log☇︎
200300+ entries in 0.122s
mircea_popescu: BenBE well, while the state of hardware generally is very poor, due to tmsr dilligence this particular corner is actually solved, and so no, wrt rngs the state is fine.
mircea_popescu: FG is, importantly, an ~auditable~ rng. you can audit the thing, and if you do, i'd be very interested to hear the results.
BenBE: It's a sad state related to hardware that we have.
mircea_popescu: this doesn't sum up to all that much does it.
mircea_popescu: can you name the fpga i can both buy and audit ?
BenBE: Any other FPGA should basically do: Original design was a CPLD. So you'd grab one FPGA you /can/ audit the toolchain for and compile the design for that FPGA. It's not too much code.
mircea_popescu: last i heard he had enough of licking acids under the microscope.
BenBE: And I did not say I'd fully trust it --- far too little actual audit work done.
mircea_popescu: well, we don't trust xilinx for critical infreastructure for the ~same reason we don'tr trust windows.
BenBE: Trusting trust. Yes.
mircea_popescu: are you familiar with the thompson problem ?
mircea_popescu: so you are trusting xilinx to actually do what it says ? and this with code that you can't audit ?
mircea_popescu: BenBE who makes the fpga / toolchain ?
BenBE: Multiple rings (3 or 5, would have to lookup in the VHDL file) are XOR'd together when sampling. Thus not one oscillator, but the XOR of different onces.
mircea_popescu: as per that ancient "pi digits are also random, especially if you don't know what pi is" lemma.
mircea_popescu: BenBE FG scores perfection not before seen in ent/dieharder, not terribly sure how much that convinces me.
BenBE: No, only did some tests with dieharder on its output (at 2Mbps) which score several less WEAK in the results.
mircea_popescu: obvious example : does monotonous temperature variation result in more 1's ? something along the lines of "batch 1 we kept at 20, batch 2 we took from 0 to 40 over one hour, batch 3 we took from 40 to 0 over one hour. out of the 10gb worth of entropy recorded in that hour, batch 1 is 50-50 split, batch 2 is 75% 0s, batch 3 is 74% 1s.
mircea_popescu: did you do a mapping of temperature -> entropy or anything like that ?
BenBE: In the FPGA versions they are built of unclocked rings of logic gates (transistors). With the FPGA I use they oscillate at about 150-200MHz (if I read the information of the synth tool correct)
mircea_popescu: can't say i have any experience with said modulation. what are the ring oscillators built out of ?
BenBE: With the WhirlyGig it's temperature-based modulation of ring oscillators. ☟︎
BenBE: What's the entropy source used in those Cardano RNG?
Framedragger: link to original page down but i found https://warmcat.com/2009/05/21/whirlygig-pcb.html and https://warmcat.com/2009/05/21/whirlygig-verification-and-rngtest-analysis.html which may be interesting (and initial intro on https://warmcat.com/hardware%20design/linux%20peripherals/2007/11/24/whirlygig-gpld-hwrng.html maybe)
BenBE: mircea_popescu: http://hackaday.com/2010/02/06/hardware-based-randomness-for-linux/ - unfortunately link to original page is down. Also using a FPGA port (done by a friend, verified against dieharder as a starting point).
mircea_popescu: BenBE where can i get this whirlygig thingee ?
mircea_popescu: i needn't prove it. he doesn't want to be ~guilty~ he keeps out of doing bad things. that simple.
BenBE: I am vary of things he does, will also tell others to do the same, but absent of proof I can't reasonably call him malicious.
BenBE: mircea_popescu: I think there's a difference between suspecting someone of malice and proving it. Cf. Occam's razor.
BenBE: Didn't know that particular project, but have a true RNG based on the WhirlyGig design at warmcat
mircea_popescu: BenBE yes, but here's the extra step : not only do i know koch is an evil shithead who dedicates his time doing evil. i also say it.
mircea_popescu: asciilifeform incidentally, the more i think about it the more i'm convinced the ONLY "fingerprint" for rsa key may be... the modulus. 4096 bits and fuck you, if you can't take 32 chars you don't belong here. ☟︎☟︎☟︎☟︎
mircea_popescu: BenBE do you also know the FUCKGOATS, so as not to ever again use a "prng" for as long as you live ?
BenBE: I asked W.Koch about the PRNG about 2 years prior to the break last year. And even then it had been know for years before that, that the PRNG is phishy but nobody cared to actually step forward and rip it open.
BenBE: Depending on the circles you worked in, you knew GnuPG is broken on several levels. ☟︎
BenBE: OT: I know the guy who recently broke the GnuPG PRNG. He has been working on a project with me for some time
mircea_popescu: yes, in the sense hiv whore also has the flu.
Framedragger: (well it's also technically weak by using a 160 bit hash, etc) :p
mircea_popescu: but to be perfectly clear : rfc 4880 is not technically weak. it is politically subverside, and deliberately so. it consists of the same material that has schneider running around trying to convince people turning their computer in for an ipad is "the way to bright future of socialism", or of the uk cocksuckers that covered up rotherham droning on as to how they have to have everyone's keys to "catch criminals".
mircea_popescu: it is deliberately constructed to weaken rsa ; take the recent http://btcbase.org/log-search?q=%22sha%22+gpg "sha fails, koch-gpg fingerprints are meaningless", which had been foretold here for... years.
BenBE: At least those were the aspects I mostly disliked about it. What were yours?
BenBE: Hard to parse, the RFC is somewhat strange, and possibly other things.
BenBE operates http://pgp.benny-baumann.de/ -> direct access to ingest PGP keys live :)
BenBE: Can't claim I didn't learn anything while preparing to setup my project.
BenBE: But getting everything into place helps alot figuring out how to best optimise your DB, how to perform imports, and so on.
BenBE: It is when you can't handle the vast amount of data it involves (and yes, I know that vast is an understatement here). Alone building a database to manage all the raw data for my KeyInfoDB/Kompromat project is ~500GB (compressed) keys. Automating stuff for grabbing these at their source for import is a chalenge of its own.
asciilifeform: i like him just fine, hence attempt to educate.
mircea_popescu: for a moment there it read as "i don't like $newguy, he might do something stupid." which is silly, let him do the stupid first, not like him after. wtf preemptive dislike.
asciilifeform: and that folks who want to 'embrace and extend' phuctor are on their own.
mircea_popescu: tbh i'm not sure what fellow's trying to do, but anyway.
asciilifeform: mircea_popescu: that 'i'ma write a phuctor but for EVERY!! type of key' is a n00b mistake
asciilifeform: get the published data, verify it, write yet own, learn something!
asciilifeform: and no i am not interested in giving it away as an ornamental flower on some low-effort pile of ?. there is a reason the source is private.
mircea_popescu: you can have the moduli, atm. once a proper standard for rsa key wrapping is decided upon, can also have that. state of the art atm is http://btcbase.org/log-search?q=e%2CN%2Ccomment
mircea_popescu: BenBE trouble is we're moving away from the inept koch standard.
BenBE: Suggstiong: you have all the keys available that make up those dumps. What about using a batch job (once per day) creating a large .pgp file people can download. That's both static and gives people all the information (create UIDs for the extra stuff if necessary)
asciilifeform: also, to answer earlier q: there are already very effective pills against ssl: timing attack, nonce reuse for dsa (you can find existing code)
mircea_popescu: BenBE the problem is that others may attempt to use it and involve you thereby. which is also the whole of their business plan, i'm sure you realise. anyway, the whole thing's moot : proper wot exists, we're using it, the soup can go hang.
BenBE: asciilifeform: 1) No, can use it without (just need to do stuff on the command line then) 2) not a feature you need to use. There's a CLI clint you can audit and use.
asciilifeform: 3) they can serve up whatever as 'your' pubk to others
mircea_popescu: hopefully we don't end up with too many people importing this and then wanting to strangle us when the obviously adhoc tree ends up rebased.
Framedragger: and presumably sadmods as well in the future (again, not yet cached)
asciilifeform: BenBE: 1) they want your privkey 2) they purport to accept 'private' msgs to you, on their www
mircea_popescu: well dot rather than comma, but anyway.
mircea_popescu: Framedragger so then, to get back. next time someone wants what BenBE wanted above the answer should be http://siphnos.mkj.lt/phuctored,html ?
Framedragger: mircea_popescu: the only external-dump link there is sadmods (not yet cached - again, unsure of impact on phuctor performance)
mircea_popescu: BenBE "Shit Restaurant ; Don't Expect No Turds!" ?
asciilifeform: (rss overran faster than deedbot ate)
BenBE: asciilifeform: it's not totally broken (as with GnuPGs normal WoT) in that it makes transparent to not expect too much from it, appart from account associations.
Framedragger: asciilifeform: mircea_popescu: ok, sorry for that then
Framedragger: mircea_popescu: if you check, the hrefs on that index page link to phuctored.html on siphnos etc
Framedragger: asciilifeform: oh, so only the deedbot announcer here on irc excludes some new keys?
mircea_popescu: Framedragger we're not discussing the stats but the meat of the matter. same stuff as is in the link i gave him above (http://trilema.com/wp-content/uploads/2017/04/phuctor_snapshot.html) 3mb or w./e it is
asciilifeform: trinque truncated the rsa in the bot, with ellipsis
mircea_popescu: i wasn'\t aware it does, that's what deedbot uses to pipe here also
Framedragger: mircea_popescu: siphnos url is http://siphnos.mkj.lt/phuctor-stats/ - i don't think 'canonical' can be decided until a sane caching strategy is decided, tho.
mircea_popescu: that's no good then
Framedragger: mircea_popescu: i mean that not *all* new entries are included, rsa truncates, them, too. asciilifeform can confirm tho.
mircea_popescu: Framedragger dja mean rss ? that's the fucking point, to truncate, so you don't keep getting ancient data
mircea_popescu: anyway, so then the cannonical "i want to import list of phuctor-broken keys" should be http://siphnos.mkj.lt/phuctored/ ?
Framedragger: eh it's like facebook, i have a shitty facebook acct, too
Framedragger: i don't think rsa gives all, just 'first 10' or sth
asciilifeform: 'Crypto-Nerd who is allergic to bad crypto.' and uses keybase?!
Framedragger: rsa truncates, etc etc, other methods (pg notify / etc as mentioned by trinque) require asciilifeform's intervention
mircea_popescu: i suppose that method'd be rss
mircea_popescu: need a better method than downloading the whole list of shit you already know every time.
Framedragger: mircea_popescu: everything except sadmods so as not to upset phuctor too much. need to discuss frequency of caching with asciilifeform i think
mircea_popescu: Framedragger do you currently cache the whole phuctored dir ?
mircea_popescu: BenBE as your luck has it we just did a phuctor snapshot, the complete list is at http://trilema.com/wp-content/uploads/2017/04/phuctor_snapshot.html
Framedragger: oh, nice to have all of them at one place, convenient
BenBE: Framedragger: That's one of the resources I will be sourcing my Key Information service from. Contains the private keys for e.g. the OpenSSL Debian Weak Keys (complete)
mircea_popescu: Framedragger possibly didn't manage to get a txn in
Framedragger: unrelated to anything, i'm not sure if my deeding at http://btcbase.org/log/2017-04-08#1640468 worked, as it's not on deedbot.org - or did i misunderstand something? deedbot did say 'accepted: 1' ☝︎
jhvh1: shinohai: The operation succeeded.
shinohai: !~later tell pete_dushenski Entry in bots directory for "Time since last block" has transposed letter, should be `tslb` - Thanks!
mircea_popescu: also the docs for the bots is at http://btcbase.org/log/2016-11-24#1573191 ☝︎
BenBE: mircea_popescu: thx.
mircea_popescu: BenBE now you can self-voice (!!v ) ; do that it'll save us the trouble to up you.
a111: Logged on 2017-04-09 13:48 BenBE: I'm the maintainer of the GeSHi syntax highlighter for PHP, which is used in e.g. Wikipedia for source highlighting of articles. Also working on several crypto-related projects like my own TLS/SSL test, a collection of publicly-known set of compromised keys, an OpenSource management software for handling X.509 certificate issuance for a certificate authority.
mircea_popescu: shinohai dun knock it, might've been the best answer to date. except perhaps that reuters chick.