asciilifeform: i'ma cheat and cite my own article, http://www.loper-os.org/?p=1913 : '... in a heavily-restricted subset of the Ada programming language — the only currently-existing nonproprietary statically-compiled language which permits fully bounds-checked, pointerolade-free code and practically-auditable binaries. We will be using GNAT, which relies on the GCC backend.'
asciilifeform: ( it is however presently unclear to me why the entire ciphrator has to live in kernelspace. granted the packet-thrower perhaps must. but why whole thing. )
asciilifeform: ( iirc i posted a cookbook re same, while back )
asciilifeform: zx2c4, mircea_popescu : it is quite trivial to build a kernel mod with gnat
asciilifeform: it is demonstrably not constant time, on several popular machines, we went over this
asciilifeform: because i can tell when a particular message has been received and ack'd
asciilifeform: zx2c4: the distinguishability of keepalives also makes it considerably easier to carry out timing attack on your nonconstanttime ecc engine
asciilifeform: zx2c4: speaking in general of symmetric ciphers -- a known-plaintext instance anywhere in the stream, or even a means of narrowing down possible plaintext, makes for considerably cheaper break
asciilifeform: mircea_popescu do you have a link to the famous penguin handy ?
asciilifeform: ( alternatively, how many bits do i need to flip in an otherwise correctly configured box, to set a 'noise' cipherer, into null mode ? )
asciilifeform: mircea_popescu: what i see is, the cell is there, but there is no indication that it is connected , as it ought to be, to red lights, siren, and dropping of reactor moderator rods
asciilifeform: ( when initially connected to fleanode )
asciilifeform: zx2c4: generally you will say !!up to deedbot in pm
asciilifeform: it appears to be a valid state of the state machine. else why would it be mentioned in the spec.
asciilifeform: what's the justification, for permitting it at all
asciilifeform: i understand the bare fact, zx2c4 . my question is, why do you think the protocol author permitted an unsecured mode as a valid mode of operation ?
asciilifeform: zx2c4: are you the author of 'noise' protocol ?
asciilifeform has 1 more q for zx2c4 , after mircea_popescu finishes
asciilifeform: zx2c4: which you can withdraw using deedbot at your leisure
asciilifeform: zx2c4: he just threw a whole bitcoin into your piggy.
asciilifeform: zx2c4: they're for mircea_popescu to decrypt; it makes the command go.
asciilifeform: mircea_popescu: lol notyet, i did the 'civilized' thing as you suggested.
asciilifeform: zx2c4: i'ma leave the rest of the session to mircea_popescu , owner of this chan, and my co-author in e.g. the FUCKGOATS auditable trng, https://archive.is/CGQkR )
asciilifeform: but it so happens that i in particular do not think much of the work of current 'pro cryptographers'.
asciilifeform: i'm less interested in 'testimonials', and more in re criticisms
asciilifeform: zx2c4: so it is not possible currently for me to learn , which cryptographers reviewed, and what they had said ?
asciilifeform: i'm curious, for instance, whether any of the cryptographers observed that the arithmetical routines behind your ecc are not in fact constant time on e.g. arm.
asciilifeform: are the reviews published somewhere ?
asciilifeform: since mentioned scrutiny : on www of 'wireguard', there is mention of 'reviewed by cryptographers' . may i ask, who reviewed ?
asciilifeform: i don't see 'not publicly smashed to bits of just yet' as a proof of strength, given as it is true of literally every system ever devised, until the moment of public breakage
asciilifeform: but of djb's in particular, their sudden popularity in past few yrs also has no satisfying explanation imho.
asciilifeform: i am skeptical of all symmetric ciphers and hashes, given as there exists no scientific basis for considering any of them to be actually strong.
asciilifeform: it's a 1) open problem 2) afaik nobody is publicly working on
asciilifeform: but i have a somewhat different approach, which i call 'fits in head'
asciilifeform: zx2c4: i've spent the past ~2yrs writing a properly constant-time arithmetic lib. it is being slowly published. ( see earlier link to my www )
asciilifeform: zx2c4: most of the currently-sold intels are ok re : imul. arm, however, is not
asciilifeform: ( complete with list of known-to-be-sad chips )
asciilifeform: btw zx2c4 , i must regret to inform you that the code you linked, is in fact NOT constant-time on several common architectures, because it makes use of machine MUL instruction ( gcc will compile a nonconstant-operanded '*' to e.g. IMUL on x86 )
