5134 entries in 0.848s
davout: it occurs to me it would be really nice to have a way to easily dice-generate an
rsa keypair as to not rely on whatever prng
STRML: gpg: imported: 1 (
RSA: 1)
mircea_popescu: i been looking for it magically can't find it. the one that had the
rsa break in the last fascicle
mircea_popescu: even if you use
rsa-only keys, you can
rsa-encrypt a message so that it's easier to break but still decryptable by destination.
decimation: I donno, what would you name your
rsa/udp/wot idea?
decimation: yeah this is why
RSA seems more compelling
decimation: yeah, it was a noob implementation. But it brought up a question in my mind: for
RSA, private key and public key are derived from a prime number. Is there a similar procedure for ECDSA?
BingoBoingo: Well, I dunno of any better to gen keys with atm than
RSA.
iang: seems to work better if I give it an
RSA key ;-)
BingoBoingo: iang: Current best practice seems to be gen
RSA/
RSA and just make the it huge
assbot: Logged on 23-11-2014 05:11:53; asciilifeform: a 4096-bit
rsa signature and key fp fit handily in a udp minimal packet.
assbot: Logged on 23-11-2014 05:04:09; asciilifeform: mircea_popescu: this is why, in my unofficial wonderland, you can't even open a socket without transmitting an
rsa-signed a 'this is me, and my wot' breath of life packet.
decimation: asciilifeform: but apparently they broke a 512-bit
rsa cert!
decimation: right, which is why no one uses 1024
rsa anymore (at least anyone who matters)
mircea_popescu: anwyay : you'll also notice we quite strictly use 4kb
rsa sigs in our gpg
PeterL: have there been private
rsa keys linked to extortion?
decimation: I wonder if usg has attempted to jail someone for possessing a private
rsa key that is directly linked with extortion?
mircea_popescu: gpg: Signature made Sun 02 Nov 2014 11:29:39 PM EET using
RSA key ID F3251143
jurov:
rsa is only possible because we have probabilistic primality tests for bignums up to arbitrary certainty
mircea_popescu: you telling me the
rsa e must be a fermat prime ? why ?
assbot: cryptanalysis - Definition of Textbook
RSA - Cryptography Stack Exchange
bounce: why do you want pure
rsa?
mircea_popescu: you know, thinking about this, i think i actyally want pgp reimplemented. usgavin's speshul maths about how things improve make me realise that having a pure
rsa based code rather than the current encode a symmetric chypher method is perhaps feasible.
jurov: to get 1024bits you'll need 400 dice throws. and lesser
rsa is vulnerable
jurov: i had in mind
RSA something.. multiplying 200digit numbers would be tedious but doable
pete_dushenski: interestingly, kryptokit keys are only 2,047 instead of 2,048
rsa keys. odd, no?
kakobrekla: well lucky for her,
RSA can be done with pen and paper ?
mats_cd03: interesting to me, since i know about zero things re:
rsa.
assbot: security - Why is this commit that sets the
RSA public exponent to 1 problematic? - Stack Overflow
kuzetsa: what's wrong with using openssl to generate
RSA keys?
kuzetsa: gnupg uses libgcrypt for the
RSA key generation :(
kuzetsa: and then when you select
RSA it's done via openssl
xmj: kuzetsa: hopefully your
RSA key uses OpenSSH
kuzetsa: well... I mean my GPG key for authing with gribble is an
RSA key but other than that
kuzetsa: I haven't got anything using
RSA in production at this time
assbot: MFSA 2014-73:
RSA Signature Forgery in NSS
assbot: Prime Number Hide-and-Seek: How the
RSA Cipher Works
mircea_popescu: if he can get paid to listen to
rsa keys buyt then for "technical reasons" can make that baloon 10x,
decimation: asciilifeform: I thought that the usg signed stuff with
rsa certs generally
mircea_popescu: "Anything ECC is currently highly suspicious, not in the least because the math is complex." <<< ah i'm so flattered. so a year or two ago, schneier and the "consensus" i nthe community was that
rsa bad, ecc good ; mp was exactly on the other position.
decimation: asciilifeform: it does seem that mental
rsa is more likely to be useful than a totally new system
xmj: fluffypony: what exactly do you expect for
RSA's future?
assbot: A Tiny
RSA Cryptosystem based on Arduino Microcontroller Useful for Small Scale Networks
xmj: fluffypony: in english, cross jurisdictions? or
RSA specific?
assbot: Bleichenbacher's e=3
RSA Attack
Jason: peterl: tl;dr: i'd pick
rsa. dsa has some hash weaknesses.
assbot: security - What is better for GPG keys -
RSA or DSA? - Super User
peterl: which is better, DSA or
RSA key?
ascii_at_beach: it's like
rsa. you can communicate it to an educated person in five minutes.
mircea_popescu: by zed.gendns.com with esmtps (UNKNOWN:DHE-
RSA-AES256-GCM-SHA384:256)
mircea_popescu: "have a 4096
rsa key made out of 8 parts! it may not be as strong as the proper key, but that's good : if you forget your passphrase you can break the key and retreive your stuff!"
mircea_popescu: but even so, 10 bits a throw, a 4k
rsa key needs what, 7-800 ?