700+ entries in 0.216s
Barbarossa_: time to setup all the
PGP stuff and a hot wallet to send the bitcoin etc
Barbarossa_: did you also create the
PGP signing dongle thing?
Barbarossa_: no - my
PGP keys were all generated on a diddled wintel box
a111: Logged on 2017-08-31 17:32 fyr: Afaict the whole point of the nickserv
pgp thing is I can't come in a month later all "my laptop finally died of blunt impact trauma, accept new unsigned pubkey pl0x"
fyr: Anyway I know I'm on the larp server for "not getting pwned by unspecified
pgp-fearing non-Mossad is hard, reliable backups and Linux audio is easy"
fyr: Afaict the whole point of the nickserv
pgp thing is I can't come in a month later all "my laptop finally died of blunt impact trauma, accept new unsigned pubkey pl0x"
☟︎ mircea_popescu: kanzure re "broken while uploaded" : tell fenn phuctor has not just all the
pgp keys ; but also all the ssh keys, though apparently not the one for his home computer. and to stop being so superficial wtf.
mircea_popescu: aite, so it's this item that factors privkeys. has the whole db of
pgp and ssh keys.
valica: ty for voicing me, mircea_popescu. I will create a
pgp key as soon as I will have something to say.
mircea_popescu: valica make yourself a
pgp key if you don't have one an' register it with deedbot so i don't have to keep voicing oyu
mircea_popescu: asciilifeform most importantly, do we ACTUALLY want to do something
pgp-retarded like say R.len = 200 bytes, repeat the last 50 for a 250 byte total then use the repeat to make sure you decrypted correctly ?
mircea_popescu: (ftr, the way
pgp does it is that it repeats two bytes of a more or less random block of 16 bytes, and then checks if they came out the same. this is in fact WORSE than
http://btcbase.org/log/2017-08-09#1696023 but then again contemporary applied cryptography is a very low effort, low quality field).
☝︎ edivad: now that i've registered my
pgp key, should i be able to authenticate signing something?
mircea_popescu:
http://btcbase.org/log/2017-08-08#1695453 << you have to. we'd be the first people to move to a cheaper test algo if this was feasible, in tmsr-
pgp etc. but as he correctly points out, most of the keys you make are weak. an important point to consider here is weakness propagation : one weak key can potentially expose other key exchanges, resulting in a chain of (unknowingly) lost secrecy. the design will have it ablate over t
☝︎ mircea_popescu: well, i guess see if ian wants to reg a
pgp key, i'd rate him. if nothing else, on the strength of
mircea_popescu: anyway, as a lawyer you absoluitely wish to bake
pgp into every aspect of your practice. don't have any customer email you plaintext.
a111: Logged on 2017-06-20 16:30 phf: building wot for all comers will suffer the same fate as
pgp. since nobody's using it, it turns into an arms race of easy to use, or "innovation" also known as masturbation over technical minutiae. i sort of realized this when i tried applying tmsr solutions to my cypherpunk friends: "no we don't need to research the difference between signal and telegram, just encrypt it to my gpg key and post it on dpaste or whatever." eliminated all the technical di
mircea_popescu is sick of "famous people" like of crab apples. let them sit in some other latrine with their "oh i lost my
pgp key 20 years ago" zimmerman and their "i dedicate my life to raising impudent street urchins as if they were white people" bernstein and their "oh hi, rng ?" koch and their "o btw, i lied about that laptop" rms everything else.
a111: Logged on 2017-06-20 16:30 phf: building wot for all comers will suffer the same fate as
pgp. since nobody's using it, it turns into an arms race of easy to use, or "innovation" also known as masturbation over technical minutiae. i sort of realized this when i tried applying tmsr solutions to my cypherpunk friends: "no we don't need to research the difference between signal and telegram, just encrypt it to my gpg key and post it on dpaste or whatever." eliminated all the technical di
phf: building wot for all comers will suffer the same fate as
pgp. since nobody's using it, it turns into an arms race of easy to use, or "innovation" also known as masturbation over technical minutiae. i sort of realized this when i tried applying tmsr solutions to my cypherpunk friends: "no we don't need to research the difference between signal and telegram, just encrypt it to my gpg key and post it on dpaste or whatever." eliminated all the technical di
☟︎☟︎ Framedragger:
http://btcbase.org/log/2017-06-09#1667749 << sorry asciilifeform, i missed this "tell" and only saw now! hmm, key *parser* - as in,
pgp parser? i don't believe you've posted that before, or i haven't seen it. at any rate you probably meant sth else that the phuctor fingerprint generator i assume?
☝︎ mircea_popescu: which, for the people who were here for the original
pgp wars, sounds like the empire never goes to school.
mircea_popescu: erlehmann you seem like a nice enough fellow, why not register your
pgp key with deedbot ?
mod6:
http://btcbase.org/log/2017-05-25#1661674 << was thinking there, for those who would want it, a model where guy asks for N bytes of entropy via FG. would generate N bytes. base64 encode the binary entropy file (similar to trb deps), place the sha512 output hash of the base64 decoded file along with the ent & dieharder output in a clearsigned message, then
PGP encrypt it to the requester.
☝︎ mod6: do you have all of the stuff between the '-----BEGIN
PGP SIGNED MESSAGE-----' and '-----END
PGP SIGNATURE-----', including those lines?
mod6: <+mod6> <+mod6> This is the actual
pgp clearsigned data:
http://p.bvulpes.com/pastes/9AAL7/?raw=true << this is what gets pasted into the comments section. 7bit ascii. << go to this link, copy the text, save locally, or however you want to do it, and see if it verifies.
mod6: it's gotta be browser related. if you copied the
PGP signed data out of the database comments field or what not, and it was ok, then ok. may not mangled. but perhaps the browser does some weird formatting hijinx and that's fuckin us up.
mircea_popescu: fromloper consider getting a proper name / registering your
pgp key with deedbot while at it.
mircea_popescu: 1. let's make "government issued id" the underpinning of the
pgp web of trust, because totally, what could be better or above the fiat empire du jour ; 2. key ids. because really.
mats: asciilifeform: wot analysis and identifying weirdness that
pgp will accept but ordinarily silently discard some aspect (wrappers i've looked at don't use verbose flag during import) , ie, a subkey binding like the hpa key
Framedragger: and commits in linux are
pgp-signed, not just "ok"d
BenBE: Suggstiong: you have all the keys available that make up those dumps. What about using a batch job (once per day) creating a large .
pgp file people can download. That's both static and gives people all the information (create UIDs for the extra stuff if necessary)
BenBE: Are the keys mentioned in the stats somehow available as e.g. one big
PGP dump file each?
Framedragger: top hit for every
pgp keyid? that's pretty neat.
phf: coke machine story should be set in the same universe/time as the
pgp key story
Framedragger: it's one thing tor jumping ahead with newhope because omg POSTQUANTUM, but a
pgp board.. lol
mircea_popescu: "As reported by Motherboard, a September 2016 filing by a Canadian court revealed that the Dutch police were able to decrypt the
PGP-encrypted messages because the Dutch investigators may have found the decryption keys on the seized server itself."
mod6: some sort of
PGP based command system.
a111: Logged on 2017-03-10 19:38 asciilifeform: trinque: then i'll need a cl
pgp parser
a111: Logged on 2016-06-17 02:16 asciilifeform: btw does mircea_popescu know what would happen if a
pgp key with his main key but new magical subkey were generated and posted to sks ?
a111: Logged on 2017-02-03 06:10 mircea_popescu: phf they're pretty shitty. tmsr
pgp should prolly use a better scheme
mircea_popescu: phf they're pretty shitty. tmsr
pgp should prolly use a better scheme
☟︎