alphonse23_: for instance, I'd like to actually understands rsa factoring
trinque: alphonse23_: note that this does not mean RSA in the abstract is broken
alphonse23_: this is the channel that announced that they factore a 4067 rsa key
pete_dushenski: "As in the great days of the Studio System, NSA's star male lead spent a lot of time loaned out to other studios this Spring. The critically panned "RSA In The Soup!" trilogy was just packaged recently, while filming for the Thermonuked Chicken Saga continues." << haha priceless
Lk4_DPB: i was at some event in milano and they talked about assets as a the place that knoews best about bitcoin adn that discovered a probem with rsa keys
jurov: i mean there can be multiple rsa keys in one gpg key, no?
asciilifeform: (key containing no rsa moduli will not be stored or processed)
asciilifeform: jurov: phuctor deals -only- with rsa moduli.
asciilifeform: beyond this, it helps to review how rsa works.
asciilifeform: ;;later tell mircea_popescu paused pump, resumed werker. we have around 1/4 of the total rsa keys available submitted (or processed) at this point.
asciilifeform: incidentally, it would be a mistake to conclude that nsa was specifically raging against rsa and only it
decimation: "Steve?s design was rejected, not because it was unsound, but because NSA did not want to see ANY encryption work going on in the public domain ARPA project, some say because they did not want to see the world be ?too secure? by default. (Rivest and friends had just invented RSA, and the government was trying to declare it Top Secret, then later prohibited under ITAR munitions control export laws)."
assbot: Logged on 27-05-2015 09:23:44; mircea_popescu: Other issues with ZKP include the RSA private key used to initiate the accumulator, which must be trusted to be destroyed by the generating party. << for the record, this isn't "other issues". this is enough to render the entire thing a joke.
mircea_popescu: Other issues with ZKP include the RSA private key used to initiate the accumulator, which must be trusted to be destroyed by the generating party. << for the record, this isn't "other issues". this is enough to render the entire thing a joke.☟︎
asciilifeform: mircea_popescu: nope. last night when got home, turned on experiment where it snarfs from pre-filtered (i.e. having rsa moduli) keys
mircea_popescu: but no, what i want is dual rsa-cs for b-a's dream-reimplementaton of pgp
mircea_popescu: is rsa 4096 bit a guarantee you will have an n 4096 bits long (i think) or is it actually you will have two primes 2048 bits long each, with high bit set each.
mircea_popescu: not as in "what rsa means", as in "what rsa 4096" means
mircea_popescu: he quotes "Note that it is not said nor implied here that there's any sort of theoretical vulnerability related to using 65537 as an exponent for RSA.". the full quote is "Note that it is not said nor implied here that there's any sort of theoretical vulnerability related to using 65537 as an exponent for RSA. The point is that you don't know what exact implementation flaws the NSA is or may be relying on, and for this
BingoBoingo: mircea_popescu: tbh, someone has to explain this "subkeys" retardation to me sometime. fucking pseudohierarchy devoid of meaning. << Within your big GPG keyblock you can have multiple keys, say a 4096 RSA for signing and another 4096 to encrypt to. Beyond that you can keep stuffing moar keys in there just because...
ascii_field: Apocalyptic: as a general rule, an rsa modulus generated without regard to rules (primality testing, pollard-rho, the lot) is cheap to factor.
ascii_field: mircea_popescu: quite a few. which is consistent with the 'random bits make terrible rsa moduli' thing.
ascii_field: and the panic is entirely the work of the enemy, who is passing around the idiot strawman that 'rsa was broken. oh wait, no it wasn't! disregard the whole thing!'
ascii_field: Hasimir: so far each of the cases i have examined in detail had -at least one- legit rsa modulus in subkeys
ascii_field: Hasimir: the shenanigans exposed appear to have an intent which includes - but not necessarily limited to - passing off spurious rsa keys for various names
ascii_field: Hasimir: understand, someone can create a key containing an rsa modulus of the kind described here using a modified copy of your, e.g., el gamal, key
mircea_popescu: if he also has a rsa key by the same name, he will be in the list of rsa keys.
Hasimir: you only deal with rsa, you only claim to have rsa priv keys, but you list dsa/elgamal keys as broken ...
mircea_popescu: "Some widely deployed RSA implementations choke on big RSA public exponents. E.g. the RSA code in Windows (CryptoAPI, used by Internet Explorer for HTTPS) insists on encoding the public exponent within a single 32-bit word; it cannot process a public key with a bigger public exponent."
Hasimir: no, not seriously, there's a big difference between some bunch of people with crap entropy sources and rsa being borked
mircea_popescu: davout 138.More factored RSA keys, and assorted other considerations (trilema.com)3 points by davout 2 hours ago | discuss << it's greyed out, so i guess it got neg'd somehow.
asciilifeform: mircea_popescu: item in question treated rsa weakening from the use of peculiarly large exponents.
mircea_popescu: unrelatedly, for the journos and other news fiends watching the log : i came to a resolution of a major sticking point re the rsa factorisation thing, large article coming in a few hours.
trinque: Congressman Mike Rogers told the RSA audience more than once that metadata in bulk surveillance collection "is just the 'To: From:' like the front of an envelope."
Apocalyptic: <ascii_field> at least one falls under the classical 'generated and correctly signed with dud key' // is that key at least a classic RSA key, meaning its modulus consists of only 2 prime factors as opposed to the case discussed yesterday ?
