ascii_butugychag: jurov: you can trivially do it right now, just walk all of sks, if the pubkey is - well - public, you can determine that someone rsa'd to it
mircea_popescu: and incidentally, as a bright mathematical mind pointed out once, "at some point the effort invested in stating rsa is 'widely researched' exceeds the effort ever expended into researching it"
asciilifeform: (as secure as 8x the bits of rsa!1111111)
asciilifeform: problem is that one doesn't get to 'make a name' in academe as 'cryptographer' by pushing rsa.☟︎
ascii_butugychag: do you see nsa putting 400 usd bounty on breaking rsa ?
mircea_popescu: <BingoBoingo> RSA offers a longer hisotry of being studied and attacked << more importantly, it actually fits in head. a 12 yo's head.
BingoBoingo: RSA offers a longer hisotry of being studied and attacked
BingoBoingo: Why would anyone use GPG2, or ECC when RSA is available
BingoBoingo: Generating GPG keys that don't suck is hard because RSA encryption is decrypted by division. Too easy to divide, falls. ECDSA in Bitcoin gets more breathing room for now because not as straight forward.
asciilifeform: but looks like the actual rsa op was carried out WITH THE SUBKEY
asciilifeform: it is in the attempt to divorce the abstraction of what the user is doing from the actual rsa (moduli)
jurov: gpg: Signature made So 26. december 2015, 01:37:34 CET using RSA key ID 01ABFFC7
ascii_rear: (how many times can you use, e.g., a pill against rsa ?)
mircea_popescu orders derpy server to create 4096b rsa key
kakobrekla: gpg: Signature made Sat 26 Dec 2015 12:37:34 AM UTC using RSA key ID 01ABFFC7
assbot: Logged on 23-12-2015 17:32:23; mircea_popescu: rsa, sadly, wouldn't really work for this application
mircea_popescu: rsa, sadly, wouldn't really work for this application☟︎
ascii_field: mircea_popescu: 'Not only are they part of the transaction, not only are they an integral part of the transaction : they are the only actually needed part. What makes a transaction a transaction is the signature, nothing else. Everything else is like marketing : contributes to costs, not to revenue.' << here i will note that, if bitcoin used rsa sigs, the tx and the signature could be literally one and the same thing
asciilifeform: i also can't help but appreciate the sheer magnitude of the 'fud' surrounding 'd-wave' - as if there could be any doubt whatsoever that the box is a work of charlatanry (doesn't run shor's algo and break rsa? not quantum comp. QED.)
asciilifeform: aaah yeaaaah sure, sslizing my rsa key makes me ah so hot&bothered
mircea_popescu: anyway, none of this is even practical without mass cardanos, because iirc c-s consumes even more entropy than rsa.
mircea_popescu: let us indulge then. cramer-shoup is an asym key system, just like rsa or ecc.
mircea_popescu: "Although the potential development of quantum computers threatens the security of many common forms of cryptography such as RSA, "
mircea_popescu: but so far we don't even know if we actually want rsa (this for lack of gossipd) nor have we studied shoup etc.
mircea_popescu: and while at it, new, pure-rsa signature scheme.
mircea_popescu: "Cuccias said that Nest Cam uses 128-bit SSL encryption, Perfect Forward Secrecy and a 2048-bit RSA key that is unique to each camera. “This ensures that videos are not accessible, even over open WiFi networks. That said, customers can always see the status of their camera through the Nest app,” "
asciilifeform: y'know, the folks who pop rsa, plant rf bugs in cpu masks, etc.
mircea_popescu: anyway, to put the thing in more distant, and thus perhaps more comprehensible terms even if you'll likely not be able to resist the temptation to crush naisl with the microscope : "what is the value of rsa to kenyan ?" and "obviously all this 'crypto work' is general 20yo cunt good looks" to kenyan.
ascii_field: 'The AES-256-CBC algorithm is used to encrypt files; all files are encrypted with the same key... In spite of the scary stories about RSA-2048 shown to victims, this encryption algorithm is not used by the malware in any form... The AES-256-CBC algorithm is used to encrypt files; all files are encrypted with the same key.'
assbot: On how the factored 4096 RSA keys story was handled, and what it means to you. on Trilema - A blog by Mircea Popescu. ... ( http://bit.ly/1NlQkIc )
ascii_field: cameraball is a hypothetical device consisting of sealed pyrex sphere with two fish-eye cameras inside. charged and addressed via induction coil. contains a certain amount of eeprom, signs each frame with rsa key, which is zeroed if the glass is penetrated.
ascii_field: (a civilized setup will have rsa backing on both sides)
phf: so gossipd is "in progress", but fella's not been heard from in a very long time. gpg has not been started, but ascii presumably has a lot of ideas about it. then there's pie in the sky projects, like fabricating own cpus or rsa over udp routers.
mircea_popescu: can you demonstrate rsa malleability in the sense of, appending "pete_dushenski.rate.punkman.2:" as prefix to cyphertext ?
ascii_field: so he modifies assbot so that the next time mircea_popescu is given otp token, it is actually carrying the rsa-enciphered symmetric key from $message
ascii_field: but what you actually decrypted with rsa was a random blob
asciilifeform: 'Given that we are expecting to soon switch from RSA to ECC for improved security and that the current base of OpenPGP implementations supporting ECC is quite small, I would recommend not to allow a second fingerprint format for v4 keys but to bind a new fingerprint format to a v5 key packet version.' << who the fuck is 'we' ?!
mircea_popescu: asciilifeform how is unpadded rsa supposed to work ?
asciilifeform: and to that we have analogy: the pure-rsa variant
mircea_popescu: so facebook supports non-rsa-only pgp ? heh mkay.
assbot: Logged on 21-09-2015 18:16:12; ascii_field: phun phakt: it is not a proven fact that the difficulty of the rsa problem as such is equivalent to that of factoring.
ascii_field: phun phakt: it is not a proven fact that the difficulty of the rsa problem as such is equivalent to that of factoring.☟︎
ascii_field: the reason for this is that (as anyone who stayed awake in kindergarten ??) knows, rsa operation is malleable
ascii_field: the basic idea of 'padding' is that before you can really use rsa, you have to proclaim 'i will NEVER EVEN consider a blob that doesn't decrypt to this-standard-boilerplate-and-the-payload' - or, in the case of signatures, 'it is ~not~ a signature unless the signed payload is such-and-such-boilerplate-and-THEN-the-actual-payload'
