127100+ entries in 0.032s
mircea_popescu occasionally lulz at girlies earnestly clucking around to speed up key production.
mircea_popescu can't think of any valid excuse anyone involved in os design could possibly have not to already be in wot.
☟︎ mircea_popescu: i prefer to discern between the two by their reaction to events. the fact that they're not all here means they're all there.
mircea_popescu: maybe (there is a valid argument here, that at the time they were making this shit it was for toys not btc nodes). or maybe they're just usefully idiotarian.
mircea_popescu: (incidentally those "accidental"-deliberate fucktards : fixed whitening scheme ? really ? what the FUCK! if there's anything in the entire fucking os the user must be able to customize, it's NOT the fucking glyph table / window size for the love of christmas fucks!)
mircea_popescu: it just doesn't actually speak to the foregoing. i suppose the correct rsa implementation comes with a kernel patch.
mircea_popescu: the concept of test is, definitionally, "on user end".
mircea_popescu: all tests must always and forever be in the hand of hte user.
mircea_popescu: but i do dispute that for this reason it then follows there also can't be put any.
mircea_popescu: anywya, i don't dispute that "accidentally"-deliberately nobody put any effort into rng quality assurance ; key quality assurance ; etc.
mircea_popescu: well, it's a statistical matter, so modellable like any other.
mircea_popescu: passing it better than the real thing is failing, innit.
mircea_popescu: (also by definition whitening doesn't trivially pass the tests, just superficially seems to.)
mircea_popescu: otherwise you're in the position of the camper who doesn't pack a burner because, technically speaking, he doesn't know there will be oxygen where he goes, not having been there before.
mircea_popescu: asciilifeform yes, but this is not a reason to not have the tool.
mircea_popescu: and speaking of gpg deplorable state asciilifeform can you think of any possible reason the damned thing doesn't come a) bundled with ent and b) with ready implemented tests of local entropy while c) key generation is a subset of entropy testing in all cases ?
☟︎ mircea_popescu: mod6 ok but none of this resulted in "current gpg shitfest is acceptable"
mircea_popescu: yes, that's right : landed at chatham, burned the ships, FAILED TO BURN THE FUCKING DOCKYARDS.
mircea_popescu: actually to formalize that : a 4096 bits key means a p that is 257 to 259 bytes long ; and a q that is 258 to 260 bytes long. end of fucking story.
☟︎ mircea_popescu: when we reimplement rsa plox : a) either p length odd and q length even or vice-versa ; b) neither within 1 of a lattice power
mircea_popescu: /* make sure that nbits is even so that we generate p, q of equal size */ << what ?
mircea_popescu: more practical would be to force the code to make a pile of say 64 byte keys and sieve them.
mircea_popescu: yes but no. for one thign you don't do lattice search iirc ? for the other, the keys we're working on are too large.
mircea_popescu: one obviously hopes that gpg did. but then again the brutal teacher that is experience shows it's wiser to suspect everyone merely hoped someone else did it.
mircea_popescu: asciilifeform btw re the fermat discussion, i wonder if anyone ever did a proper review of rsa code for lattice and fermat-closeness weakness in p,q generation.
mircea_popescu: well the ecc justification is "shorter keys", other than a bunch of "new! better!" crapola.
mircea_popescu: always and everywhere in engineering, this is the case.
mircea_popescu: but "the new better replacement for copper pipe" is not worth contemplating today like it wasn't worth contemplating in 516 ad.
mircea_popescu: you mean, "alternatives for rsa are not worth contemplating" ? sure, they are, much like anything's worth contemplating. it's educative if nothing else.
mircea_popescu: what does "new comers" mean ? like, people fresh out of highschool ?
mircea_popescu: if someone breaks rsa you have all sorts of other problems to contend with.
mircea_popescu: fabio__ rsa is not breakable in the "shit someone broke openssl" sense you seem to be thinking of.
mircea_popescu: last the topic was took up it came out that no, it's absolutely not.
mircea_popescu: not that we're even sure "complexity class" is meaningfully defined for this purpose
mircea_popescu: or do you specifically want to hear it out of his mouth also.
mircea_popescu: fabio__ rsa has the advantage that it's the simpler solution. i thought i said this before.
mircea_popescu: unlike bob, nobody on a stick and sam altman own nothing, and have nothing to lose. they sleep in ~prison / airbnb as it is.
mircea_popescu: the exact same thing COULD happen to bob sauerberg. tomorrow.
mircea_popescu: you were here when tiny boo boo exploded into gawker bankruptcy followed by nick denton personal bankruptcy soonish to be followed by actual imprisonment over lying to judges etc ?
mircea_popescu: the ycombinator derps on the other hand have ~nothing to lose.
mircea_popescu: there's nothing simpler than rsa ; ecc certainly doesn't meet that qual.
mircea_popescu: in general when dealing with snake oil, and cryptography currently is indistinguishable from such, is to take the simplest form.
mircea_popescu: fabio__ you don't specifically know whether and which curves may be surprisingly weak. community consensus can't fix this.
mircea_popescu: BingoBoingo hey, somehow they didn't miss out implementing utf, they just neglected to check their crypto code. great set of priorities there.
mircea_popescu: they support anything and everything but sound cryptography, proper rng etc.
mircea_popescu: openssh is a scandalous piece of trojan work, on the other hand.
mircea_popescu: be wary of consensi generally, for it rarely is more than a device in late night tv commercials.
mircea_popescu: the republic doesn't, nor does any lord that i know of, recommend using ecc in any serious capacity. that's the community. otherwise, if you wish to say "i trust djb and whatever he says i'll take" this is fine, but it's a matter of personal investment not "community" nonsense.
mircea_popescu: ethereum forked by "agreement of the community", does the result satisfy your expectations, for instance ?
mircea_popescu: altogether a funny thing, especially in the sense that these idiots learned ~nothing in five centuries.
mircea_popescu: they were ~accidentally~ supplied to de witt in a pile of other documents. which resulted in some beheadings.
mircea_popescu: but they also drew up plans for overthrowing the republic's government, in a very muchly amusing color revolution (the future english king was to come from the house of Orange, you realise!)
mircea_popescu: meanwhile charles keep trying to make peaces with the republic, by offering vague nothings.
mircea_popescu: then they induced the bishop of munster, a sort of medieval thug, to invade the republic, under promise of "large subsidies". those subsidies never materialized, being promised by the broke-ass anglos as they were ; brandenburg moved in from the east and the naive turk uh i mean bishop of munster was forced to a rather disfavourable peace for his trouble / idiotic naivity.
mircea_popescu: but obviously the english ordered ships they couldn't possibly pay for and called this "a cash problem". to be resolved by privateers - except the dutch privateers were both better and more productive.
mircea_popescu: incidentally, the curious amateur historian may be well served by a review of the 2nd anglo-dutch war. some underlined parts : the anglos were deeply overextended politically - their crummy country consisting of one single town and a bunch of retarded peasants ; while the republic had many more merchants, with lots more money. in practice this meant that the english could pay for one ship where the dutch could afford seven ;
☟︎ mircea_popescu: also missing, the great american novel. as well as a dictionary of the french language.
mircea_popescu: asciilifeform two points here being that a) the "global dragnet" is much more difficult to use than you imagine ; and much less productive, being more of a prestige item than a tool of any sort ; b) they're discussing a specific item. if i ask you how many stovetops you have in your house you wouldn't count the roof, notwithstanding the sun heating it is, energetically, more significant.
mircea_popescu: btw : the muslims actually do the whole chain thing. point in case : "Nabil Received five Ijazas/certificate from several respected scholars in Egypt. He has an Ijaza with an authentic, short chain of 26 from him to our beloved Prophet Muhammad (Peace and Blessings Be upon Him)."
mircea_popescu: i thought back when it was voat.co reddit mostly did kiddie porn.