5000+ entries in 0.568s
ascii_field: a valid packet is necessarily 1)
rsa'd to the node's ephem-key 2) signed by originator's ephem-key
assbot: On how the factored 4096
RSA keys story was handled, and what it means to you. on Trilema - A blog by Mircea Popescu. ... (
http://bit.ly/1VFXivr )
assbot: Logged on 29-10-2014 01:32:22; asciilifeform: possibly these will have to travel armoured and
rsa'd to turdatron's pubkey
mircea_popescu: gpg: Signature made Fri 04 Sep 2015 11:22:04 PM ART using
RSA key ID 2FB7B452
ascii_field: 'Some servers occasionally or consistently produce ServerKeyExchange messages which contain
RSA signatures which are zero. Encoding of the number zero varied. In some cases, zero or one bytes were transmitted. Sometimes the length of the signature matched the size of the
RSA modulus. The latter suggests that the server implementation may have omitted the copy of the computed signature. This could happen if
RSA-CRT
ascii_field: 'We observed one rather peculiar factorization of a
RSA modulus, involving factor 23. What happened was that the public key in the X.509 certificate was corrupted in some (there was a bit flip, according to the server operator), and equation (1) accidentally revealed the factor 23. The corrupted modulus had other small factors, too, and a large composite factor with an unknown factorization.'
funkenstein_: it's also hard to make good
rsa privkeys with dice
mircea_popescu: punkman currently a symmetric session key is
rsa encrypted.
punkman: what's the difference of full
rsa to current gpg?
mike_c: full
rsa would make for some long messages
mircea_popescu: should be fun once pgp is implemented properly as full
rsa.
mats: asciilifeform: just realized it does not use
rsa. derp.
phf: g the wrong
RSA key." message format spec explains "First 2 bytes of the Message Digest inside the
RSA-encrypted integer, to help us figure out if we used the right
RSA key to check the signature."
phf: so to continue this archaeological dig, GPG 2.6 clarifies the usage of 2 octets. reads the header, reads the
rsa ciphertext, decrypts
rsa.
rsa contains a digest of some fields from header and the body of message. so first thing he does next is check the first 2-octets of digest againts the 2-octets in header. if the two don't match program bails with "Error:
RSA-decrypted block is corrupted. This may be caused either by corrupted data or by usin
mircea_popescu: and if youy for some incomprehensible reason MUST use a hybrid scheme, use the following : 1. generate random 4096 hash ; 2. cut your message up into N chunks of size up to 2048 ; 3. xor the chunks with 1; encrypt each chunk via
rsa mircea_popescu: i wasn't at any point contemplating "
rsa encryption =
rsa run once over the message herp"
mircea_popescu: no.
rsa encryption = a succession of individually encrypted blocks.
mircea_popescu: make the damned thing match throughout. bapg = 4096
rsa, 4096 hash, etc.
mircea_popescu: it is ACTUALLY preferable for teh republic that whether
rsa is or is not np-complete is not known.
mircea_popescu: 1. full
rsa. 2. proper signature encapsulation. 3. sane structuring of the keys. 4. etfc.
mircea_popescu: the time i consider changing off
rsa is a time after i've taken a piss on the ruins of the white house.
mircea_popescu: and no, they don't get to uise the "quantum" gimmick to push ecc against
rsa. like they didn't manage the past three or four gimmicks.
mircea_popescu: that said, static allocation goes a long way. this connects to the "fixed time" discussion re
rsa yest.
ascii_field: the (largely lysenkoine and fraudulent, but bear with me) promise of 'homomorphic' is that you can, ostensibly, make a circuit where determining function is similar to breaking
rsa BingoBoingo: asciilifeform: That. Or like Elliptic curve in lieu of
RSA kakobrekla: gpg: encrypted with
RSA key, ID 16B8E32E
mircea_popescu: gpg: encrypted with 4096-bit
RSA key, ID 16B8E32E, created 2011-07-22
punkman: (and yes
RSA keys can do both, it's just a flag gpg sets on the keys)
kakobrekla: punkman i hoped for 'gpg: encrypted with
RSA key, ID 05D01131' or what
mircea_popescu: gpg: Signature made Wed 05 Aug 2015 12:13:13 AM ART using
RSA key ID 01ABFFC7
ascii_field: gpg: Signature made Tue Aug 4 23:13:13 2015 EDT using
RSA key ID 01ABFFC7
mircea_popescu: gpg: Signature made Wed 05 Aug 2015 12:13:13 AM ART using
RSA key ID 01ABFFC7
punkman: "the most often observed fault during
RSA-computations exposed to glitch attacks is the erroneous modification of the moduli."
Adlai finds, while trying to type out the difference between this hunt (
rsa factor collision) and that (reused/predictable k-values), that it's quite elusive