log☇︎
416500+ entries in 0.279s
asciilifeform: how does it help anybody (other than hitler), including mircea_popescu, when hitler knows for certain, but everybody else is left to mathematicize fruitlessly (or, worse, work on faith)
mircea_popescu: the less you can rule out, the easier it gets for me.
asciilifeform: can't rule out that even 20 yrs ago hitler knew that factoring is np-complete.
mircea_popescu: what, you think strella is a directional weapon ?
mircea_popescu: heh. no they don't.
asciilifeform: i would like an asymmetric transform whose complexity were provably unknowable. that would be spiffy.
asciilifeform: see, i could even agree re: ~provably unknowable~ (i.e. godelian) unknowns. if these could be had. but 'unknown uknowns' inescapably shed the first 'unknown'
asciilifeform: is the idea that enemy wastes resources on cryptoanalytic derp vs setting up coke machine dungeon ?
asciilifeform: how does this beat 'proven np-complete and the lowliest amoebic scum knows' ?
mircea_popescu: hitler had reports re the fucking wtc bombings on his own desk.
mircea_popescu: it is ACTUALLY preferable for teh republic that whether rsa is or is not np-complete is not known.
asciilifeform: hitler rediscovers the proof. then what
asciilifeform 's throat is not big enough for this pill
mircea_popescu: if anyone had the proof, i'd ask them to not publish it, for that matter.
mircea_popescu: the field of unknown unknowns always favours the people against the state.
asciilifeform: how;s that work
mircea_popescu: the holy grail is this situation where nothing's demonstrated at all.
asciilifeform: (most academitards neglect the second part!)
asciilifeform: while also proving that none of the 'practical' aspects of employing the transform, leak key.
asciilifeform: to round off the thread, imho the 'holy grail' of asymmetric crypto is to demonstrate ~provably measurable strength~ - that is, prove np-completeness of inverting the transform.
asciilifeform: aha, this.
mircea_popescu: course you said provable. i'll take that to. prove.,
asciilifeform: but it is worth understanding what the cost of 'infinitely rigid girder' is.
asciilifeform: nobody said 'go back to latrine', aha.
mircea_popescu: i might as well go back to woodstove heating.
asciilifeform: this is the 'infinitely rigid girder.' in practice, all girders meaningfully differing from this one have provably finite rigidity.
mircea_popescu: look, im not going to give back the major advantage of asym crypto keys just because nsa sponsored implementation and useful rms-ian idiots made a mess of things.
asciilifeform: not a weakness. generated by two units connected together in sealed, grounded copper container.
phf: (that's the last point in asciilifeform's list)
asciilifeform: otp has precisely three weaknesses even in principle: generation of key (solved by civilized rng); reuse of key (solved by erasing each bit immediately after it is used in a xor); capture of key by enemy (in common with any other cipher! and solved with grenade pin)
mircea_popescu: forget all that already.
phf: conversation really an excuse for asciilifeform to build a subversive analogue circuit
asciilifeform: plugged into the 'grenade pin' of course.
asciilifeform: to complete this story, i will add a diode on each antifuse and a collective rail to blow'em all
asciilifeform: why not mail straight to hitler.
asciilifeform: unless operator is a moron, and uses it other than as prescribed, device is a true otp.
phf: should start mailing each other cloned harddrives with random bits on them
mircea_popescu: asciilifeform do not ask me "how". this question is pointedly forbidden in this context.
asciilifeform: use a bit once, then blow the antifuse it lived in.
asciilifeform: mircea_popescu: practice, fortunately, is not hard to fix.
asciilifeform: (otp, or however it is called in each of our kindergarten textbooks.)
mircea_popescu: that's actually weaker than rsa in practice.
asciilifeform: the closest thing we have is the vernam pad.
asciilifeform has searched for such a girder for quite some time.
asciilifeform reminds mircea_popescu that factoring has not been proven np-hard much less np-complete
mircea_popescu: it's computing for a reason. THIS is the reason.
asciilifeform: phf, mircea_popescu: how, if the layers use distinct keys, each en-rsa'd separately ?
mircea_popescu: asciilifeform either you make me an infinitely rigid girder or i don;'t want anything to do with you.
asciilifeform: can make thicker, or thinner
asciilifeform: block cipher gets 'solved' no more than steel girders can be 'solved.'
mircea_popescu: chaining is for the brothel.
mircea_popescu: no dude, spare me. either this problem is solved or woirked on.
mircea_popescu: fuck or get off the woman.
asciilifeform: (knowing weak keys in aes does not break the message if under it is, e.g., twofish, with DISTINCT KEY)
mircea_popescu: if one didn't help, ten won't eiother.
mircea_popescu: it helps in precisely the same way as multiple surgical interventions.
asciilifeform: it helps in precisely the same way as multiple parachutes
mircea_popescu: because that doesn't help anything.
asciilifeform: 'why the fuck is there no provision for multilayer use of multiple blockciphersystems'
asciilifeform: mircea_popescu: weren't you the one with the 'why do we need block cipher at all' concept ?
mircea_popescu: what do we say, twofish ?
punkman: "# Use a real encryption algorithm to protect the secret keyring, rather than CAST5." << relevant to certain folks that didn't mind posting their encrypted keyrings to keybase.io
punkman: might as well repost this too, if you've never edited your gpg config, start here: https://github.com/coruus/cooperpair/blob/master/saneprefs/gpg.conf
asciilifeform: nobody wants to see what is under that garden.
asciilifeform: this is likely why so few with the shovels
mircea_popescu: to subvert thew pgp i npractice.
punkman: https://github.com/coruus/cooperpair/tree/master/pgpv4 key collision for v4, scallion attack was for v3 I think
mircea_popescu: slova pesni = text pesni lol
asciilifeform: mircea_popescu: l0l, i get this: http://webkind.ru/text/989416971_946024927p581069957_text_pesni_n-ai-fost-acolo.html
punkman: plenty of success with that "Scallion was used to find collisions for every 32bit key id in the Web of Trust's strong set demonstrating how insecure 32bit key ids are."
mircea_popescu: asciilifeform is thgat the most likely to be quoted snippet ?
gribble: Pânza de minciuni. | Scriu pentru ca nimeni nu asculta..: <https://bineledinrau.wordpress.com/>; Dan Necşa | Trăieşte, iubeşte, respectă, ai grijă, dar nu te ataşa!: <https://dannecsa.wordpress.com/>; La mormantul lui ARSENIE BOCA. Parintele a lasat cu limba de ...: <https://intamplarisavante.wordpress.com/2010/11/28/la-mormantul-lui-arsenie-boca-parintele-a-lasat-cu- (1 more message)
mircea_popescu: ;;google "N-ai fost acolo s-auzi tot ce-am auzit. N-ai fost acolo sa vezi tot ce am vazut. N-ai fost acolo sa vezi tot ce am facut. N-ai fost acolo sa vezi prin tot ce am trecut."
asciilifeform: 'The concatenation of the data being signed and the signature data from the version number through the hashed subpacket data (inclusive) is hashed. The resulting hash value is what is signed. The left 16 bits of the hash are included in the Signature packet to provide a quick test to reject some invalid signatures.'
mircea_popescu: and why is it that all the phuctor bad sigs we see are two octet mirrors.
mircea_popescu: and why two.
phf: if the first two octets don't match you don't have to go through the rest of the signature verification process, since at that point you already know that the signature is invalid
mircea_popescu: the intent is to rape and pillage, for all orcs, by virtue of being orcs.
mircea_popescu: i do not wish to eat in the restaurant where they piss in the beer, irrespective of any other consideration.
phf: mircea_popescu: i ~assume~ the intent is to speed up failure
mircea_popescu: nothinmg, but by this principle let;'s stick to md5/
mircea_popescu: collision on 16 bits of sha512 is trivial.
mircea_popescu: phf so what does that help ?
phf: asciilifeform: maybe hash size is variable where's they wanted to go with fixed size headers. so no matter size of hash you only store first two octets
mircea_popescu: anyway, there's no question left that a usable extant pgp implementaton exists. this should be redone.
asciilifeform retreats to the mathematical room
punkman: you'll have to spell it out for me
asciilifeform: but can now formulate the equation.
mircea_popescu: hence the comments i an i presume him, made.
mircea_popescu: me too, but nevertheless.
asciilifeform: not trivially, no.
mircea_popescu: but still, the situation is not equivalent to "singatures are trivially defeated in the field"
asciilifeform: but i can think of a pretty good illegitimate one.
mats: asciilifeform: I didn't know that. cool.
asciilifeform: punkman, mircea_popescu: can you think of any ~legit~ reason to store only 16 bits of the hash that was signed ?
asciilifeform: mats: and this is still done in mechanical hdd design, see 'elevator' algo.
mats: If subroutines were used, they were implemented by writing the return address to their end then jumping.
mats: Fun fact: the first Minuteman missiles ran off a hard disk as the only available memory. Reads/writes/jumps had to be scheduled to avoid pipeline stalling for a full rotation.
asciilifeform: mircea_popescu: think.
asciilifeform: punkman: think.