tmsr - Search: " T"

269400+ entries in 0.178s

mircea_popescu: more's the point here : does that pos actually work so as to get any entropy past the 600 bytes pool ?

asciilifeform: their main function was, iirc, to curate the openpgp working group, to make sure rfc stays replete with braindamage.

asciilifeform: mod6: iirc they own the original zimmerman pgp.

mod6: "the PGP team at Symantec" << lel!

asciilifeform: 'lomg, long time ago, in galaxy far, far away'

mircea_popescu: asciilifeform no that was a mythical "some other guy" in "the past"

mircea_popescu: then they mysteriously kept copy/pasting the wrong digits off each other and i'm supposed to what, look the other way ?

mircea_popescu: mod6 because whatever inept handler was passing them the talking points didn't even have the modicum of know-your-bizness to get the actual number.

asciilifeform: nobody, of course, ever heard of any such preposterous thing ?

mod6: downloaded most RSA keys from a keyserver and tried to factor 1.9

mircea_popescu: fuckign shithead, there he sits, going to himself "oh look, these kids are closing in on me, let me say publicly that it's "probably a software bug / cosmic ray".

mircea_popescu: only win because it's true.

mod6: just threw this out to the unwashed ^

mod6: <@deedbot> http://trilema.com/2016/werner-koch-confirmed-usg-stooge/ << Trilema - Werner Koch, confirmed USG stooge << mod this shit up

asciilifeform: mircea_popescu: 'the spirochetes are there waiting' << win.

asciilifeform: 'Bitcoin.org has reason to suspect that the binaries for the upcoming Bitcoin Core release will likely be targeted by state sponsored attackers. As a website, Bitcoin.org does not have the necessary technical resources to guarantee that we can defend ourselves ...blahblah... The hashes of Bitcoin Core binaries are cryptographically signed with this key. We strongly recommend that you download that key, which should have a fingerprint

asciilifeform: https://bitcoin.org/en/alert/2016-08-17-binary-safety << them. apparently.

deedbot: http://trilema.com/2016/werner-koch-confirmed-usg-stooge/ << Trilema - Werner Koch, confirmed USG stooge

mod6: <+asciilifeform> it isn't fixable while conforming to the rfc. << ah right. ugh.

asciilifeform: granted this is not a 'real' forgery because folks with a copy of genuine key are untouchable by it.

asciilifeform: it isn't fixable while conforming to the rfc.

mod6: we've talked about that a bunch. shit, we even looked at trying to fix it at one time iirc.

asciilifeform: most recently during the 'linus shortid' thread.

asciilifeform: this is in the l0gz on several occasions

mod6: well, that open-sore yeah.

asciilifeform: (when generating ~key~ with which to sign)

asciilifeform: and so all you need to forge a signature is a sha1 collision.

asciilifeform: mod6: the fp calculation is not adjustable.

asciilifeform: this is one of the more egregious festering sores

mod6: i had to hand crank mine up to 512

mod6: and SHA1 checksums? wtf is this, the 90s?

mod6: any one able to get their hands on: "URL: </pipermail/attachments/20160817/9a9f4612/attachment.sig>" ?

mod6: https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html << wtf. this guy doesn't clearsign these emails

asciilifeform: is the - derived via arse magic - fixed size of the pool.

asciilifeform: BLOCKLEN==64. DIGESTLEN==20 (working length of the retarded 'patent-free!11111' ripemd hash).

mircea_popescu: incidentally, this is a point that should be reviewed. is it the case that EACH 600 bytes lose 20, or is it the case that ALL bytes past the 580th are gone ?

asciilifeform: ;;later tell mircea_popescu http://qntra.net/2016/08/rng-whitening-bug-weakened-all-versions-of-gpg/#comment-67543

deedbot: http://www.contravex.com/2016/08/17/the-road-to-the-future-is-paved-with-gravel/ << » Contravex: A blog by Pete Dushenski - The road to the future is paved with gravel.

shinohai: I could totally make a bidness out of this. Branding!

mod6: <+mircea_popescu> asciilifeform the incredible gall of the imbecile, to actually state it as "This bug does not affect the default generation of keys" << i mean srsly. since 1998!?

mod6: <+shinohai> thank you for choosing #trilema for your bits for tits needs. << :D

shinohai: thank you for choosing #trilema for your bits for tits needs.

judywatson: te doy las gracias por todo

judywatson: amor te agradezco por todo

shinohai: mircea_popescu: she said does it count or can you see the letters?

mircea_popescu: you can specify what tags to allow in comments in settings.

BingoBoingo: fixing seems as though it would require mucking up phphhphphphp

BingoBoingo: comment field eats lots of things and then shits.

mod6: <+asciilifeform> https://security-tracker.debian.org/tracker/CVE-2016-6313 << ok, click on patches at the bottom, then 'diff', yields the diffs. << werd. thx. i had to resort to cloning the gnupg gitrepo and doing diffs.

BingoBoingo: https://www.reddit.com/r/netsec/comments/4y8xo1/rng_whitening_bug_weakens_gpg/ << try to browse to

mircea_popescu: asciilifeform wtf is that!

asciilifeform: there is a missing http:// in the phuctor link.

BingoBoingo: Is that the revision?

shinohai also eagerly awaits mircea_popescu for tonite's offering

phf: hold the presses!

judywatson: hola mircea_popescu tengas tiempo para mis tetas?

asciilifeform: BingoBoingo: 'at time' ought to be 'at times'

BingoBoingo: Qntra thanks you for your sexpertise in this matter.

a111: Logged on 2016-08-16 18:31 mircea_popescu pictures woman flying around with tip of boeing in her snatch, "YES! YES! HARDER!" for a visual.

mircea_popescu: asciilifeform also ftr that loop is now how you'd do it.

mircea_popescu: asciilifeform the incredible gall of the imbecile, to actually state it as "This bug does not affect the default generation of keys"

trinque: mircea_popescu: yep, whole point of perfecting the botworks layer by layer

mircea_popescu: i dunno about that.

phf: i know, i know, that's an ongoing mp vs ascii dialog

a111: Logged on 2016-08-17 21:30 phf: i believe, that there's a man, somewhere in the bowels of meta-nsa, who can see the entire puzzle picture

a111: Logged on 2016-08-17 20:43 asciilifeform: would readily abolish the idiocy with 'wallet watch' mechanism etc.

mircea_popescu: http://btcbase.org/log/2016-08-17#1523509 << afaik trinque is making a wallet :) ☝︎

a111: Logged on 2016-08-17 19:41 Framedragger: asciilifeform: grep is amazingly fast because it does it in a smart way (you prolly know). i can give some number but i expect the q is rhetorical (i.e.: it's fast) :)

mircea_popescu: http://btcbase.org/log/2016-08-17#1523477 << believe it or not the grep trick was dissected in logs at length! ☝︎

a111: Logged on 2016-08-17 19:40 asciilifeform: how long to walk 100G ?

mircea_popescu: http://btcbase.org/log/2016-08-17#1523472 << afaik it just imports the blockchain.info version. ☝︎

asciilifeform: during my audit of the rng routine, i barfed at the whitening and stopped reading.

BingoBoingo: asciilifeform: Please to qntra?

asciilifeform: must be. unless there are authors not listed in https://www.gnupg.org/people/index.html .

phf: 98, that must be the man himself?

asciilifeform: who can tell me the author of the ORIGINAL routine ?

asciilifeform: https://security-tracker.debian.org/tracker/CVE-2016-6313 << ok, click on patches at the bottom, then 'diff', yields the diffs.

asciilifeform: and koch wants people to download ~entire tarball~ of src and rebuild ?

asciilifeform: phf: do you find it interesting that the particular patch is posted nowhere ?

phf: i believe, that there's a man, somewhere in the bowels of meta-nsa, who can see the entire puzzle picture ☟︎

asciilifeform: '...bug in the mixing functions of Libgcrypt's random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and Libgcrypt versions.'

asciilifeform: ;;later tell mircea_popescu https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html << lel ☟︎

BingoBoingo: http://btcbase.org/log/2016-08-17#1523264 << Trilema the blog already epic self help cyclopedia. ☝︎

asciilifeform: multi-GB data structure though, you would not want it on every node.

asciilifeform: would readily abolish the idiocy with 'wallet watch' mechanism etc. ☟︎

asciilifeform: this would be a handy (optional) item to have in trb.

asciilifeform: ( probably there is a 'last seen' addr-to-blockidx hash table, so we get something like O(n log n) lookup. )

asciilifeform: but it would be interesting to learn how it was done.

asciilifeform: it isn't, granted, impossible to optimize this lookup with pre-index

PeterL: or does that not count as obscure?

asciilifeform: anyone got an obscure one that last saw tx years ago ?

asciilifeform: sooo either gribble (or whatever service is cribs from) did not actually chug through 100G, or the number is approximate ('in last n blocks...'), or.

Framedragger: asciilifeform: (14.3s to grep thru 3gb file fwiw)

phf: (of course log wins over grep in total time, because message are already all in ram)

phf: it's the same technique that log uses to search entries, but i lose becase individual chunks of text are not necessarily sequential or localized by page. asciilifeform's for question though is about the fact that simply picking up 100G, page by page, from disk into ram, is expensive

Framedragger: (re. grep, https://lists.freebsd.org/pipermail/freebsd-current/2010-August/019310.html << just for the logz)

Framedragger: asciilifeform: grep is amazingly fast because it does it in a smart way (you prolly know). i can give some number but i expect the q is rhetorical (i.e.: it's fast) :) ☟︎

asciilifeform: or even to simply load it into ram

asciilifeform: Framedragger: how long does it take to grep a 100G file on your system ?