asciilifeform: must be. unless there are authors not listed in https://www.gnupg.org/people/index.html .

asciilifeform: 'exec summary' for mircea_popescu et al: all gpg keys ever generated have at most 2048 bits of effective entropy. ☟︎

asciilifeform: who can tell me the author of the ORIGINAL routine ?

asciilifeform: e.g., https://archive.is/lYEB5 .

asciilifeform: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=c6dbfe89903d0c8191cf50ecf1abb3c8458b427a;hp=e23eec8c9a602eee0a09851a54db0f5d611f125c

asciilifeform: https://security-tracker.debian.org/tracker/CVE-2016-6313 << ok, click on patches at the bottom, then 'diff', yields the diffs.

asciilifeform: i find it interesting.

asciilifeform: and koch wants people to download ~entire tarball~ of src and rebuild ?

asciilifeform: phf: do you find it interesting that the particular patch is posted nowhere ?

asciilifeform: '...bug in the mixing functions of Libgcrypt's random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and Libgcrypt versions.'

asciilifeform: ;;later tell mircea_popescu https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html << lel ☟︎

asciilifeform: multi-GB data structure though, you would not want it on every node.

asciilifeform: would readily abolish the idiocy with 'wallet watch' mechanism etc. ☟︎

asciilifeform: this would be a handy (optional) item to have in trb.

asciilifeform: ( probably there is a 'last seen' addr-to-blockidx hash table, so we get something like O(n log n) lookup. )

asciilifeform: that was certainly quick.

asciilifeform: ;;balance 1DskTjGvWh5KVbiqnb3vvRFyEmCen1UNzL

asciilifeform: http://esamultimedia.esa.int/docs/esa-x-1819eng.pdf << actual detailed account, unfortunately scanned n-th generation xerox in pdf.

asciilifeform: snore.

asciilifeform: actually nm.

asciilifeform: ^ possibly for mircea_popescu et al.

asciilifeform: in other definitely-not-news, https://accu.org/index.php/journals/1898

asciilifeform: but it would be interesting to learn how it was done.

asciilifeform: it isn't, granted, impossible to optimize this lookup with pre-index

asciilifeform: ..mircea_popescu ?

asciilifeform: anyone know from where gribble pipes ?

asciilifeform: anyone got an obscure one that last saw tx years ago ?

asciilifeform: so potentially cached.

asciilifeform: ^ maybe bad example, it is also famous addr

asciilifeform: ;;balance 1XPTgDRhN8RFnzniWCddobD9iKZatrvH4

asciilifeform: *it cribs

asciilifeform: sooo either gribble (or whatever service is cribs from) did not actually chug through 100G, or the number is approximate ('in last n blocks...'), or.

asciilifeform: or even to simply load it into ram

asciilifeform: Framedragger: how long does it take to grep a 100G file on your system ?

asciilifeform: (anyone have link to gribble src ? does it keep the 100+G in ram?!)

asciilifeform: how long to walk 100G ? ☟︎

asciilifeform: there are ~100+G of blocks now.

asciilifeform: ;;bc,stats

asciilifeform: http://btcbase.org/log/2016-08-17#1523424 << at least a minute ? ☝︎

asciilifeform: http://phuctor.nosuchlabs.com/gpgkey/614469D3EF6BF58C797FFD118727304F76F2C921CF1C3419CBF99AFAF8E7A225 << it.

asciilifeform: fwiw.

asciilifeform: via fermat probe.

asciilifeform: found on same day.

asciilifeform: it is not the khadeer modulus, but the 'xss attack' one.

asciilifeform: http://btcbase.org/log/2016-08-17#1523442 << actually this is wrong, ☝︎

asciilifeform: expect to see moar butthurt scampering a la boeck et al.

asciilifeform: we - turn them over.

asciilifeform: the cockroaches assumed, lived entire life, that no one will ever turn over the rocks.

asciilifeform: if a new one is discovered tomorrow - i will consider it, also.

asciilifeform: theoretically any ~inexpensive~ attack, such that i can do it against the whole collection of mods, is fair game.

asciilifeform: betcha it will pop a few moar.

asciilifeform: some time next we will have pollard's test.

asciilifeform: will also pick up q == nextprime(p), say.

asciilifeform: (e.g., the degenerate case, perfect square, as above.)

asciilifeform: which picks up any mod where the factors are obscenely close together.

asciilifeform: Framedragger: we have fermat test.

asciilifeform: ('flipolade' can contain arbitrarily short, or long, factors, in any quantity)

asciilifeform: which, iirc, was 16384-bit.

asciilifeform: not to be confused with 'longest modulus for which we have a factor'

asciilifeform: the one where (NextPrime(2^1023))^2.

asciilifeform: incidentally it is the khadeer & co. modulus. ☟︎

asciilifeform: mircea_popescu: correct. as seen above.

asciilifeform: PeterL: http://btcbase.org/log/2016-08-11#1518347 ☝︎

asciilifeform: not to raid on the parade, but must point out, phuctor is not a collection of peculiarly-small keyz...

asciilifeform: (not quite relatedly, why was gribble able to answer the 'balance' question so quickly ?)

asciilifeform: more how wright would do it.

asciilifeform: l0l!

asciilifeform: ;;balance 19BY2XCgbDe6WtTVbTyzM9eR3LYr6VitWK

asciilifeform: mircea_popescu: dunno that 'send a non-refundable bid, and oh also price is 1 MIL BTC' counts as 'for sale', more of elaborate gag

asciilifeform: ( the thing that is not clear to me is what part of this leak prevents even a single parcel from being intercepted, with old ~or~ new cisco rubbish in it, and patched to admit the cock, supposing any of these devices even ~need~ such treatment, given that the master keys are escrowed already )

asciilifeform: there were a few.

asciilifeform: in most of the samples, the actual exploit used to get control of the box is not stated, quite likely it consisted of 'interdict the parcel'.

asciilifeform: well, the ciscolade etc. is particular to 7+ y.o. fw.

asciilifeform: who/where

asciilifeform: which - imho - it very likely is.

asciilifeform: if boeck had posted same pile, mircea_popescu would immediately recognize it as 'burning old holes'

asciilifeform: lel

asciilifeform: none of it is even 'heartbleed'-grade.

asciilifeform: ~none of the affected systems are in use today outside of the most godforsaken orclands.

asciilifeform: (and certainly not interesting enough to disclaim 'hangout' hypothesis.)

asciilifeform: i even believe in the authenticity of the cisco crud, it is simply not esp. interesting

asciilifeform: or similar.

asciilifeform: i'll believe, when, e.g., the recipe for taking 100MB of aes ciphertext and distilling out the key, is posted.

asciilifeform: 'crown jewel' is, at the very least, something nontrivial from cryptodirectorate.

asciilifeform: this position has never changed.

asciilifeform: cisco garbage is not 'crown jewel' to asciilifeform .

asciilifeform: in other not-quite-noose, https://archive.is/gsdsL << summary of nsa turd. accurate per my own read.

asciilifeform: hence http://btcbase.org/log/2016-08-04#1514935 . ☝︎

asciilifeform: mass of chumps is modelled as idiot machine, that dun care that you had previously tried 999,999,999 wrong passwords, etc.

asciilifeform: mircea_popescu: the 'split fuzzing', note, is how lizard folk approach virtually ~every~ problem - even the production of 'musicians' by disney, etc.

asciilifeform: sequel: ... the general puts on brown pants, epic battle, he shits pants, loses half of army, but - just barely - wins. but next years... 'sir, whole army of the turk is here.' .... 'bring my miniskirt.'

asciilifeform: edia...'

asciilifeform: experimented successfully with storing a double-digit million sum of euros in cash at what the insurer describes as a manageable cost. A few other German banks, including Commerzbank, the country's second-biggest lender, have also considered taking the step. But when a Swiss pension fund attempted to withdraw a large sum of money from its bank in order to store it in a vault, the bank refused to provide the cash, according to local m

asciilifeform: 'After the European Central Bank's most recent rate cut in March, private-sector banks are paying what amounts to an annual levy of 0.4 per cent on most of the funds they keep at the eurozone's 19 national central banks. ... but private bankers and insurers are already thinking of creative ways to avoid those charges altogether. One way is by turning the electronic money they keep at central banks into cold, hard cash. Munich Re has

asciilifeform: http://www.cnbc.com/2016/08/16/banks-look-for-cheap-way-to-store-cash-piles-as-rates-go-negative.html << more lulz

asciilifeform: i have them here.

asciilifeform: Framedragger: the man had two - entirely acceptable - school textbooks on common lisp, in 1990s.

asciilifeform: 'no scripts are new' (tm) (r)

asciilifeform: mircea_popescu: this is almost literally what played out in the heathen pit today.

asciilifeform: the particular flavour of tptacek's dismissal of phuctor suggests that it was his 'now do your duty' moment.