tmsr - Search: a

48200+ entries in 0.362s

mircea_popescu: and since we're on this : i'm particularily insulted by the pretentions of ex-"journalists" owners of no more than two pairs of undewear and no two meatballs to rub together in their entrails at any given point that they're you know, postmodern women with preoccupations and opinions and options and whatnot. this shithead made in her entire 10 year long professional life a little over one bitcoin.

asciilifeform: at some point i'ma take a stab at translation.

asciilifeform: ( incidentally, mircea_popescu , possibly pertinent cultur-artifact, http://a-pesni.org/dvor/javychelrod.php )

asciilifeform: i propose to enact this useful new word as a proper thing

asciilifeform: diana_coman: aside from von neumann, and the crc encyclopaedia of well-known algos, i cannot in good conscience recommend much reading. there are works devoted to specific known attacks on rsa ( song y. yang, plus a few ru items ) ; at least 1 dead tree on differential cryptoanalysis ( how items like des get trivially demolished ) whose author presently escapes me; and that's just about it

asciilifeform: diana_coman: the writer is typically a schneier-style wretch who made 'the bargain' and very well knows about otp

asciilifeform: shits forth a concordance, e.g. http://wotpaste.cascadianhacker.com/pastes/MDZMh/?raw=true .

asciilifeform: 1 ) build a gnat proj 2) gnatxref -a -aO path_where_your_ali_files_end_up yourmain.adb > xref.txt

asciilifeform: including the otp proof would immediately invite the q, in even a half-awake reader, of why the fuck the rest of the tree had to die

asciilifeform: but as for the general principles which a naive n00b might hope to find in such a work -- there's nothing since old man john von n.

asciilifeform: which is why 'hitting the books' is a very limited proposition. the most that can generally be asked from the dead trees, is an accurate picture of the popular algos, plus details of the most well-known attacks on various (e.g. lenstra's, pollard's, etc )

diana_coman: myeah, since reading more seriously on crypto I read a LOT of claims, certainly

mircea_popescu: now, the expectation is that a full day of play will produce less than say 2^15 or so messages.

diana_coman: mircea_popescu, and then when client enciphers with 1 from a set of 8 selected from those 16: does this mean reusing that 1 key for as many 128 chunks that particular eulora message has? or do you mean 1 per chunk ?

mircea_popescu: so i'm guessing a daily-ish serpent key change per client is not unreasonable.

mircea_popescu: diana_coman i guess we'll define a "control packet" which is always the first 128 bits of every comm, which will contain data such as "killed key #x moved to #y" and also "running out of keys send moar".

a111: Logged on 2017-11-22 21:56 asciilifeform: my approach is a universal 'stretcher', predicated on having reasonably fast and high-quality trng.

mircea_popescu: diana_coman thereby all game packets will be multiples of 128 bits, and in principle a client can live off the first original rsa op its entire life if it so wishes.

mircea_popescu: this actually seems a rather workable method tbh.

mircea_popescu: asciilifeform client just keeps a list. adds to it when rsagram

mircea_popescu: anyway, so what's the work mode here, every now and again server sends client a rsa-encrypted packet containing 16 aes keys ; client enciphers its comms to the server with one selected from a set of 8 selected from those 16 ; and deciphers server's with one selected from set of 8 other than previous set. now and again burns a key.

asciilifeform: ( in other 'gangrene ? what gangrene?' horrors : 'LibTomCrypt is pretty nice to read (only bug found in last 10 years was in prime generation — failed to iterate Miller-Rabin)' -- from turd https://comsecuris.com/slides/slides-bignum-bhus2015.pdf re broken bignumatrons. cited line presented as a 'hey it's pretty good'... )

asciilifeform: i read that line as a restatement of the ancient 'seekrit algos are a stupidity, honest crypto keeps only privkey seekrit' truism

a111: Logged on 2017-11-14 14:55 mircea_popescu: this is the problem with "complexify the code machine" tendency. somehow it appears intuitively evident that having a portion of the code INSIDE the machine is "a more complex, therefore a more secure system". it is not. 100% of the key belongs in the key.

mircea_popescu: asciilifeform the "specificication" published on cambridge page is most likely a later fake. it's a 2006 item supposedly of a 1998 document.

asciilifeform: sad, innit. asciilifeform for instance has a mtbf of about 1hr when reading about symmetric ciphers. after that -- barf

mircea_popescu: dja see why i'd muchly prefer a native tmsr.rsa length symmetric cypher rather than this nonsense ?

asciilifeform: ( the latter is defined as a family of functions, and so 'rubber' )

asciilifeform: mircea_popescu: serpent isn't defined as a stretchable thing - i.e. it isn't obvious what ought to be changed to produce a larger ( or smaller, for that matter ) block, and still to have it meaningfully similar to original

mircea_popescu: http://btcbase.org/log/2017-11-22#1742198 << how about actually using a 512 bit block ☝︎

a111: Logged on 2014-09-07 18:00 mircea_popescu: It gets worse. Nearly every AES implementation using AESNI will leave two values in registers: The final block of output, and the final round key. The final block of output isn't a problem for encryption operations — it is ciphertext, which we can assume has leaked anyway — but for encryption an AES-128 key can be computed from the final round key, and for decryption the final round key is the AES-128 key. (For AES

asciilifeform: almost impossible to bring up crypto in heathendom without a 'voice in the crowd' 'helpfully' reminding about 'standardized, well-designed aes'

a111: Logged on 2015-07-12 03:17 mircea_popescu: asciilifeform http://trilema.com/2014/minigame-smg-august-2014-statement/#comment-114754 << don't you find it a little odd that even on an obscure liuttle game such as eulora, someone does find the time to carefully probe me about aes ?

a111: Logged on 2016-02-06 16:55 mircea_popescu: derp #1 : "What is wrong with existing block ciphers like AES? AES has been in widespread use for over a decade and to the best of my knowledge, there is still no practical attack on it (unless someone has built a working quantum computer and not told anyone about it). Its totally free of patents and IP issues. Its been implemented in a huge variety of hardware and software (including the Intel CPU that I am using to m

asciilifeform: diana_coman: now let's split 1 byte into ~four~, A,B,C,D. we take same transform and do it to X and Y in turn. in total, we've used 4 bytes from rng device, to cut 1 byte into 4 otpfrags.

trinque: how did someone writing niggers in a school bathroom make the news?

ben_vulpes: "School superintended Keith Marty said it was a surprise to staff that the student responsible was not white." still? STILL a surprise? http://www.dailymail.co.uk/news/article-5108107/Student-writes-white-lives-matter-N-word-mirror.html

asciilifeform: my approach is a universal 'stretcher', predicated on having reasonably fast and high-quality trng. ☟︎

asciilifeform: nope. it isn't a keccak-like thing, isn't 'rubber'

diana_coman: yes, I had found that one; for some reason I thought you had in mind a different approach for expanding block + key size for serpent itself

asciilifeform: ( which it is really but a restatement of )

asciilifeform: you thereby get a 'ratchet'. which afaik is the only hard strength result in all of crypto aside from von neumann's otp proof...

a111: Logged on 2017-02-25 21:26 asciilifeform: so, for instance, you can prove that a k-of-k (must have ALL parts) shamir split, where you then take each share and encipher with different method -- will NEVER be weaker than the strongest cipher used.

asciilifeform: anyway orig method is in log, http://btcbase.org/log/2017-02-25#1618462 << merely in application to slightly different form of the problem ( how to combine voodoociphers in such a way that the result can in no circumstances be weaker than the strongest of the items ) ☝︎

asciilifeform: ( i see it as a still-unsolved problem. )

asciilifeform: the 1 aspect that historically bothered me, is that enemy knows now a relation between the plaintexts in the 4 streams

asciilifeform: to expand a K-bit (block and key, we'll assume, are each K-bit) voodoocipher to J bitness, xor split ( on rng ); having generated J / K independent keys; each incoming plaintext block of J bits, is cut into J / K blocks, and each enciphered with the corresponding key. decipher -- same.

diana_coman: asciilifeform, mind expanding a bit on what you had in mind as best way to expand serpent to 512 bits blocks?

diana_coman: well, I was trying to keep my scope there relatively narrowly focused on serpent itself; it's not a very short post as it is anywya

asciilifeform: the process whereby rijndael became usg's national One Troo Cipher was as dubious a thing as could be expected.

asciilifeform: diana_coman: well 'a candidate replacement for the algorithm used at that time under the name of “Advanced ..' is not quite it, they competed for the usg tourney crown

asciilifeform: feel free to upload the vdiffs/sigs to the ml yourself if you can think of a reason why it belongs there

asciilifeform: in other lulz : http://www.openwall.com/lists/oss-security/2017/11/21/4 ( https://archive.is/N6vFJ ) << 'bignum fuzzer that compares the results of mathematical operations (addtion, subtraction, multiplication, ...) across multiple bignum libraries. Among these is the Go programming language, specifically the "math/big" package [1]. Recently, the fuzzer found a problem in its exponentiation operation...'

asciilifeform: also phf's linked pediwiki item is hilarious : '...floating material in lava lamps, extracting random data from the pictures, and using the result to seed a pseudorandom number generator.[1] Although the secondary part of the random number generation uses a pseudorandom number generator, the full process essentially qualifies as a "true" random number generator due to the random seed that is used.'

asciilifeform for some reason unable to turn up the thread in the l0gz where we did the 'rng design is not a technical problem , but a political problem' thing

asciilifeform: betcha it will become a 'new' idea at, e.g., google, a few yrs from now.

phf: http://btcbase.org/log/2017-11-22#1742041 << it's not surprising that cloudflare's piece doesn't mention lavarand, but the original was invented at SGI and has a couple of patents around it https://www.wired.com/2003/08/random/, https://web.archive.org/web/20010926221159/http://lavarand.sgi.com/ ☝︎

mircea_popescu is evidently working towards a unified theory of mpdom.

asciilifeform: mircea_popescu: it's a fw bug, not silicon , sadly patchable

mircea_popescu: let them build a lot of the chips.

asciilifeform: 'Intel would like to thank Mark Ermolov and Maxim Goryachy from Positive Technologies Research for working collaboratively with Intel on a coordinated disclosure for CVE-2017-5705.' << oh hey named quislings ftr

spyked: http://p.bvulpes.com/pastes/yVbXl/?raw=true <-- most of it is config.sub and config.guess. two lines at the end may fix shinohai's troubles. anyway, I'ma post the whole thing (w3m+gc+js+whatever else) once I manage to do a static build.

spyked: hm. shinohai, I remember patching config.sub and config.guess at least. posting a patch in one minute.

shinohai: bah, weird errors trying to build njs .... this is better left to when I can look at a full cleanup.

shinohai: links is nice, it will at least open images in a framebuffer.

spyked: I like w3m as well. the codebase is surprisingly easy to understand (took me a few hours yesterday to get a vague idea of how modules work together), though I have no idea why they need a gc. links is even more minimal, but I use w3m mainly because it runs in emacs.

shinohai: grrrr .... thanx for assistance spyked. I rather like w3m (because inline images) but truly needs a lot of cruft removed and things organised - mainly the sourceforge madness.

spyked: the original w3m-js patch adds a -ljs compilation/link-time flag. now, there's another issue: if your libjs is in a path that the run-time linker can't find (e.g. /usr/local/lib as opposed to /usr/lib), it will fail again at some point.

shinohai: Nope, not available in repos either .... got a sauce?

shinohai: Its ok spyked .... this is the one I tried, albeit in a Debian VM. ./configure keeps failing for me saying there is no gc

shinohai: !~later tell spyked got a question regarding the w3m patch when you have a sec.

RagnarDanneskjol: mircea_popescu I may have someone worth inviting to chan for interview in the coming days. Most of the folks I know over there are primarily oral translators, so having to look around a bit. Just got back yesterday - BJ is a real shithole but the people are adorable, lots of good duck. FYI - 'VPN AC' (Romanian) seems to be the only one working well/consistently behind the firewall (I've used many) and ☟︎

mircea_popescu: you're familiar with how industrial technology looked at the time, the machine'd have a list of items internally, and glued on a piece of paper giving the words per item

mircea_popescu: "not a primitive" means "nothing can '''conceptually''' be that"

a111: Logged on 2017-11-22 00:33 mircea_popescu: string is not a primitive!

spyked: http://btcbase.org/log/2017-11-21#1741759 , http://btcbase.org/log/2017-11-22#1741862 <-- string not a primitive, but -- "string" datatype aside -- symbol names are (conceptually) strings, so they (the symbol names) require an internal representation etc. cons'ing characters upon reading was simplest approach I found to storing and structuring them. con: list cells introduce memory overhead; pros: avoids arrays and magic numbers like ☝︎☝︎

spyked: http://btcbase.org/log/2017-11-21#1741755 <-- crap. sorry for the confusion! I was thinking about builtin functions, not symbols. need a meaningful way to point symbols to those things, and meaningful way revealed itself once I finally grasped your point. /me proceeds to rewrite symbols+builtin pieces. ☝︎

ben_vulpes: good example of tmsr as antireddit: nothing in the "nollij of crowds", but if yr lucky some sages will come by with a set of koans to set you rethinkin priors

mircea_popescu: thinking abouthttp://btcbase.org/log/2017-11-22#1741970, "пизда îţâşă" would make a pretty decent sluttattoo. ☝︎

mircea_popescu: holy shit turns out i know a lot about field developing.

asciilifeform: ( even in ideal case, will be a somewhat smudged contact print, because chip die is buried under a lid )

asciilifeform: it's a contact print in either case

mircea_popescu: that's not a film, that's a print.

mircea_popescu: or a potato.

mircea_popescu: if you're gonna do it like this, why not use a fridge.

mircea_popescu: asciilifeform what reasoning would impel a sane fellow to use fucking polaroids auto-paper, when a bit of film would have about 9k x resolution ?

mircea_popescu: and a bath, you won't die out of bw bathing ffs.

BingoBoingo: "He's a Romanian living in Costa Rica" "Why? Because he can. You would if you could too."

mircea_popescu: so i go into shop that has you know, coffee toaster and a buncha nuts etc, and go "camarron ?" and the woman looks at me befuddled, so i'm like "semillas de camarron!" and she's eyeing me like wtf then realises. "maranon ?"

BingoBoingo: The co working space is a block still further. The mall is a block to the north. The Pocitos and Buceo playas are equidistant.

mircea_popescu: not bad start. find a shared apt deal among the students after, will be cheaper in the sense of paying for itself via roommates.

BingoBoingo: Just about, in a hostel, during high tourist season.

mircea_popescu: http://btcbase.org/log/2017-11-21#1741804 << what's that, like 400 a month to lay down your head ? ☝︎

mircea_popescu: it started as a straight gaz clone

asciilifeform: and that thing looks quite drivable. something like a willis.

mircea_popescu: people did that sort of thing, back then. and all the fuckbook tards who paint the dude (rightfully or not, i don't give a shit) as the summum malum never as much as put together a fucking lego box. ☟︎

mircea_popescu: made to the tune of 1,5k a day or such, respectable altogether.

mircea_popescu: i tell the girls stories, you know, "to get a car in the 80s you had to deposit 80k lei in this so and so account, and then 8 to 18 months later they'd call you TO THE PLANT and you'd get, mostly, a car. of whatever color they had available and maybe with all the parts. there were no fucking showrooms or anything, people drove the car home 500 kms.

a111: Logged on 2017-11-21 22:50 ben_vulpes: > the founders series roadster will cost buyers a 250K down payment even though it's not coming for more than two years

mircea_popescu: http://btcbase.org/log/2017-11-21#1741801 << this inept socialist empire's vehicular nonsense is starting to sound a lot like the fabled stories of teh romanian socialist republic. ☝︎