asciilifeform: fromphuctor: however, the factorings are reproducible - you can dump modili with 'pgpdump', and any bignum calculator - e.g., 'bc', or ordinary python repl, can multiply the factors.
asciilifeform: mircea_popescu: my best hypothesis is a) khadeer generated key with, e.g., 'jihadcrypt' b) winblowz gpg with the memcpy from rng nopped out by ???
asciilifeform: no longer work. A protection mechanism against that was implemented in version 3.8.3. '
asciilifeform: 'The way the MatrixSSL team "fixed" the miscalculation issue is not really satisfying: They now restrict the input to the pstm_exptmod() function to a set of bit sizes (512, 1024, 1536, 2048, 3072, 4096). My test input had a different bit size, therefore I cannot reproduce the miscalculation any more, but the underlying bug is most likely still there. ... Despite the fact that the bug may be still there the CRT attack will probably
asciilifeform: ' A common way to speed up the calculation of RSA signatures is an algorithm based on the chinese remainder theorem (CRT) that splits it up into two smaller calculations. However if one of these calculations goes wrong an attacker can learn the private key. Last year Florian Weimer observed that various devices had this error and he could extract their keys. He recently mentioned...'
asciilifeform: ' I just discovered a somewhat similar issue in Nettle. They switched their RSA implementation from GMP's mpz_powm() function to mpz_powm_sec(), which is supposed to be sidechannel resistant. However mpz_powm_sec() is no drop-in replacement. Unlike mpz_pown() it doesn't accept even moduli and crashes with a floating point error. Therefore when trying to use a specifically crafted RSA key with an even modulus this will crash. '
asciilifeform: 'If one tries to calculate a modular exponentiation with the base equal to the modulus (a^b mod a, code) it would return an error. If one tries to calculate a modular exponentiation with the base zero (0^b mod a, code) it would crash with an invalid free operation, potentially leading to memory corruption.'
asciilifeform: 'In March a Frenchman was actually jailed for sending his ex-girlfriend the pistol emoji, in what was interpreted as a threat. What if a joke sent from an Apple user to a Google user is misconstrued because of differences in rendering?' << lel
asciilifeform: mao's 'cultural revolution' - in fact, had a brief episode of nearly this, with the 'backyard steel' thing
asciilifeform: to move yet again up the stack: mining machinery is improved by engineers, who - if not went to a school, at least are literate - rather than by gawkers who 'drinkin' beers, beers, beeers' in front of the mine, suggest 'hey bubba let's weld on a SHIT HANGING OFF THE SIDEZ'
asciilifeform: and yes, flexed hydraulically, like cock.
asciilifeform: well yes, there is sometimes a side drill
asciilifeform: could just as well paint walls, pick strawberries, etc.
asciilifeform: hey recall my proposal for standing-wave flexing cable ?
asciilifeform: it isn't that the machine has never, or could never again, be improved, but that it can stand and work without gathering crowd of 'train pushing face' who want to weld forks, knives, onto it, to 'improve', and be paid for the privilege
asciilifeform: note that somehow real bulldozer can work without attracting army of adult 'improvers'
asciilifeform: there are fields with crystallized sanity, or at the very least sufficiently well-known hard priors, to make the sort of festering gangrene we live with here, quite unthinkable.
asciilifeform: nobody's maggoting on reactor - or even bulldozer - design.
asciilifeform: for so long as maggoting on software is even ~thinkable~, the upper echelon of 'aspirational' maggots will bang on the door, and some - will get in.
asciilifeform: it is a necessary thing, but not a solution to the infestation in question
