tmsr - Search: a

161400+ entries in 1.204s

Hasimir: alright then, take a crack at mine, same one as used with -otc and in my /ns info

assbot: Logged on 20-05-2015 11:53:36; *: mircea_popescu underscores the ~probably~. it is not a certainly. not yet at least. moar uranium has to be mined first.

mircea_popescu: you can create a key for obama and sks will list "obama's" key.

ascii_field: Hasimir: understand, someone can create a key containing an rsa modulus of the kind described here using a modified copy of your, e.g., el gamal, key

mircea_popescu: ascii_field except a modulus does not exist outside of a key.

mircea_popescu: if he also has a rsa key by the same name, he will be in the list of rsa keys.

mircea_popescu: in general, one's at liberty to create a Patented Leather Assymetric Key and give it his name

mircea_popescu: the way text works is that the reader has the job of forming a mental image that does not contradict the text.

mircea_popescu: it's a rsa factorization service.

Apocalyptic: and yes if found in the wild, the assumption you are making is a safe assumption

Hasimir: ascii_field, then claiming to have derived the private key is a wee bit disingenuous

ascii_field: Apocalyptic: there is a reason why generating proper rsa keys is cpu-expensive

mircea_popescu: Apocalyptic well sure, theoretical theory. but if you run a factorizing algo on any of the keys you'll see they break apart.

ascii_field: the experiment specifically concerns moduli, not keys. a key contains zero or more rsa moduli

Apocalyptic: <mircea_popescu> Apocalyptic finding a small factor is not inherently breaking a specially crafted key that was made to have that one small factor, yes. // this is all i was arguing :)

mircea_popescu: Apocalyptic finding a small factor is not inherently breaking a specially crafted key that was made to have that one small factor, yes.

mircea_popescu: lemme fish them out for you a sec.

Apocalyptic: i'm just trying to show that finding a small factor is not inherently breaking the key

mircea_popescu: anyway, you could just run a probabilistic test on it.

mircea_popescu: Apocalyptic well, "totally broken". depends what you're trying to do and so on. having a known small factor is already breakage

ascii_field: at the moment, i would like to collect a sample of material signed with one of the -legit- keys for which a 'magic' key exists

scoopbot_revived: frantic activity as a defense against impotence - with poop! http://cascadianhacker.com/blog/2015/05/20_frantic-activity-as-a-defense-against-impotence-with-poop.html

ascii_field: i will do a proper tally shortly

ascii_field: http://security.stackexchange.com/a/89718/76928

Apocalyptic: (note that this isn't even stricly a RSA key anymore)

ascii_field: the result is essentially same as using a random integer as a modulus

Apocalyptic: I mean you can get a standard 4096-bit sane RSA key, multiply N by 3 and there you go

Apocalyptic: in the sense of finding a prime factor of a modulus that has more than 2

davout: can someone explain to me how i'm able to malloc into existence more than 1tb, fill the first byte with some random int, and have valgrind report the massive allocated space. all this with a whopping 4gb ram and 512gb hdd?

mats: fun fact: windows 8.1 will sometimes triple fault when bugchecking when a kernel debugger is attached

ascii_field: 'Unpaid Intern is, as the byline properly describes, an unpaid intern. Unpaid intern is a fresh-out-of-school, wide-eyed journalism grad who thinks one day they will make it to the New York Times. In the meantime they are stuck here, so they better get used to it.'

bitstein: "Mr. Lawsky, who has spent his entire two-decade legal career in government, plans to open his own firm and serve as a lecturer at Stanford University, people briefed on the matter said." http://www.nytimes.com/2015/05/21/business/dealbook/benjamin-lawsky-to-step-down-as-new-yorks-top-financial-regulator.html

assbot: 1 results for 'private eye from:mircea' : http://s.b-a.link/?q=private+eye+from%3Amircea

mike_c: no.. oddly vague about that. doesn't seem to be a firing.

mike_c: I have 2nd. 20th anniversary looks like just a PR thing? not different content?

mircea_popescu: "In all these instances, data reporting and processing rules were changed during the year for no other reason than to paint a more favorable picture. Maintenance problems were determined to be so severe that the F-35 is only able to fly twice a week."

BingoBoingo: The silliest thing about the F-35 clusterfuck is the US had a decent somewhat stealthier plane in the F-22 coming off the line in flyable shape and... It was too expensive. Nao it would have been cheaper.

mircea_popescu: "In March 2013, USAF test pilots, flying with pre-operational software that did not utilize the all-aspect infrared AAQ-37 DAS sensor, noted a lack of visibility from the F-35 cockpit during evaluation flights, which would get them consistently shot down in combat."

mircea_popescu: so they built a spitfire ?

ascii_field: (and i'm still at a loss to craft a situation where gpg's p and q will occupy varying number of 'limbs' and lead to catastrophe in the given line)

mircea_popescu: to a simple programming error."

mircea_popescu: Diffie-Hellman key exchange parameters (coming from PKCS#3) is a

mircea_popescu: generator g ... This substitution of q for g is likely due to a

mircea_popescu: but this is a fighter jet, right ?

mircea_popescu: maybe i miss something, but why do you want a plane to helicopter ?

mircea_popescu: heh. it also only has 2 a-a missiles ?

mircea_popescu: everyone's a dancer while sitting down.

assbot: Logged on 20-05-2015 06:57:41; isaackl: And if Balaji is a USG shill he's a damn good actor

mircea_popescu: 25 ppm occurences can very well be a tiny pore in an otherwise solid implementation.

ascii_field: anyone know a winblowistic implementation of pgp ? as in, actually using microshit's api

mircea_popescu: i seem to recall seeing a step-by-two dance ? aha ?

mircea_popescu: "Some widely deployed RSA implementations choke on big RSA public exponents. E.g. the RSA code in Windows (CryptoAPI, used by Internet Explorer for HTTPS) insists on encoding the public exponent within a single 32-bit word; it cannot process a public key with a bigger public exponent."

mircea_popescu: ascii_field got a moment to peer review article ?

Hasimir: I returned to playing in order to make a good habit of it by the time senility struck in order to stave it off ... then discovered that years of IT logic paid off in unexpected ways

ascii_field: sorta the mental equivalent of a crowded hard disk. not quite same as senility

Hasimir: mircea_popescu, well, listing a hundred and something frequent posters to gnupg-users with the statement "we probably have your private key" does imply a certain degree of breakage

Hasimir: mircea_popescu, a ref. to a particularly hard-line stance taken by some people on gnupg-users

assbot: Logged on 20-05-2015 16:13:53; mircea_popescu: asciilifeform do you remember where the fuck is that discussion about how a good hardening approach is to deviate from the toolset the attacker might reasonably expect to find is ?

Hasimir: no, not seriously, there's a big difference between some bunch of people with crap entropy sources and rsa being borked

Hasimir: it's currently in a branch of git.gnupg.org/gpgme (to be merged with master when I finish cleaning up the last of the ancient examples)

mircea_popescu: Hasimir mind giving a self-intro for they such as myself that apparently know you from 3rd parties but otherwise not ?

Hasimir: meh, 2.0 is such a waste of time ... 2.1, however, comes with all manner of entertainment

mircea_popescu: http://log.bitcoin-assets.com/?date=20-05-2015#1139728 << there's a reason nobody (tm) is using it. ☝︎

Hasimir: that would be such a let down

assbot: Logged on 20-05-2015 00:42:58; decimation: so can someone explain why the nyse would have a bitcoin index without any actual bitcoin-backed securities for trade?

danielpbarron: I noticed you've got a +4 in my L2 and a 0 in assbot's

Naphex: mircea_popescu: a good attacker will do discovery, and map everything ahead of time. while there are some pluses into deviating from the toolset. they mostly come from building your own. which is going to end up better fitted for the task

mircea_popescu: asciilifeform do you remember where the fuck is that discussion about how a good hardening approach is to deviate from the toolset the attacker might reasonably expect to find is ? ☟︎

mod6: lol, they used to have this "rabin-miller" function in the first import of gnupg (as so it's dated) that takes a paremeter "MPI n" and then does nothing and returns 0; http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=cipher/primegen.c;h=07d83d8314d8588e4f425a4d171fc41ebb3be4a9;hb=5393dd53c5e06f0458949217317601b2eaed8350G

mats: going to a music festival this weekend then san diego

mod6: ahh, i see, you gotta pick the bases for a randomly.

mod6: by the end of the night i was digging into prime selection. gnupg does fast fermat checks in several places, but im starting to wonder if it wouldn't also be benificial to just check against a list of "Carmichael numbers"

assbot: Logged on 20-05-2015 00:29:41; mod6: take a look at this: http://dpaste.com/0SQPBKC.txt Is there any reason when allocating the space for p & q to do Eulers totient they would initialize the space with 'p' and 'p', instead of 'p' & 'q'? ☟︎

mircea_popescu: http://log.bitcoin-assets.com/?date=20-05-2015#1139680 << speaking of this, am I the only one nonplussed by all this "we use <<best practices>> fixed exponent" bs ? it's an unavoidalbe magic number , okay, but it's tyhe sort that should eminently be a knob for the user. a proper gpg would have e user-settable at the key generation phase (with 65536+1 as a default, sure) ☝︎☟︎

fluffypony: and a bunch of Romanians came

fluffypony: had a meetup in Brussels last night

fluffypony is on a train to Paris

Helvetik: Sorry, I juste speak a little english. I'm here for to talk with davout

mircea_popescu: (for the record : the life of a smerd, like that of a kholop, was worth 5 grivna. that's about enough metal to make a decent shovel - roughly speaking the smartphone of the time)

assbot: Logged on 25-03-2014 20:41:18; asciilifeform: ght run as follows: Today we've got a friendship evening with shit-eaters', or Today we're having some shit-eaters to dinner. Prepare a suitable menu'.'

assbot: Logged on 25-03-2014 20:41:17; asciilifeform: Officially, all Soviet representatives regard these parasites with touching feelings of friendship, but privately they call them 'shit-eaters' ('govnoed'). It is difficult to say where this expression originated, but it is truly the only name they deserve. The use of this word has become so firmly entrenched in Soviet embassies that it is impossible to imagine any other name for these people. A conver

mircea_popescu: instead of parading them naked through the streets with a "i was a fucktard and am now sorry" thing around their neck, they let them sit around for twenty years coming up with reasons as to how their idiocy "wasn't really all that bad". ☟︎

mircea_popescu: d) god shapeshifts into a large oil find

mircea_popescu: a) god hath decided to give free herring out in the scania sounds. consequently, swedes now have a kingdom

assbot: Logged on 19-05-2015 19:21:04; decimation: mircea seems to credit the german geography for why 'nordic freedom' 'seems to work'. but I suggest it is the people themselves - having been beaten by the romans for centuries, and then forced by the church to mate outside their immediate family, they developed a concept of 'kinship' beyond L2 cousins

mircea_popescu: http://log.bitcoin-assets.com/?date=19-05-2015#1139522 << it's a thing, yo. the history of "nordic countries" (post roman empire, because pre that history consisted of being pretty much the pasthun of the time, raped with a sharpened stake covered in burning greek fire) is like so : ☝︎

mircea_popescu: http://log.bitcoin-assets.com/?date=19-05-2015#1139507 << "a state of anarchy" is even better. like this glass being full of empty. ☝︎

mircea_popescu: iguess someone really should write a reasonable, 500 page, college degree (any field, proper) required to read crypto overview

asciilifeform: not a bad place to start. but very bad place to end.

davout: i can't read books on a screen

mircea_popescu: it's the equivalent of a tractor that just plowed through virgin land. all those delicious worms!

asciilifeform: then it'd be a mega-hit.

mircea_popescu: asciilifeform there is a pgp for mac thing yes

asciilifeform: apple, afaik, doesn't sell a pgptron

asciilifeform: mircea_popescu: i suspect that the 'apple product safety' thing is a target. that is, folks filing bug reports 'confidentially'

asciilifeform: betcha some of the magickeys show a legit evil32.com

assbot: 1 results for 'short id' : http://s.b-a.link/?q=short+id

assbot: Logged on 20-05-2015 12:54:33; asciilifeform: until i saw the auto-updater crud, my most parsimonious hypothesis re: the matter treated in last section of mircea_popescu's article was that the buggers built a straight chumpmagnet, where lusers would search sks for email addr. of someone or other, and end up with latest key (try it) displayed being one of the 'magic' ones

davout: http://log.bitcoin-assets.com/?date=20-05-2015#1140245 <<< the correct way to perform such an attack would be to also generate a short keyid collision ☝︎

asciilifeform: but 'unfrags' to keep pace if you're on a real computer