168200+ entries in 0.145s
erlehmann: maybe i am not clear enough: i did not get
to hold a
talk so i
talked
to random c developers for fun.
erlehmann: mircea_popescu like,
ticket? it was camping, mostly
erlehmann: one lulzy consequence is
that a lot of software might have been released with sublty wrong header files included
erlehmann: mircea_popescu i wanted
to give a
talk about non-existence dependencies at SHA 2017 and it was rejected with “provide a 5min lightning
talk on problem instead”. problem: 5min are enough
to understand
the problem, not why you are having it or what follows from it.
mircea_popescu: asciilifeform i guess when he comes back from
the mpfhf reverser ima make him do a keccak impl
that ACTUALLY does
the any-output
thing. afaik
they're all 32/64byte
erlehmann: 4. yes
the effect matters. we can patch make,
though
erlehmann: 3. yes,
this is not detectable, but
the effect is negligible
erlehmann: 2. yes,
this might be a problem for some, but it never happens
to me
erlehmann: 1.
this is not a problem at all in my process
mircea_popescu: asciilifeform most importantly, do we ACTUALLY want
to do something pgp-retarded like say R.len = 200 bytes, repeat
the last 50 for a 250 byte
total
then use
the repeat
to make sure you decrypted correctly ?
erlehmann: because
the reaction of most people
to it is
erlehmann: mainly i realized why my
talk
to
the conference was rejected
erlehmann: mircea_popescu one person hallucinated having seen
the elusive djb redo c code
that ultimately did not exist. another person was a release manager and made sure
the problem does not exist. a
third person wrote a cmake
thingy longer
than my own redo implementation. a freebsd developer confirmed
the problem exists.
mircea_popescu: to encrypt :
take plaintext message M, no longer
than 250 bytes, and zero-pad it
to 250 bytes.
take pile of random bits R 250 bytes long. calculate X = M xor R. calculate Y = R xor MPFHF(X) set for R.len = 250 bytes. RSA
the 500 byte pile of X || Y. done.
to decrypt : de-RSA
the 500 byte pile. cut it in
two halves. calculate R = Y xor X. calculate M as X xor R. done.
☟︎ erlehmann: indeed, one part of
the solution is
to return
to earth
a111: Logged on 2014-11-26 01:11 asciilifeform: 'I’d like
to see one expression coined by
the poker writer Matt Matros become common parlance, since it applies far more widely
than only
to poker. An “alien problem” means some problem
that might be fun, interesting and educational
to analyze, and it would be really important
to know
the solution if you ever found yourself in
that situation, but
the point is
that you shouldn't even be having
that problem in
the first pl
erlehmann: asciilifeform
the goal of
the game is
to make dev aware of context being insane
erlehmann: something involving a goedelized perl script
that builds all build rules
that don't build
themselves. drugs were probably involved.
erlehmann: the solution
turned out
to be a non-solution btw
erlehmann: asciilifeform correct.
the
talk begins with me mentioning non-existence dependencies and ends with
the recipient either having a solution (one guy), being aware of
the problem already (i counted
two) or being unaware of it but being aware
that
their software is a lie.
mircea_popescu: erlehmann it's a pile of patches. how
the compiler optimizes
the rebuilding is irrelevant ; if you change one file it can rebuild
the whole
thing or not ; but v still only changes
the one file and still doesn't have
the problem.
erlehmann: they are only arguably
the most common one
erlehmann: asciilifeform C header files are only one instance of such non-existence dependencies where existing of a
thingy invalidates
the assumptions
that went into building another
thingy.
mircea_popescu: letting him "figure for self" at
this juncture is unsanitary.
erlehmann: asciilifeform
that is one possible answer
to
the
think.
the
thing
that starts
the
triggering is usually a combination of said devs using make and realizing
that
this is, indeed, a problem.
mircea_popescu: asciilifeform anyway, let's sit down and make something sane for
this guy. peterl i mean. what's his message supposed
to be like ?
erlehmann: if A or B start
to exist,
the
target also needs
to be rebuilt.
that is a non-existence dependency.
erlehmann: if C changes,
the
target needs
to be rebuilt.
that is a dependency.
erlehmann: 2. look on while almost all of
them develop
the exactiy same
train of
thoughts (including fixing make, which is impossible for
this kind of program)
erlehmann: 1. mention non-existence dependencies
to people who know C and/or C++
mircea_popescu: otherwise why implement a ptron rather
than simply a rsatron.
mircea_popescu: but in my own mind
the "well alf is making P" pretty much was "he's walking
to path
to both cs and rsa impls
to
the furthest node"
mircea_popescu: afaik pretty much
the only candidate besides rsa itself.
mircea_popescu: i
thought
there's consensus re offering c-s in
teh
tmsr cryptotron
mircea_popescu: pubkey crypto dunb enter into it,
this is a discussion of signature hashing (digests, really) schemes.
mircea_popescu: the statement is
that if pss is used atop rsa,
then baring poor implementation a forgery is going
to cost more
than what reversing rsa costs.
mircea_popescu: but, it given, it's no wonder all cars migrating
to being
the same engine in different plastifications.
mircea_popescu: it's incomprehensible
to me, how
this "i moved from a forum
to a ... forum"
thing works in
the public's mind.
BingoBoingo: Not really made a blog. Started making posts on platform
that it seems some other folks made.
a111: Logged on 2017-08-01 23:43 mircea_popescu: i suspect steemit is a sort of how did
they call
that alt-disqus/alt-github "let us steal your content"
thing ?
a111: Logged on 2017-08-09 18:37 mircea_popescu: xor
the bytes ?
mircea_popescu: (ftr,
the way pgp does it is
that it repeats
two bytes of a more or less random block of 16 bytes, and
then checks if
they came out
the same.
this is in fact WORSE
than
http://btcbase.org/log/2017-08-09#1696023 but
then again contemporary applied cryptography is a very low effort, low quality field).
☝︎ mircea_popescu: and incidentally, pss should prolly be in
the final
tmsr-rsatron huh.
mircea_popescu: so you want
to
take a message m, add
that many random bits
to it, and
then add
twice
that many bits as a hash of
the pile,
thereby using 25% of
the space for
the plaintext ?
mircea_popescu: trying
to stuff a mac or something in
there will make
the bondogle regret
the days of
the aes/rsa combo.
mircea_popescu: asciilifeform yes, well, everything has problems. but
there's a difference between using a crc as hash and using a crc as checksum ; and using say sawed-barrel keccak (take first or last x bytes, whatever) isn't all
that good because it's really not designed for fragment behaviour like
that, nor was such studied
PeterL looks, finds a .py standar lib function for
this: binascii.crc32
PeterL: asciilifeform: ^ what would be
the downside of using crc for
this?
mircea_popescu: and with
this, PeterL finds himself exposed
to galois fields, polynomial division, and
the rest of
the "easy
to implement and straightforward" jewels.
PeterL: I do find it annoying
that long messages get split, but I guess it is not
the end of
the world or anything