log☇︎
275200+ entries in 0.155s
mircea_popescu: or do you specifically want to hear it out of his mouth also.
mircea_popescu: fabio__ rsa has the advantage that it's the simpler solution. i thought i said this before.
nosuchlabswww: Not really. Just read about phuctor and the square rsa keys and shit.
asciilifeform: nosuchlabswww: lemme guess, you clicked 'contact' link on the www. presumably you have something to say ?
asciilifeform: and understand the limitations.
asciilifeform: most recently, a battery that nearly turned to a frag in my pocket
fabio__: how did you arrive at this conclusion?
asciilifeform: fabio__: the only cryptosystem for which any rigorous analysis exists is vernam (otp).
fabio__: by the time they have made it there they have undergone enough analysis to be robust enough to use
fabio__: i totally agree, but what I was getting at was what methods of analysis do you trust
asciilifeform: or, alternatively, flown 10,001 times to his death, unreported.
asciilifeform: there is not such a thing as 'we used for x years and no reported problem.' quite conceivably the correct yamamoto has simply not yet flown.
asciilifeform: so then.
asciilifeform: (looked at the player's 'cards')
asciilifeform: or any of the other strategy gamez where the computer 'cheated'
asciilifeform: all of your doings will 'mysteriously' come to nought, folks will say 'bad luck' etc.
asciilifeform: in a crypto break, you, your family, the onlookers, everyone you give half a shit about - can be corpses, for 25 years, and ~not know~
asciilifeform: and if not you, personally, the corpse, then - onlookers
asciilifeform: fabio__: it is helpful to understand that cryptographic breaks are quite unlike ANY other type of engineering failure.
fabio__: well, thanks for talking the time to answer my questions
asciilifeform: *on the
asciilifeform: the burden of proof is one the folks proposing to replace a simple system with few moving parts (rsa) with a larger and gnarlier item
asciilifeform: (its appearance in bitcoin is, contrary to popular delusion, not a reason)
asciilifeform: well, for starters, i'd like a compelling reason to even ~entertain~ ecc in the first place.
fabio__: so one final question, at what point would you guys consider ECC to be useable? 5 years of field with no reported issues?
asciilifeform: pg, altman, et al laughed all the way to the bank
asciilifeform: mircea_popescu is conflating the sc4mz0rs with their chumps
mircea_popescu: unlike bob, nobody on a stick and sam altman own nothing, and have nothing to lose. they sleep in ~prison / airbnb as it is.
asciilifeform: i would like to buy ticket, to watch him stuffed into the paddy
mircea_popescu: the exact same thing COULD happen to bob sauerberg. tomorrow.
mircea_popescu: you were here when tiny boo boo exploded into gawker bankruptcy followed by nick denton personal bankruptcy soonish to be followed by actual imprisonment over lying to judges etc ?
asciilifeform: (i wrote to a few)
asciilifeform: even the various so-called 'independent' 'security blogger' types won't touch phuctor
asciilifeform: i dun get it, what does either of these 'have to lose'
mircea_popescu: sort of the roger ver of the "online business" world.
asciilifeform: or simply differing approaches. 'problem' posed: 'someone shat in my garden.' hn algo: 'burn with flamethrower, shoot witnesses' reddit algo: 'empty honeywagon on top of it, have whole platoon drop trou and take a shit in turn on it for good measure'
mircea_popescu: the ycombinator derps on the other hand have ~nothing to lose.
asciilifeform: going strong, however, on tarditt, with buncha shannonized pinoy comments
a111: Logged on 2016-06-01 17:42 asciilifeform: and point of thread was 'no one has shown with any degree of rigour whatsoever, ~how~ hard'
asciilifeform: http://btcbase.org/log/2016-06-01#1474766 << see also thread. ☝︎
asciilifeform: ergo, the folks offering said 'equivalence' has same credibility as, e.g., 'herbal viagra' spammers
asciilifeform: or, for that matter, for ANY cryptosystem other than vernam.
mircea_popescu: there's nothing simpler than rsa ; ecc certainly doesn't meet that qual.
asciilifeform: one of these bargains is that you cannot build a career as a university academic with 'use rsa, kthx, bye'
mircea_popescu: in general when dealing with snake oil, and cryptography currently is indistinguishable from such, is to take the simplest form.
mircea_popescu: fabio__ you don't specifically know whether and which curves may be surprisingly weak. community consensus can't fix this.
asciilifeform: djb is respectable and talented, but labours under certain faustian bargains as part of his employ.
fabio__: and in reference to #2 the point of contention is equivalent strength with RSA for a given bitlength?
mircea_popescu: no idea that HE would care about that though.
mircea_popescu: as far as i know the fellow's quite respectable.
fabio__: so in reference to #1 is DJB questionable?
BingoBoingo: WHo could tell over the noise, twas a voice vote!
mircea_popescu: oh, sorry, was there a consensus ?
BingoBoingo: BUT THEY LIStenED TO COMMUNITAH!?
mircea_popescu: BingoBoingo hey, somehow they didn't miss out implementing utf, they just neglected to check their crypto code. great set of priorities there.
BingoBoingo: <mircea_popescu> openssh is a scandalous piece of trojan work, on the other hand. << OpenSSL is, OpenSSH is collateral damage
mircea_popescu: openssh is a scandalous piece of trojan work, on the other hand.
fabio__: people are rolling it out, openssh has supported it since 2014 i think. one of the openssl devs was asking for code to merge
mircea_popescu: be wary of consensi generally, for it rarely is more than a device in late night tv commercials.
fabio__: ok, I didn't realise there was not a consensus.
mircea_popescu: the republic doesn't, nor does any lord that i know of, recommend using ecc in any serious capacity. that's the community. otherwise, if you wish to say "i trust djb and whatever he says i'll take" this is fine, but it's a matter of personal investment not "community" nonsense.
asciilifeform: fabio__: the cryptographic side of the question is two-pronged. there is a set of 1) questionable actors making 2) questionable claims (e.g., of equivalence of n-bit ecc with m-bit rsa, n<m) with zero public substantiation
mircea_popescu: ethereum forked by "agreement of the community", does the result satisfy your expectations, for instance ?
fabio__: So what does the nsl faq mean, are the obvious mathematical weaknesses the NIST curves or some other issue with ECC as compared to RSA?
fabio__: There has been quite a bit of noise about ECC NIST curves (nistp256, nistp384, nistp521) being tampered with by the NSA. I thought using ECC was all good if you don't use the NIST curves and instead use community approved curves like Curve25519 and Curve1174 by like DJB and friends, or other approved ones at https://safecurves.cr.yp.to/. ☟︎
fabio__: "Part of their efforts is the push towards Elliptic Curve Cryptography (ECC) to replace RSA, in spite of obvious mathematical weaknesses in this proposition.
fabio__: number one on the faq has a bit saying replacing RSA with ECC is not a good idea:
fabio__: hi guys, I came across http://phuctor.nosuchlabs.com/faq this morning.
mircea_popescu: altogether a funny thing, especially in the sense that these idiots learned ~nothing in five centuries.
mircea_popescu: they were ~accidentally~ supplied to de witt in a pile of other documents. which resulted in some beheadings.
mircea_popescu: but they also drew up plans for overthrowing the republic's government, in a very muchly amusing color revolution (the future english king was to come from the house of Orange, you realise!)
mircea_popescu: meanwhile charles keep trying to make peaces with the republic, by offering vague nothings.
mircea_popescu: then they induced the bishop of munster, a sort of medieval thug, to invade the republic, under promise of "large subsidies". those subsidies never materialized, being promised by the broke-ass anglos as they were ; brandenburg moved in from the east and the naive turk uh i mean bishop of munster was forced to a rather disfavourable peace for his trouble / idiotic naivity.
mircea_popescu: but obviously the english ordered ships they couldn't possibly pay for and called this "a cash problem". to be resolved by privateers - except the dutch privateers were both better and more productive.
mircea_popescu: incidentally, the curious amateur historian may be well served by a review of the 2nd anglo-dutch war. some underlined parts : the anglos were deeply overextended politically - their crummy country consisting of one single town and a bunch of retarded peasants ; while the republic had many more merchants, with lots more money. in practice this meant that the english could pay for one ship where the dutch could afford seven ; ☟︎
mircea_popescu: also missing, the great american novel. as well as a dictionary of the french language.
mircea_popescu: hey, same is true of physics.
asciilifeform: 'Despite a great deal of mathematical work in this field, there is still no general theory of cryptography, Blaze posited. He called this “one of the dirty secrets of cryptography.”'
asciilifeform: BingoBoingo: i was speaking of the 'fromphuctor's.
mircea_popescu: asciilifeform two points here being that a) the "global dragnet" is much more difficult to use than you imagine ; and much less productive, being more of a prestige item than a tool of any sort ; b) they're discussing a specific item. if i ask you how many stovetops you have in your house you wouldn't count the roof, notwithstanding the sun heating it is, energetically, more significant.
BingoBoingo: Their cocks like their wiretaps require their toilet grabber
mircea_popescu: complex thing.
asciilifeform: do their cocks also work this way ?
BingoBoingo: mircea_popescu: The daily hate?
mircea_popescu: BingoBoingo nfi what this is ?
asciilifeform: it counts as 'stfu terrorist'
asciilifeform: 'Not every wiretap request is granted. Only 313 federal wiretaps were installed in 2014, far fewer than the number requested, Landau pointed out. Each one costs the federal government about $41,000, most of which is spent on “minimization”—that is, someone to monitor the wiretap and assess its content.' << lulzy: the universal dragnet thing dun count, evidently, as 'wiretap'
BingoBoingo: Continued from previous two days https://archive.is/Y2eSu
mircea_popescu: btw : the muslims actually do the whole chain thing. point in case : "Nabil Received five Ijazas/certificate from several respected scholars in Egypt. He has an Ijaza with an authentic, short chain of 26 from him to our beloved Prophet Muhammad (Peace and Blessings Be upon Him)."
mircea_popescu: no this'd be 2005 or so.
mircea_popescu: i thought back when it was voat.co reddit mostly did kiddie porn.
asciilifeform: and every third article was about broken common lisps etc
asciilifeform: it dates to the days when dinosaurs walked, when reddit was ~readable
mircea_popescu: looks like it's enough to buy russia yo!
asciilifeform: the mold in my old bathroom begged to differ
mircea_popescu: hence the appeal of derpy "proceedings"
mircea_popescu: what can i tell you, until and unless kid is actually visible in the world nobody can interact with him,
asciilifeform: would have to grow a central nervous system first, neh ?
mircea_popescu: any time this "hitler" grows a pair, he can come over and we can have a chat.
asciilifeform: 'hitler/sauron can go on doing his thing in his mother's basement, what do we care'