asciilifeform: aha.

asciilifeform: the copy i happen to have pulled from my arse at this moment is 1.5.1.

asciilifeform: it is in libgcrypt

asciilifeform: again it isn't in gpg !

asciilifeform: gentlemen, start yer engines.

asciilifeform: just like in gpg 1.4.10.

asciilifeform: put the hex dump RIGHT AFTER the 'mpi_set_bit(prime,0)' idiocy

asciilifeform: in libgcrypt, the thing is in cipher/primegen.c

asciilifeform: aha.

asciilifeform: but in gcrypt.

asciilifeform: so the lunacy isn't even CONTAINED in it

asciilifeform: gpg 2.x uses gcrypt lib.

asciilifeform: mircea_popescu: if you built it, post the dump plox.

asciilifeform: observe how primary key is always WEAKEST.

asciilifeform pictures boeck, poor idiot, waking up at 4 in the morning, called to do his dooooty

asciilifeform: dunno what kind of dope is even called on such occasion.

asciilifeform: (the bound may conceivably be lower)

asciilifeform: at AT MOST 0.27 of the total, the rape is polynomial.

asciilifeform: the more known bits in modulus, the easier to reconstruct whole thing.

asciilifeform: no this is optimistic mircea_popescu .

asciilifeform: more or less.

asciilifeform: if somebody wants to replicate on gpg 2.x, plox.

asciilifeform: mircea_popescu: N problems.

asciilifeform: it has path.

asciilifeform: see my paste.

asciilifeform brb, phood

asciilifeform: and this isn't even the koch scenario.

asciilifeform: aha.

asciilifeform: do i need to keep going, draw a picture ?

asciilifeform: for 2048-bit key.

asciilifeform: http://wotpaste.cascadianhacker.com/pastes/51515493-1d40-446b-99d0-932642d8b90d/?raw=true << sample output.

asciilifeform: now folks get in some lube, you will need it:

asciilifeform: then, build.

asciilifeform: it is quicker to throw in the extra 'hexdump' line by hand, than to get the patch ducks in a row, imho.

asciilifeform: after this, you will need http://wotpaste.cascadianhacker.com/pastes/e63a6d1f-5f34-4be4-9e9f-0226dc8b8de2/?raw=true

asciilifeform: sha512==d037041d2e6882fd3b999500b5a7b42be2c224836afc358e1f8a2465c1b74473d518f185b7c324b2c8dec4ffb70e9e34a03c94d1a54cc55d297f40c9745f6e1b

asciilifeform: first, you will need mircea_popescu's gnupg-1.4.10.tar.gz. ☟︎

asciilifeform: but slow is better, less tearing.

asciilifeform: when it fully goes in.

asciilifeform: i promise, it will hurt.

asciilifeform: folks yer gonna have to take this road cone in, a few mm at a time.

asciilifeform: holy mother of shit.

asciilifeform: holy shit

asciilifeform: well now i did.

asciilifeform: aaah did i ever mention that gcc 5.x won't build gpg 1.4.x ??

asciilifeform is cooking up a little experiment.

asciilifeform: mircea_popescu: upon reflection, there may exist also a mathematical relationship which allows BOTH mods to be broken.

asciilifeform: (to the subkeys.)

asciilifeform: the correlant is the FIRST key generated (i.e. primary key)

asciilifeform: mircea_popescu: remember, the ~initial~ contents of the pool are entropic (at least in as far as the os provides)

asciilifeform: mircea_popescu: it would not be evident.

asciilifeform: from my current reading, first 20 of every 600 is fixed, for the duration of entire run of process.

asciilifeform: their main function was, iirc, to curate the openpgp working group, to make sure rfc stays replete with braindamage.

asciilifeform: or what's left of it, anyway.

asciilifeform: for some years.

asciilifeform: mod6: iirc they own the original zimmerman pgp.

asciilifeform: 'lomg, long time ago, in galaxy far, far away'

asciilifeform: evidently.

asciilifeform: nobody, of course, ever heard of any such preposterous thing ?

asciilifeform: mircea_popescu: 'the spirochetes are there waiting' << win.

asciilifeform: of 01EA5486DE18A882D4C2684590C8019E36C2E964.'

asciilifeform: 'Bitcoin.org has reason to suspect that the binaries for the upcoming Bitcoin Core release will likely be targeted by state sponsored attackers. As a website, Bitcoin.org does not have the necessary technical resources to guarantee that we can defend ourselves ...blahblah... The hashes of Bitcoin Core binaries are cryptographically signed with this key. We strongly recommend that you download that key, which should have a fingerprint

asciilifeform: https://bitcoin.org/en/alert/2016-08-17-binary-safety << them. apparently.

asciilifeform: know who else ?

asciilifeform: touchable.

asciilifeform: folks who only have mircea_popescu's business card - are.

asciilifeform: nevertheless.

asciilifeform: granted this is not a 'real' forgery because folks with a copy of genuine key are untouchable by it.

asciilifeform: it isn't fixable while conforming to the rfc.

asciilifeform: most recently during the 'linus shortid' thread.

asciilifeform: this is in the l0gz on several occasions

asciilifeform: (when generating ~key~ with which to sign)

asciilifeform: and so all you need to forge a signature is a sha1 collision.

asciilifeform: mod6: the fp calculation is not adjustable.

asciilifeform: this is one of the more egregious festering sores

asciilifeform: mod6: all pgptrons live and die by sha1. ☟︎

asciilifeform: not i.

asciilifeform: (why a pool? why whiten at all? ask koch.)

asciilifeform: is the - derived via arse magic - fixed size of the pool.

asciilifeform: 30 * 20.

asciilifeform: nope

asciilifeform: ^ from mircea_popescu's vintage canned preserve pgp 1.4.10.

asciilifeform: eh dafuq am i doing, http://wotpaste.cascadianhacker.com/pastes/522b89a1-b759-40c4-9c04-56bd9316323f/?raw=true

asciilifeform: BLOCKLEN==64. DIGESTLEN==20 (working length of the retarded 'patent-free!11111' ripemd hash).

asciilifeform: ;;later tell mircea_popescu http://qntra.net/2016/08/rng-whitening-bug-weakened-all-versions-of-gpg/#comment-67543

asciilifeform: everything else ok.

asciilifeform: there is a missing http:// in the phuctor link.

asciilifeform: fire at will.

asciilifeform: yes.

asciilifeform: BingoBoingo: http://wotpaste.cascadianhacker.com/pastes/365ec022-3b92-4388-ba01-9d92115b8f50/?raw=true << now.

asciilifeform: BingoBoingo: hold off on publication, i'ma revise a bit.

asciilifeform: BingoBoingo: 'at time' ought to be 'at times'

asciilifeform: BingoBoingo: http://wotpaste.cascadianhacker.com/pastes/504e4c41-45db-4774-89bf-447b0269f5c9/?raw=true

asciilifeform: $up judywatson

asciilifeform: BingoBoingo: almost done

asciilifeform: at least, not admittedly.

asciilifeform: afaik koch didn't use zimmerman's code.

asciilifeform: BingoBoingo: i will write it. brb.

asciilifeform: fwiw.

asciilifeform: during my audit of the rng routine, i barfed at the whitening and stopped reading.