800+ entries in 0.401s
shinohai: Not much
entropy in that space.
mircea_popescu: considering we have millions of keys, and considering the sort of shenanigans we've seen currently, including werner koch's gpg subversion most recently ; it would not be inconceivable at this point if a good chunk - thousands, hundreds of thousands of keys can actually be factored once we figure out which exact 20, 30, whatever bits are actual
entropy , and how the nextprime is chosen on the basis of that.
mircea_popescu: to be clear here : if the keys are generated out of 16 bits of
entropy ; and if there are 65537 keys ; then necessarily there will be at least one weak pair, and in practice more than half ; all of which will be cheaply hacked apart by phuctor's method.
mircea_popescu: but you do have more control over the matter than over
entropy source.
mircea_popescu: and no, obd does not need 1mb, or beenfit from it. point was - if you're going to use spare
entropy, it would be for this rather than too much waltzing or w/e.
mircea_popescu: AND moreover, most of that legendary mb of
entropy should go into the primality test, not into the prime gen
mircea_popescu: suppose i set my keys to be produced with 1mb of
entropy.
a111: Logged on 2016-08-18 12:32 mircea_popescu: asciilifeform since we're on this btw, the way i want tmsr-rsa key generation to work is as follows : a contains a number of
entropy bytes specified by user in tmsr-rsa.conf read whenever tmsr-rsa.conf specifies (such as urandom); b contains a base-tmsr string specified by user. c = base-tmsr(a).b ; p = nextprime(cut(sha512(c),257)) ; process is repeated for q = nextprime (cut(sha512(c'),258));
mircea_popescu: asciilifeform since we're on this btw, the way i want tmsr-rsa key generation to work is as follows : a contains a number of
entropy bytes specified by user in tmsr-rsa.conf read whenever tmsr-rsa.conf specifies (such as urandom); b contains a base-tmsr string specified by user. c = base-tmsr(a).b ; p = nextprime(cut(sha512(c),257)) ; process is repeated for q = nextprime (cut(sha512(c'),258));
☟︎☟︎☟︎☟︎☟︎ mircea_popescu: situation : you go to make key with stock gpg, set it to 4096, ie 512 bytes. it makes you the sign key with 512
entropy bytes, then makes you the encrypt key wirth the remainder 68, and that's it.
mircea_popescu: more's the point here : does that pos actually work so as to get any
entropy past the 600 bytes pool ?
a111: Logged on 2016-08-17 21:39 asciilifeform: 'exec summary' for mircea_popescu et al: all gpg keys ever generated have at most 2048 bits of effective
entropy.
a111: Logged on 2016-08-06 14:22 mircea_popescu: asciilifeform what's your call, because the matter is quite acute : is it a safer system to demand 8kb
entropy/second and hash 12 times ? or to demand say 128bytes/second and hash 768 times ?
mircea_popescu: asciilifeform what's your call, because the matter is quite acute : is it a safer system to demand 8kb
entropy/second and hash 12 times ? or to demand say 128bytes/second and hash 768 times ?
☟︎ mircea_popescu: if we actually go with a 12-pass hashing method, this then will require > 8kb of
entropy/second from the client, which isn't possibru without dedicated rng fountain.
BingoBoingo: covertress: Wait, they FIGHT
ENTROPY???? BAD ANARCHISTS!!!
mircea_popescu: asciilifeform incidentally, "owned by whitening" is not altogether a bad theory wrt the null-
entropy keys. ie, "they replaced rng with null-outputting one, never noticed because whitening". this, of course, doesn't explain why gpg would end up with null-generated keys, but whatevs.
a111: Logged on 2016-08-03 06:15 mircea_popescu: and speaking of gpg deplorable state asciilifeform can you think of any possible reason the damned thing doesn't come a) bundled with ent and b) with ready implemented tests of local
entropy while c) key generation is a subset of
entropy testing in all cases ?
mircea_popescu: and speaking of gpg deplorable state asciilifeform can you think of any possible reason the damned thing doesn't come a) bundled with ent and b) with ready implemented tests of local
entropy while c) key generation is a subset of
entropy testing in all cases ?
☟︎ mircea_popescu: stop mixing shit against
entropy flow. you don't give the first of a flying fuck about the number 3. you're wrtiting code, it may not contain magic numbers.
mircea_popescu: the deep stupidity involved should be directly apparent, but in any case - the system as proposed violates the proper flow of
entropy, and as such MAY NOT HAVE ANY MERITS.
mircea_popescu: my only thing was with the arrows, because currently they go against the flow of
entropy.
Framedragger: yeah seems to have worked for these low
entropy pockets around stars, pretty nifty!!
a111: Logged on 2016-05-19 01:40 mircea_popescu: oh ok, so changed 16^64 to 10^64 and the "generate
entropy in the shape of floating point number" thing clearly indicate these fellows are windows programmers with a strong javascript focus.
mircea_popescu: oh ok, so changed 16^64 to 10^64 and the "generate
entropy in the shape of floating point number" thing clearly indicate these fellows are windows programmers with a strong javascript focus.
☟︎ mircea_popescu: ah, no, sh is the equiv of
entropy. "count of possible states".
mircea_popescu: fromphuctor it's not that hard to find prime numbers. in general, rsa keys should be seeded from a good
entropy source.
mircea_popescu: asciilifeform enemy extracting as much as 1 bit of non-
entropy.
jurov: you're welcome to make a specifically worn dice that produces only ~2 bits of
entropy. i suspect that would be very hard.
jurov: is it even physically possible to make biased dice with, 50% less
entropy output?
sbp: must, fight,
entropy mircea_popescu: gravity works the way it works ;
entropy idem. it doesn't say you can't put things in orbit. it just says it won't be worth it.
BingoBoingo: They exploded for good reason.
Entropy tends to find a way.
mircea_popescu: i suspect it goes deeper than that. something something
entropy/and/bandwidth
assbot: Logged on 06-02-2016 15:33:16; asciilifeform: i never looked into what his
entropy source is. if it's a prng, straight to hell.
assbot: Logged on 06-02-2016 15:33:16; asciilifeform: i never looked into what his
entropy source is. if it's a prng, straight to hell.
mircea_popescu: what colors are your bits, bitch! and how much
entropy is there in this dword ?
mircea_popescu: "256 bits has sufficient
entropy to render any brute force attack, and even severe weakening (e.g. sq root effort attacks) utterly infeasible." << dude where the fuck do they come from.
assbot: Zotamedu comments on Bitcoin core will soon replace the industry standard random number generator with a homebrew script. Sorry for your loss (of
entropy) ... (
http://bit.ly/1Q8QotN )
mircea_popescu: +/** Add
entropy to the pool directly. Use this for seeding or on-demand
entropy. */
mircea_popescu: it is the direct equivalent of
entropy-diddling for keysystems.
mod6: re:
entropy topic, perhaps ya, we can do something like this when we have a crypto lib 'eh?
mircea_popescu: incidentally, and unrelatedly to the "magic numbers" avenue of trb improvement : one obvious anbd cheap hardening for trb would be to allow the user control of
entropy source.
ben_vulpes: should i come up with my own hairbrained scheme to do so or ask how best to get
entropy out of this rng directly from you?
mircea_popescu: quite exactly. it'd seem OpenSSL 1.0.1e-fips does not actually utilize
entropy to generate keys.
mircea_popescu: punkman apparently discusses what i said about
entropy. no idea.
trinque: deedbot- knows what date/time it is... did someone touch the
entropy dial?
jurov: with their elaborate
entropy management
PeterL: what is it going to do with the
entropy it creates?
assbot: Logged on 04-12-2015 21:56:53; mircea_popescu: ascii_field "At some point I may do a similar surgical extraction for GPG 1.4.10’s
entropy gatherer, but this is a very different project." << i have nfi why you'd be including "software
entropy generators".
mircea_popescu: ascii_field "At some point I may do a similar surgical extraction for GPG 1.4.10’s
entropy gatherer, but this is a very different project." << i have nfi why you'd be including "software
entropy generators".
☟︎ ascii_field feels suitably kicked in arse by mircea_popescu re:
entropy mircea_popescu: so far we're mostly finding novel ways to use up
entropy we don't really have.
mircea_popescu: anyway, none of this is even practical without mass cardanos, because iirc c-s consumes even more
entropy than rsa.
mircea_popescu: i said "clamp down in one place" not "reduce". how the fuck are you goingto reduce complexity and why aren't you moving on to
entropy next!
BingoBoingo: Seriously the two episodes which triggered this were drunk white kids who said "nigger". Fighting that is like fighting
entropy. It's just going to keep happening.