto option in
PGP Hasimir: mircea_popescu, I ran asciilifeform's litmus.py script against all the keys in my gpg 1.4 keyring and got 9 hits, the oldest of which belongs to the
PGP time stamp service and was made in 1995
mircea_popescu: incidentally, asciilifeform & all : is b-a
pgp going to use vsh for hashing ?
mircea_popescu: decimation moreover, you can just
pgp me the code and i'll publish it.
Hasimir: depends on which wot really, I can think of one or two that would know the math well enough, but are not involved in bitcoin at all (the
pgp wot, however, is another matter)
mircea_popescu: asciilifeform "Because the
PGP Global Directory allows users to manage lost keys, it cannot use cryptographic mechanisms for verification. Instead, like mailing list servers and other public Internet services, the
PGP Global Directory verifies a key by requiring a response to a verification email sent to each email address specified on the key. It also requires periodic re-confirmation for each advertised email address
mircea_popescu: "nsa's
pgp keyservers not responsible for fraud - there is a history of cosmic rays having done this before"
Hasimir: all it would take would be the same as allowing it to hash any
pgp message
Hasimir: does it look for the "BEGIN
PGP SIGNED MESSAGE" header?
Hasimir: well, I know nsa head-hunted at least one nai employee back when they owned
pgp corp
ascii_field: for all we know, it is possible that on some
pgp client the faux keys could replace the genuine ones if user ever 'synced' from sks
ascii_field: 'The
PGP Global Directory is not a replacement for the
PGP Web of Trust, but an additional mechanism to provide a global foundation for the
PGP Web of Trust that enables opportunistic secure communications.'
ascii_field: 'Because the
PGP Global Directory allows users to manage lost keys, it cannot use cryptographic mechanisms for verification. Instead, like mailing list servers and other public Internet services, the
PGP Global Directory verifies a key by requiring a response to a verification email sent to each email address specified on the key.'
Hasimir: and v2 keys ==
pgp 2.3 to
pgp 2.6(i)
ascii_field: anyone know a winblowistic implementation of
pgp ? as in, actually using microshit's api
assbot: Logged on 20-05-2015 11:51:47; davout: number 23 : "
PGP Global Directory Verification Key" <<< !!1
mircea_popescu: it's all a
pgp keyserver archive download + python script away
davout: number 23 : "
PGP Global Directory Verification Key" <<< !!1
☟︎ assbot: Searching
pgp.mit.edu for key with fingerprint: 32FE1E61B1C711186CA378DEFD8981F1BC41ABB9. This may take a few moments.
mircea_popescu: ehh, diddled php implementations << obviously i mean
pgp not php.
mircea_popescu: if however his
pgp implementation is compromised in a specific way, the wrong key on the server may very well be the magic packet, causing it to behave in an unexpected - and not otherwise detectable - manner.
mircea_popescu: with a correctly working
pgp implementation, the user connects ot a sks server, discards the wrong key and proceeds as expected.
assbot: Searching
pgp.mit.edu for key with fingerprint: F4DE6DF4EB8BA2DAAD8D14A5B0045BC902AC1559. This may take a few moments.
mircea_popescu: moreover, the way it presents the blob is as a single, shares
pgp key blob
assbot: Logged on 17-05-2015 17:59:08; asciilifeform: i can change yours to '
pgp over dead goat' and it'll parse.
trinque: it just looks for the start and end of the
pgp message