390600+ entries in 0.251s
ascii_field: all
that would be required is (yes, open problem) a particular kind of aes boojum.
mircea_popescu: can you demonstrate rsa malleability in
the sense of, appending "pete_dushenski.rate.punkman.2:" as prefix
to cyphertext ?
ascii_field: mircea_popescu:
the basic problem is
that you are decrypting $blob and, so long as
the output has
the expected form (and how many of us check? yes, i check. but
there are folks who will pipe it straight into
their irc via shellatron. yes, you know who you are
mircea_popescu: kinda why
the issuie is an elephant in room : we (i) dun really wanna go into it because it's such a bitch
to manage and creeping featuritis 5 ways
to sunday
jurov: okay,
then
there can be both serial number and previous hash
mircea_popescu: no, but if
the number reads "4" you don't need
to be shown
the deed with number 3
to know 4 is a valid number.
jurov: you want *all* singed matter
to be public in
that order?
jurov: thus, you have
to create a collision
to forge valid 3 later
jurov: which will be own field and goes into
the signature
ascii_field: so he modifies assbot so
that
the next
time mircea_popescu is given otp
token, it is actually carrying
the rsa-enciphered symmetric key from $message
jurov: how chaining
them by hash makes
them mutable?
mircea_popescu: the
text is "assbot:pete_dushenski.rate.punkman.2:blabla"
ascii_field: the other
thing, you are not decrypting
the string !
mircea_popescu: ascii_field it includes a plaintext field for
this reason.
ascii_field: (i.e., we ~think~ we are decrypting garbage, but who knows what it is. perhaps nsa killed kakobrekla and
the next auth
token is actually using
the symmetric key header from your last
transmission
to
the satellite !!)
assbot: Logged on 12-10-2015 22:11:29; mircea_popescu: ascii_field not so sure how smart
that is. garbage is interpretable.
mircea_popescu: otherwise you get a disaster of commons situation where 5k services are stuck doing
things because you were bored one evening.
that might work for a woman's book club\
ascii_field: the flip side of
this is
that civil-death-by-dint-of-key-compromise will become a
thing.
nubbins`: added benefit of being L1,
too
mircea_popescu: puts
the cost of security right where it belongs : on
the key owner.
mircea_popescu: anyway, it allows you
to update it.
the idea
that others would accept your update on your own
terms and for free is bizarre and i guess unwarranted. going forward i imagine moist everything will be financed
through fees on key updates. such as say assbot.
ascii_field: nubbins`:
this was an ancient
thread. mircea_popescu explained
that if people could update keys of mpex account, it would become practical
to sell 'secondhand'
nubbins`: the wisdom of buying a private key is left as an exercise
to
the reader
ascii_field: because 1) he would have
to send a shuttle
to his orbital station
to swap out
the ROM with
the old key 2) people could sell mpex accounts!!111111
mircea_popescu: ascii_field not so sure how smart
that is. garbage is interpretable.
☟︎ ascii_field: (publishing garbage signed
thereby, with
the serial number incrementing)
ascii_field: jurov: in
this scheme, you can 'blow' a key when it is
time, by churning
through its remaining shots
jurov: regardless, keys will need
to be deprecated and upgraded somehow
ascii_field: (does anyone have
the link handy where i described
this scheme ?)
ascii_field: but yes,
the basic scheme is one
that i described before
ascii_field: then points
to your material, says 'this is fake'
mircea_popescu: jurov because
the date at which a message was signed is not verifiable.
mircea_popescu: ascii_field because if i say "no messages with index past 500 may be signed by
this key"
the key actually is verifdiably dead.
mircea_popescu: that given
the known weaknesses of
the pgp protocol as it is,
the only responsible manner of using it is
to include an index in every signed item, and
to increment it by one every
time you sign anything.
mircea_popescu: i suppose
the elephant in
the room sort of point we've been avoiding is
this :
jurov: yes, my penis looks substantially differently
than 2y ago
mircea_popescu: jurov you're also expected
to have
the same penis for
the next40+ years.
assbot: Logged on 14-05-2015 21:32:19; mircea_popescu: if you can upgrade your key for free, you don't have
to pay mpex, you can just find someone with a key
they don't want
to use anymore and
they can "upgrade"
theirs
to yours.
pete_dushenski: jurov: why one key ? can't you make new key just before current one expires and sign old key over
to new key ?
nubbins`: the point
that i shouldn't have
to expose my body
to some random gov employee in order
to exercise my charter rights was lost on many
jurov: yes. and was
the problem
tackled
that i'm apparently expected
to have one key for next 40+ years?
pete_dushenski: davout: "According
to Schneier it costed ~$3mn in 2012
to find an arbitrary SHA1 collision." << cost
☟︎ pete_dushenski: "Keefe had
to leave his 'ugly stick' at
the door.
The homemade musical instrument is popular in mummer
tradition. (Courtesy of Jon Keefe)" << nubbins`! you're famous !
BingoBoingo: pete_dushenski: Mummer is a kinda Mardi Gras
thing
ascii_field: it sounds batshit,
to an engineer, say, but logically follows from 'easy
to steal == phree!!!' formula.
BingoBoingo: "I needed
to be somewhere by 6 p.m., and all of
the active chargers were full. I couldn't plug in all day," he said. "There was a Volt
that appeared
to be finished charging, so I unplugged it so I could get a half-hour boost.
The Volt isn't pure electric -- it also has a gasoline engine.
The next day, I learned
that
the Volt owner was furious, and he sent out
this email blast saying
that I stole his charge. It was awful."
pete_dushenski: ascii_field:
that's basically 'vw emissions
test protocol'
assbot: Logged on 12-10-2015 04:09:35; pete_dushenski:
http://log.bitcoin-assets.com/?date=11-10-2015#1296418 <<
this identification issue is quite
the hot button item in canadian federal politics atm, mostly surrounding
the use of
the niqab by new immigrants during citizenship swearing-in ceremonies.
ascii_field: BingoBoingo: i almost expect
there
to appear some idiot rob-peter-pay-paul scheme where plebes' petrol cars have
to spin wheels on a
treadmill
to charge some eloi's 'tesla', in lieu of parking fee, or
the like
nubbins`: smth
tells me BingoBoingo would find humour in
this also
pete_dushenski: sounds like
the green party needs me more
than i need
them
pete_dushenski: i'd sooner gamble on
the outcome
than show up
to
the booth
nubbins`: i can't keep
track. we had
turkey yesterday
pete_dushenski: and less depressing
than giving up model m for some 'das keyboard'
ascii_field: pete_dushenski: you can get 19-inch racks lined with cork, with acoustic baffles for
the exhaust (think auto muffler or pistol silencer)
pete_dushenski: ascii_field: you don't know how
tickled
this idea has me :)
ascii_field: vendors which supply musical studios will have
this.
ascii_field: pete_dushenski: line
the door with acoustic cork.
pete_dushenski: not happy about
this shopping adventure. but i guess i'm not as rich as i
thought i was.
ascii_field: (everyone with even a passing interest in mnemonics, at least in
the english world, knows
this one)
pete_dushenski: also, hanbot makes an excellent point
that pi is widely know
to at least 8 decimal places afaik
assbot: The news wants
to do a story on
the $500 computer Bitcoin lock hack. Does anyone know anyone affected by
this? : Bitcoin ... (
http://bit.ly/1G24DlG )