mircea_popescu: that gpg reads the correct number

mircea_popescu: ok. and this does not actually correspond to the numeric format as used by gpg's bignum because mpi reasons.

mircea_popescu: ftr thee test is : if test "x$GPG_ERROR_LIBS" = "x"; then

mircea_popescu: ~/gpg-2.0.30/libgpg-error-1.24/src$ ./gpg-error-config --prefix

mircea_popescu: asciilifeform :checking for GPG Error - version >= 1.13... no

mircea_popescu: from autogen : "--with-gpg-error-prefix=@SYSROOT@" << what format does that take if not fucking path

mircea_popescu: fucking nightmare. so the lib-error shit compiled, but obviously ./configure --with-libgpg-error-prefix="/home/mircea/gpg-2.0.30/libgpg-error-1.24/" does nothing, with or without quotes

mircea_popescu: ~/gpg-2.0.30/libgcrypt-1.7.3$ make

mircea_popescu: asciilifeform does building gpg build libgcrypt auto ?

mircea_popescu: so basically... the best key produced by stock gpg is... wait for it... about 700 or so bits strong.

mircea_popescu: situation : you go to make key with stock gpg, set it to 4096, ie 512 bytes. it makes you the sign key with 512 entropy bytes, then makes you the encrypt key wirth the remainder 68, and that's it.

mircea_popescu: 3) as it's theoretically nonsensical, it feeds a bunch of idiotic yet unconscious expectations in the mind of the user. i am well convinced that the general "i'll pull myself by own breeches" attitude of "creative" people is both due to and resulting in the gpg selfsig

mircea_popescu: hm apparently that doesn;t exist in stock gpg. my bad.

mircea_popescu: and the pile itself could just be put through gpg --armor, afaik you don't HAVE TO encrypt. i think ?

mircea_popescu: i don't get it, why not just use gpg armor ? wtf uu

mircea_popescu: asciilifeform incidentally, "owned by whitening" is not altogether a bad theory wrt the null-entropy keys. ie, "they replaced rng with null-outputting one, never noticed because whitening". this, of course, doesn't explain why gpg would end up with null-generated keys, but whatevs.

mircea_popescu: and speaking of gpg deplorable state asciilifeform can you think of any possible reason the damned thing doesn't come a) bundled with ent and b) with ready implemented tests of local entropy while c) key generation is a subset of entropy testing in all cases ? ☟︎

mircea_popescu: mod6 ok but none of this resulted in "current gpg shitfest is acceptable"

mircea_popescu: one obviously hopes that gpg did. but then again the brutal teacher that is experience shows it's wiser to suspect everyone merely hoped someone else did it.

mircea_popescu: first, i will crack all your fingers in the piano. THEN you MAY be allowed to buy ancient laptop and learn to gpg, MAYBE. ☟︎

mircea_popescu: thanks fucking god gpg doesn't clearsign such nonsense.

mircea_popescu: similarly, apparently there's a difference between "owning" a "bitcoin gem" that exists chiefly as a succession of forum posts ; and "owning" a "physical bitcoin" that exists chiefly as a succession of gpg-signed promises.

mircea_popescu: and you've got A LOT of things built in, not just "antispam". you got admin hardening ; gpg comments ; auto-spam tagging, ddos protection, anti-trackback flood and etc. ☟︎

mircea_popescu: where "works" is defined as i can select and paste a gpg armored segment and gpg can process it.

mircea_popescu: shinohai http://trilema.com/wp-content/uploads/2016/07/wp-mptargz-shinohai1.gpg

mircea_popescu: shinohai http://trilema.com/wp-content/uploads/2016/07/wp-mptargz-shinohai.gpg

mircea_popescu: asciilifeform http://trilema.com/wp-content/uploads/2016/07/wp-mp-alftargz.gpg

mircea_popescu: phf http://trilema.com/wp-content/uploads/2016/07/wp-mptargz.gpg << it's all there ; run a grep over the files for "fill your own" to see what you need to add ; you'll also need a theme (goes in /wp-content ) and obviously a mysql db. ☟︎

mircea_popescu: if gpg was intended as a sort of otr, "user creates subkeys forever", it's shockingly poorly implemented.

mircea_popescu: Framedragger i don't see much merit in the whole scheme. gpg does something stupid and then maybe salvages some edge of it. mmkay.

mircea_popescu: there's 10x to 100x more ssh-rsa than gpg-rsa. it's a moot point.

mircea_popescu: different packagings of THIS SAME OBJECT are not to be entertained. we control ther fucking horizontal, not "gpg" or "opensshit".

mircea_popescu: alternatively you could explain to your boss that a) he's not terribly informed, and if he's interested in this sort of thing b) really should make gpg id and show up here with his q's.

mircea_popescu: mod6 aww, you didn't choke on the submit part did you ? just gpg --encrypt --armor -r bingo and put the text into dpaste or wotpaste.cascadianhacker.com

mircea_popescu: no gpg, no wot, no personal security like that nisman idiot, no independent voice -> jwz, you know it.

mircea_popescu: http://btcbase.org/log/2016-06-06#1477612 <<< gpg-shotgun marriage! :D ☝︎

mircea_popescu: "my gpg works" does not excuse gpg.

mircea_popescu: (also not particularly useful in theory, but then again gpg is a pos.)

mircea_popescu: asciilifeform ftr, i have nfi what you're using, but most people here are using either aes256 or twofish, i would suspect. and if they do not - they should edit ~/.gnupg/gpg.conf and add personal-cipher-preferences AES256 TWOFISH right above the line that says personal-digest-preferences SHA512 ☟︎

mircea_popescu: Framedragger for rsa yes ; for gpg ... mno.

mircea_popescu: http://btcbase.org/log/2016-05-31#1474274 << deeply don't, gpg with sym key is liek... mmmkay. ☝︎

mircea_popescu: jurov i see "gpg: armor header: Version: PGPy v0.4.0 gpg: packet(6) too short"