200400+ entries in 0.128s
jhvh1: That's a lot of words
to not
tell me who your daddy is.
BenBE: I'm
the maintainer of
the GeSHi syntax highlighter for PHP, which is used in e.g. Wikipedia for source highlighting of articles. Also working on several crypto-related projects like my own
TLS/SSL
test, a collection of publicly-known set of compromised keys, an OpenSource management software for handling X.509 certificate issuance for a certificate authority.
☟︎ mircea_popescu: BenBE
this imho stuff is no good because we don't know who you are. who are you ?
BenBE: Well, IMHO it's not
that most crypto is bad. It's
the systems it's used in. Plus, most systems are quite fixed on one particular algorithm yielding an easy-to-attack ecosystem.
mircea_popescu: well, hopefully
this problem gets resolved by crap not making it into
trb-i
BenBE: Thus exactly
the information you need
to attack
those keys by looking for nonce reuse isses.
BenBE: mircea_popescu: Mostly
the Certificate
Transparency logs used by browsers, block chains used in many (if not most) crypto currencies. All public records containing both public keys and signatures made by
them.
a111: Logged on 2017-04-07 14:17 asciilifeform: if i had insisted, phuctor would still be a waited-for
thing
mircea_popescu: that's kind-of
the principal impedance mismatch
tmsr gotta deal with :
the natural membership is highly
technically skilled, which in general comes out of a
tendency
to focus and follow in depth.
this means it selects for a certain bias in
task seleciton. however, due
to
tactical considerations, most of
the useful work is exactly opposite.
BenBE: There's quite some EC in use currently. And be it all
those "transparency logs"
mircea_popescu: and especially as a small and high mommentum entity you DO NOT want
to go chasing any "large investment upfront payout way later" deals. so much "low investment payout over
time in exponential fahsion" holes still available.
Framedragger: you may be underestimating
the scope of EC crypto in use on
teh world. (then again, why should one care about a broken world anyway, sure)
BenBE: Lacking
the resources for performing
the ECDSA part right now anyway (thus low on
the priority list)
Framedragger: i don't personally
think it's a completely wasted effort if any backdoors in parameters are opened up
to all, vs. just
the owners.
mircea_popescu: seems if you were going after ecdsa you'd attack
the curves not
the keys. kind of a wasted effort seeing how
the curve authors already know
the holes and why
the fuck would i bother when blacklisting works so well. but anyway.
BenBE: mircea_popescu: I planned on DSA/ECDSA, but
that's quite low on
the priority list right now. Attack on both works somewhat different and requires data collection not as easily obtained as with RSA.
mircea_popescu: anyway,
that's my stance : it is pointless
to inquire in
the mathematical security of x.509 and related source schemes, because
they are not secure by design anyway.
mircea_popescu: "But doc, had
THIS not killed him, what would have next ?"
mircea_popescu: you're asking me
to find
the second-possible cause of death of a corpse.
mircea_popescu: are
they verizon issued ? or whatever
the imperial anointed scammer involved with
this racket is
mircea_popescu: i guess could
try and fish out
the actual rsa keys from self-signed certs maybe
mircea_popescu: i
thought it's a 100% imperial racket,
they use whatever faux crypto currently fashionable.
Framedragger: mircea_popescu: sure. but
there are rsa keys in
https certs out
there. but yet
to be empirically approached and estimated, sure
mircea_popescu: i dun expect we're going
to be doing anything but rsa because well... how ?
mircea_popescu: Framedragger phuctor being a republic item it can only eat realities. how is it going
to eat "evanghelical church" ? bitch, unwrap your branding, what is it ?
mircea_popescu: shinohai seems easier
though
to chase you
to drop it
than
to add it
to
the log standards.
Framedragger: eh
there was a plan for phuctor
to ingest
these certs,
too, i
think?
shinohai: I need
to dig deeper into
that, last attempt at removing
the <> resulted in breaking
the whole damned
thing because python is a
turd.
mircea_popescu: shinohai could it nuke
those <>; it fucks up
the logotrons
shinohai: Pills are like phone apps in America it seems. "Oh you have
the sniffles?
There's a pill for
that!"
mircea_popescu: the way
to paradise is paved with other people's deglutition.
mircea_popescu always prefers
to
treat all conditions with pills ~other people~ swallow.
mircea_popescu: shinohai much better :
the cocke you feed
to
the girls!
shinohai suddenly remembers cocaine has properties
that make it almost as effective as dick pills .....
mircea_popescu: and where
the hell is
the "oh, cocaine, will get you high!!1" spam.
BenBE: Getting
the keys from
the website is possible, but needing
to scrape
them is somewhat a bad solution (for all sides).
The project I'm currently working on is an information service where you can ask for a public key or its fingerprint and
the service will
tell you some stuff about
that key (type, where it was used before, has it been factored, is it sensibly sane, compromised and so on.
mircea_popescu: what
the fuck are all
these people with penis pill spam still doing. seriously know, it's been out what, 20 years ? anyone who wants it has some / knows where
to get it. who
the fuck goes "oh, wow, check it out, penis pills! ima get myself sum o dat!"
mircea_popescu: asciilifeform linked a dump at some point, check
the logs.
the principal parts are a sks+trims (keybase, whatnot) dump
that might be still available,
though 2 years back in logs, and Framedragger 's ssh scan results, which he might share with you.
a111: Logged on 2017-04-09 02:34 danielpbarron: shinohai, no i would not. might be adult swim bidding it up as a promo. On related note, wendy's fastfood chain is helping some highschool kid break world record retwats
to promote
their "chicken" nuggets. more
than a million bots obliged in one day. goal is 18 million
BenBE: Are
the keys mentioned in
the stats somehow available as e.g. one big PGP dump file each?
a111: Logged on 2017-04-08 22:44 asciilifeform:
http://btcbase.org/log/2017-04-08#1640534 << gurl dun like
the disciplinary-sanitarium of 'civilized society' and gets diagnosed, unsurprisingly, with вялотекущая шизофрения (tm)(r)(su)
Framedragger: relevant folks may be afk right now,
tho. best
to hang around after asking :)
jurov: ben_vulpes: as
they say - "moved networking
to own
thread. now i have
two problems."
ben_vulpes: so if i have a `std::map<ktype, std::vector<vtype>> stuffMap`, is it legal
to say `stuffMap[k].push_back(newV)`
shinohai shudders at
the
thought of no samovar, would have pointed
them
to Eulora
a111: Logged on 2017-04-08 21:17 phf: well, fwiw i've no idea if you can make clim non-ugly (i'm not even sure at
this point what "ugly" means. you certainly can't
trivially make it look
the way "people come
to expect")
a111: Logged on 2017-04-08 19:53 jurov: coinbr orders fixed. mircea_popescu pls
to process
mircea_popescu: NO FUCKING SAMOVAR. wtf is even
the point, call it russian wanna-be house
then
mircea_popescu: but, get
this. i ask for
tea, girl promises in approximate spanish (do youspeak english ? nope. french ? nope.)
that she'l;l show me. comes over with a bunch of early grey paper bags and cups of hot water.
mircea_popescu: actually...
the "russian rock concert" was a chick barely qualified
to be
the hottie in average senior hs class doing karaoke. her jeans were adorned with a scarf underlining her completely virginal inability
to use her hips, and moreover she had one motor glove on, so it's ok.
ben_vulpes: danielpbarron: i enjoy
the wendy's
twitter
shinohai: hah mircea_popescu .... you survived
the Russian chicks WITH NO POGROM!
a111: Logged on 2017-04-08 17:37 Framedragger: certainly not worth your
time. and i understand. just find
this 'call
thief by default' funny; but it's probably borne of experience, simply
mircea_popescu: sooo... i went
to
this russian bath/blinyi house for a... russian rock concer.
danielpbarron: shinohai, no i would not. might be adult swim bidding it up as a promo. On related note, wendy's fastfood chain is helping some highschool kid break world record retwats
to promote
their "chicken" nuggets. more
than a million bots obliged in one day. goal is 18 million
☟︎ ben_vulpes: from
the interesting-claims-department: "we show
that our
targeted stack-spraying approach allows attackers
to reliably control more
than 91% of
the Linux kernel stack, which, in combination with uninitialized-use vulnerabilities, suffices for a privilege escalation attack."
shinohai: Are you
THAT BIG a fan danielpbarron
that you'd pay ~83 BTC for some sauce ?
shinohai: "We didn't listen
to her, and now it's
too late"
ben_vulpes: phf: i would be happy
to
try living in either of
those 'ui's
ben_vulpes: jurov: qt necessarily requires performing networking on
the ui
thread?
jurov: however, i personally have no issues with ugliness. i hate most if it opaquely monopolizes event loop (like qt) and
then networking is a problem
phf: well,
that's
the
thing,
the original backend from clim2 goes all
the way back
to genera, and it's literally all solid 1-pixel lines, and bulk of
the display is
text.
☟︎ jurov: well, are
there screenshots for clim2 ?
phf: but mcclim made some decisions early on, where
the default x widgets set was designed
to ~look~ like popular
the
time "athena" widget set. which made
the whole
thing even uglier.
phf: well, fwiw i've no idea if you can make clim non-ugly (i'm not even sure at
this point what "ugly" means. you certainly can't
trivially make it look
the way "people come
to expect")
☟︎ phf: there's a working purey xlib backend
that uses very minimal decoration and server side font-rendering. i'm
trying
to figure out how
to make it look like not-shit, without compromising
the integrity
phf: jurov: kind of, in a roundabout way. i gave up on mcclim and
that whole crowd last
time
they were mentioned here, but i'm slowly reviving allegro's clim2
phf: couldn't find it, but he was basically correct. after jumping
through a lot of retarded hoops i got
to run xquartz on a retina mac at 1-to-1 pixel, and pretty much any of
the
type1 fonts at 230 or so look quite good
jurov: phf:
that was x-post from #clim? :)