asciilifeform: BigBitz: no. when some other fellow has a master key to your treasurebox, you're pwned by definition. whether he's bothered to paw through it yet, or not.
asciilifeform: BigBitz: you still think it is a 'could' rather than an 'are' ?
asciilifeform: dexX7: the solution is to use crypto which isn't '90s key escrow wine in a new bottle.
asciilifeform: ThickAsThieves: wait till somebody picks up 'shitcoin.'
asciilifeform: mircea_popescu: i vaguely recall this method being described in 'Phrack' in the '90s.
asciilifeform: didn't know the chap was a catalogued troll
asciilifeform: mircea_popescu: answered (a little less harshly)
asciilifeform: BingoBoingo: suggest this to MP, that's his department.
asciilifeform: BingoBoingo: Cardano will be "as cheap as possible, but not cheaper."
asciilifeform: kakobrekla: if store-bought socks routinely came with a contact poison, i imagine that quite a few people would learn to knit.
asciilifeform: if you want one now, and would rather not wait for mine, build the damn thing yourself. It will take you a day or two.
asciilifeform: a good HRNG is, probably unavoidably, one of two kinds: that you built yourself, or is simple enough to examine with basic bench instruments to see that it has 'nothing up the sleeve.'
asciilifeform: try this exercise: apply your favourite test to: the digits of Pi.
asciilifeform: problem is: it is quite possible to build a HRNG that passes any conceivable 'test of entropy' while remaining insecure.
asciilifeform: the others are squarely in the 'if you have to ask, you can't afford it' territory.
asciilifeform: 'Entropy Key' is thought to be acceptable, but it's been sold out for ages.
asciilifeform: kakobrekla: the currently-available ones?
asciilifeform: BingoBoingo: you will definitely want to de-bias the noise, as most microphones pick up periodic interference (e.g. mains hum)
asciilifeform: BingoBoingo: the TI-8x series had serial inputs (3.5mm jack), perhaps you can improvise something.
asciilifeform: so consider the case of a TORist who proceeds to log into gmail, etc. while on a circuit
asciilifeform: refer to the 'dumb users' section of the latest TOR dirt leak (even if you believe that the 'leak' is disinfo, the section applies to most users.)
asciilifeform: anyone who even thinks of 'browser' when thinking about TOR, etc. is already in a state of damnation.
asciilifeform: and under what conditions it is usable as something else.
asciilifeform: it is one thing to say 'gotta be a honeypot, bureaucrats wrote it' and another to see just how the pot is intended to function
asciilifeform: the TOR source is a good source even for those who don't care for TOR
asciilifeform: and then draw appropriate conclusions.
asciilifeform: my advice to anyone who does the exercise is to look up what happened to the Swedish fellow who did likewise and published the results in an academic paper.
asciilifeform: 'shared hosting' typically means no persistent processes
asciilifeform: there is no shortage of damning. TOR's authors really love it when you run it on VPS hosts, saves them some $ on running their own diddled nodes.
asciilifeform: and if you diddle traffic in an easily detected way, TOR foundation will add your node to its blacklist.
asciilifeform: the fact of them sneaking a peek at your results if they feel like it is another matter.
asciilifeform: last i checked tor exits were explicitly permitted in their TOS
asciilifeform: without saying much more, the quick answer is: if some part of the draft spec seems illogical / bizzare / 'couldn't physically wurk', the answer is generally 'the obvious fix.'
asciilifeform: we have a session block cipher key for working slate in SRAM
asciilifeform: ok I should probably chime in here. Easy answer:
asciilifeform: see 'How does it work ?' section 'D'.
asciilifeform: I'll laugh my arse off if it comes out that signals intel is being 'laundered' via... government soothsayers.
asciilifeform: he linked to some joker charging $$$$ for seminars in soothsaying, who makes clients sign NDA; S comments that 'they got to him, made him do it.'
