304600+ entries in 0.189s
mircea_popescu: iiuc jurov already has a more or less complete package of github keys, working
to
turn
them into proper format.
fromphuctor__: you could collect many millions keys from SSH server using
the ssh-keyscan utility included in OpenSSH
mircea_popescu: yeah ; a lot of eulora players also. seems
to be
the most accessible for "people in general"
steffen: which incidentally is also a software package vetted by
the BSI (german ministry for informational security or something like
that)
steffen: a lot of germans
that I know use gpg4win
steffen: at least so far I can see
that my key is not malformed. I'll certainly check
that result page periodically in
the future.
mircea_popescu: steffen
the golden standard re such verifications in
tmsr is V.
mircea_popescu: steffen we've been
trying
to get people with exposed keys
to post
the software
they used.
steffen: I lack
the skill
to verify my software package
mircea_popescu: many rsa implementations, especially for
the closed source walled gardens, are miserable indeed.
mircea_popescu: steffen you gotta make sure your pgp is actual protocol-strength rsa not merely promise-strength rsa
tho.
steffen: now my next question would be which software was used
to generate
the flawed keys and if
those were software packages with malicious intent
steffen: being a german myself, yes, and
that's where I
thought pgp added a nice sense of privacy
to interested parties no matter
the government
mircea_popescu: but no, it's entirely out of
the question any sort of natural event is at work here. usg.nsa been diddling not merely angela merkel's phone,
mircea_popescu: it'd be fun if we could diagnose, eg, fukushima by quality of keys from place and
time.
anotheryou: So my uninformed conclusion would be
that something went especially wrong in germany or
the pirates cryptoparties got a lot of people using pgp in
the first place.
mircea_popescu: (the keys are not processed one at a
time.
this used
to be
the case, but not anymore. now, all done simultaneously)
anotheryou: So many german pirate-party members on
the list. How where
the
tested keys selected? I assume you had
to start somewhere...
anotheryou: trying
to make sense and reading a bit before asciing stupid questions :)
anotheryou: sorry, just ment
to lurk :) don't mind me. Maybe most don't need
the up.
jurov: it's amazing
that fingerprint is not even suitable for
that use.
mircea_popescu: ie how he derives it from
the keys ? nfi. i always assumed it's arbitrary index from db
mircea_popescu: jurov
the reason for
teh hexporn is
that
there have been diddled keys!
jurov: wtf you're on? i never
tried
to approach phuctor with sort fingerprint
mircea_popescu: anyway, yet another
thing bitcoin corrupts irretrievably. "wtf
this secret job has no public log ? a fie upon you!"
phf: need a
top-secret job where can discuss
things in a public log,
tmsr style
jurov: so even
the 40char one is short?
phf: so i did a simple exercise, since
there were some claims
that "none of
the keys import", of grabbing phuctored data.
the 223 moduli represent 156 keys, importing which results in 133 "no valid user IDs" and 23 successful imports listed here
http://paste.lisp.org/display/315214 steffen: interesting stuff, added my public key
to check it out ;)
BingoBoingo: In other news
the US Navy is now allowing neck
tattoos
mircea_popescu: i'll rate you and you'll beable
to self voice in
the future
cyco1: it'll
take some
time
to find
the key in my backups
Apocalyptic: the important
thing is k/2 prime enables
to distinguish between
the 2, a k/4 prime doesn't, as it would occur in both cases
mircea_popescu: hey, whadda ya want from me, when
trying
to rescue statements
that are
trivially broken i use heuristics!
Apocalyptic: yeah but why
the 4 specifically ? for all you know you can have a k/3 prime as well
mircea_popescu: i don't recall right off how you calc
the probability, but it is indeed
tiny.
mircea_popescu: Apocalyptic p and q randomly generated can still produce a prime factor somewhere in
there, perhaps as large as 1/4 of
the length of
the key.
mircea_popescu: as with all failing empires in history a)
the better commentary happens among people who do not have
the empire's language as native language ; b)
the hassle of obtaining official seal of whatever exceeds
the benefits.
Apocalyptic: mircea_popescu: why k/4 ? my argument was if
the whole modulus is random,
then we can expect a k/2-bit prime factor, if modulus is random p
times random q,
then we can't unless p or q is actually prime (assuming p and q same size), which is quite unlikely if
truly random
mircea_popescu: one is
that
they pay fails
to compensate
the risks (trivially verified : find insurer who will indemnify you for any and all responsabilities in exchange of fraction of extra salary)
mircea_popescu: asciilifeform ftr,
there are VERY MANY people refusing
to
top secret for very many good reasons.
mircea_popescu: Apocalyptic i just interpreted your argument
to mean k/4
Apocalyptic: There might be,
the resulting
thing is a degree of magnitude less usable
though
Apocalyptic: so yeah no k/2-bit prime
to be expected in modulus
Apocalyptic: asciilifeform: re earlier
thread I was considering either random p and q
then multiplied, or whole modulus is random. Obviously
the latter could not occur since
the software couldn't compute phi(N), hence doing anything usefull with it.
mircea_popescu: "i know how
to make widgets. i also
think
the loch ness monster found
the cvadrature of
the ellipsis."
mircea_popescu: "pgp was broken ayear ago i recall defcon
talk"... it's kinda shocking in
the despairing sense of
the
term, exactly what sort of monster a specialised society creates.