473700+ entries in 0.687s
mircea_popescu: obviously, nobody is going
to have
to explain
to anybody why
they lied or anything, but hey. free internet!
ascii_field: betcha
they're already working on
the necessary 'powerpoint.'
mircea_popescu: if you let
them "agree"
to "the reasonable" "explanation" you can laugh at
them later. if you don't, it's gonna be "oh srsly we presented
this before stanford" all over again
mircea_popescu: but
this is why you want "the internet"
to have its
time
to proffer its reactions.
ascii_field: mircea_popescu: so in other news one of
the keys from last night has a valid sig
assbot: Logged on 18-05-2015 14:31:30; mats: osprey falls outta
the sky, again
Apocalyptic: oh, I
thought you knew
the answer and it was a challenge
ascii_field: Apocalyptic: not atm. but i'm currently occupied with other
things
ascii_field: Apocalyptic: if you come up with answer
to
this, please wake me up
Apocalyptic: ascii_field, i'm still
thinking about your "exercice for
the reader" from yesterday as
to how get $othersmuckQ without at least doing a division for every modulus encountered
ascii_field: and what i meant was
that one must demonstrate
that one could import
the pubkey, somewhere, and verify material
that was signed with it
ascii_field: thus i conjecture
that full factorization can be had, at reasonable cost, if
there is a reason
to attempt it
Apocalyptic: so I don't get how you can save
this factorization exercice for after you sign something...
ascii_field: Apocalyptic: see earlier link re: lenstra.
there are algos which are optimized for
the kind of scenario which appears
to exist here (a multitude of smaller primes rather
than
two extremely large ones)
Apocalyptic: afaik you need
to have phi(N)
to get d from e, and computing phi(N) is equivalently hard as getting
the factorization of N
Apocalyptic: ascii_field,
the part where you can sign, which implies knowledge of
the private exponent d without having fully factored
the modulus N
Apocalyptic: ascii_field, can you comment on <Apocalyptic> "for after we demonstrate
that one could 1) sign with
the dud key" wait you can sign without fully factoring N ?
this is news
to me
Pierre_Rochard: yup, read it,
this is
their latest post with more details
assbot: Logged on 13-05-2015 21:42:17; asciilifeform: re: '21' etc >> 'The cornerstone of
the strategy as presented would have been
the release of consumer products
that would
turn power from wall sockets into bitcoin
through
the widespread dissemination of bitcoin mining chips.' << -somebody- clearly reads
the 2013 #b-a logs.
Apocalyptic: anyway
the remainding part I have is not divisible by primes below something like 1 billion if I remember my
tests correctly, may still qualify as -small-
though
ascii_field: Apocalyptic: yes, because folks are presumed
to be using sane keys
Apocalyptic: ascii_field, i
thought
these it was pretty much NFS all
the way
Apocalyptic: "for after we demonstrate
that one could 1) sign with
the dud key" wait you can sign without fully factoring N ?
this is news
to me
ascii_field: one of
the state-of-art factorizers, lenstra's elliptic curve factorization,
ascii_field: Apocalyptic: i was saving
this exercise for after we demonstrate
that one could 1) sign with
the dud key 2) it would verify on some broken pgptron, somewhere
Apocalyptic: (the full factoring is interesting because it's
the only way
to compute
the private exponent d)
☟︎ Apocalyptic: on a 311 decimal base number I have my doubts, even msieve refuses
to crunch it
☟︎ Apocalyptic: but
there is still
this huge reminder, which is certainly not prime,
that remains
to be factored
Apocalyptic: ascii_field, I did some
trivial factoring on
the reminder, got 2 more primes
ascii_field: Apocalyptic: feel free
to perform, e.g., miller-rabin on
the larger factor
Apocalyptic: I would like
to point out
that unless yesterday's modulus was fully factored, which I have no knowledge of, we actually didn't factor
the invalid subkey discussed
ascii_field: Apocalyptic, decimation: i will let mircea_popescu include
this and other interesting zoological specimens in his next article.
Apocalyptic: <ascii_field> at least one falls under
the classical 'generated and correctly signed with dud key' // is
that key at least a classic RSA key, meaning its modulus consists of only 2 prime factors as opposed
to
the case discussed yesterday ?
ascii_field: decimation: most of my observations
thus far are not even remotely consistent with 'bit rot.'
decimation: right, but if a cosmic ray were
to zing
through a ram stick, I wouldn't expect a 32 bit word
to change completely?
ascii_field: decimation:
this is not a consistent pattern across
the entire set.
decimation: ascii_field: someone on
the hn comments also listed
the diff between
the
two keys, and it was 32-bits long
ascii_field: several have invalid self-sigs and for a subset of
these, a non-rotten antecedent key can be found (as pointed out by
the peanut gallery)
ascii_field: at least one falls under
the classical 'generated and correctly signed with dud key'
ascii_field: ben_vulpes: presently
the samples of interest fall into several categories
ben_vulpes: ascii_field:
the new phukkery implies bad keygeneration in
the wild, correct?
decimation: ascii_field: not
to my limited knowledge. "boundlessly naive"/"unlimited innocence" or something like
that.
ascii_field: curious if anyone
tried
to point out
their 'mistake'
ascii_field: nah,
this one doesn't purport
to belong
to anyone famous
ascii_field: we should like
to harness
this engine of undiscovered computronic might
trinque: I just learned
that yesterday from
the fine folks at HN
ascii_field: did you know
that cosmic rays could perform signatures ?
ascii_field: so, one of
the recent phucked keys contains
two subkeys, both of which are phucked. and
the self-sig is... valid.
ascii_field: ;;later
tell decimation does phrase 'grenzenlos naiv' have any idiomatic meaning on
top of
the obvious ?
trinque: you can click foreign keys
to
traverse
them, so on
trinque: run a query, it barfs
the results with appropriate widgets given
the
type of data
trinque: seems one could do an incredible database editor in
this environment
trinque: I am merely scratching
the surface of what I'm looking at, so far
trinque: and
the idea
that
this GUI widget corresponds directly
to some piece of data
trinque: ascii_field: incorporating
the command line model into GUI programming is very cool
trinque: ascii_field: I recall somebody "doing"
this by bolting webkit
to a
terminal emulator :p
ascii_field: trinque: enjoy
the rare experience of encountering one's first non-retarded example of something (in
this case, gui programming) for
the first
time.
trinque: looks easy enough
to fix so I'll probably
take a crack at it at some point
trinque: asciilifeform:
turns out dieharder uses internal glibc preprocessor directives which cause it
to explode when built as c99
hanbot: BingoBoingo Weak 4096 Bit... suggested edits: "the compromised key in question was" / question which was ; " not only on
their
total length of
the key" /
the
total length ; "two very large prime number" / numbers ; "subverted by an adversary from
the key's generation" / range from
the key's ; "what failings of
they keyserver" /
the keyserver ; "they have yet
to factored by" / yet
to be factored ; "this highlight a number of" / highlights
mod6: oh yeah, i saw
that on outside sites.
mike_c: it was discussed on hacker news. looks like
there are a handful of invalid subkeys on
the sks servers
mod6: how do you know
they're subkeys? did I miss
this in
the log?
justJanne: Most of
them don't seem
to be valid.
mats: osprey falls outta
the sky, again
☟︎ mats: their fire will be less accurate in a firefight after a day's patrol due
to muscle fatigue
mike_c: ads look like
they're working (technically at least). we'll see if 8chan'ers have any money.
mats: and as an aside
the high ready position is inferior
mats: looks like she has her finger in
the well
mats: mircea_popescu:
terrible
trigger discipline
jurov: ye olde
tea partie
jurov: "made me reminisce about
the old days of Occupy Wall Street".. like, it was 20 years ago?
mircea_popescu: "look in robots.txt for directories
that derps inadvertently exposed"
justJanne: I’m downloading all
those hidden state.gov documents right now