51100+ entries in 0.376s
diana_coman: asciilifeform, for starters
I don't know what is "large enough" aka "not fatally small" p or q
diana_coman: asciilifeform,
I meant in the final pair;
i.e. you get p=3 and q=2^4095+1 sort of thing; ofc throw both in a pair if product not right size; but if not enforcing any size condition at all on p and q then you can end up with any small prime too
a111: Logged on 2017-11-14 01:09 asciilifeform: the way
i'd implement the whole shebang, is simply to reject both primes if the highest bit of pq is not 1 .
a111: Logged on 2017-11-14 11:25 diana_coman: apeloyee, if
I understand that correctly basically the only way to plug that leak would be to give up on diddling p and q, including setting size; which would mean just get random pairs of primes until their product fits the desired number of bits for the key; obv this lands into the trouble of having one of them too small
a111: Logged on 2017-11-14 11:09 apeloyee:
http://btcbase.org/log/2017-11-08#1734517 << not quite. for encryption, if
I get your modulus, and you actually want to read my messages,
I can generate a public exponent between M/2 and (say) 3M/4, and attach it to the message in plaintext.
diana_coman: that being said,
I can't quite see it being any *worse* than this affair with fixed size AND fixed top bits
☟︎ diana_coman: apeloyee, my first thought went that way but then on one hand this just makes the interval larger basically and on the other hand
I have no idea how to even evaluate the compromise (
i.e. how large interval is large enough anyway, leaving aside that the how big is big enough for p and q is not that terribly clear either -at least not to me); in other words
I can see it as an improvement but
I can't actually evaluate it clearly
a111: Logged on 2017-11-13 19:35 asciilifeform: phf: ideally
i'd get rid of Ada.Strings , full stop
diana_coman: apeloyee, if
I understand that correctly basically the only way to plug that leak would be to give up on diddling p and q, including setting size; which would mean just get random pairs of primes until their product fits the desired number of bits for the key; obv this lands into the trouble of having one of them too small
☟︎ apeloyee: (
i.e. M is not prime, and not single-digit)
apeloyee: fwiw
I just realized that this ^ leaks a little via the modulus
diana_coman:
http://btcbase.org/log/2017-11-14#1737414 <- confirmed;
I do NOT use any nextprime or other "rng"-parts from gpg; current rsatron prototype simply grabs nbits from fg, flips the 2 top bits and 1 bottom bit as per previous discussion and then checks if result is prime; if prime then keep, otherwise discard and try again; no "add 2 until prime" or other such thing
☝︎ BingoBoingo: It looks like
I'm going to be spending 2U on an Ubiquity Edgerouter Pro and an Ebuquity Edgeswitch lite, unless there are other ideas for networking hardware
a111: Logged on 2017-11-13 20:57 asciilifeform: the boojum is that neither
i nor anybody else knows of any rational way to quantify the compromise.
a111: Logged on 2017-11-13 20:35 diana_coman:
I can't seem to find in the logs any discussion re duplex construction/duplexing the sponge
i.e. keccak's authors own proposal of using keccak for authenticated encryption; did anyone look into this?
mircea_popescu:
i get odd viral influenzas in the first months of mingling with the whores of a new land also.
a111: Logged on 2017-11-14 01:02 mircea_popescu: im not going to have my tech people do backflips to seamlessly bridge imperial idiocy into reality when
i could just have the marketing people point out to how the empire lied by making the difference a point of difference.
a111: Logged on 2017-11-13 17:04 lobbes: Very accommodating d00d indeed.
I invited him here, as well, but you know how that goes
mircea_popescu: im not going to have my tech people do backflips to seamlessly bridge imperial idiocy into reality when
i could just have the marketing people point out to how the empire lied by making the difference a point of difference.
☟︎ diana_coman: at a first pass this duplex thing based on keccak seems to be a similar attempt really, hence my question if anyone looked at it more closely (
I'm still trying to fully grasp it, not there yet)
a111: Logged on 2017-10-06 23:13 mircea_popescu: basically the scheme is, you rsa a random bitfield, then you expand that into as much otp as you want by doing recursively Fi = hash(bitfield + Fi-1). there's a limit on
i, obviously, which can be set to 1.
diana_coman: heh, true that;
I think first trouble there is that "never-reuse" choice means "no-knob" for client who pays however for the traffic; the whole point was precisely to let player choose their own level of compromise between cost and security (otps are generated on the server for good reason)
diana_coman:
I meant the choice of specific, concrete way to expand the original bitfield
i.e. "reuse the otp"
diana_coman: asciilifeform,
I'm still looking/exploring potential solutions for client-server communication needs in eulora
diana_coman: however so far
I focused on the reference paper on keccak itself (The Keccak reference version 3.0)
diana_coman: well,
I have several papers on keccak and one of them is this "Duplexing the sponge: single-pass authenticated encryption and other applications"
diana_coman:
I can't seem to find in the logs any discussion re duplex construction/duplexing the sponge
i.e. keccak's authors own proposal of using keccak for authenticated encryption; did anyone look into this?
☟︎ phf: well,
i'm thinking in terms of a TMSR MACHINE. scheme.adb linked against ffa linked against that com1 hack you posted some time ago :p
a111: Logged on 2017-11-12 23:12 asciilifeform:
i'm not fully convinced that a scripting lang ~needs~ a gc
phf: asciilifeform:
i'm using "memory management" meaning of cons, not like lisp 101 take on it. they don't have cons meaning that there's no managed heap, there's no gc on that heap, and you can't allocate things into the heap and let it be managed by heap machinery. so they have "cons", but their ~actual~ cons is ada's "new ..."
phf: somewhat relatedly one handy thing
i saw on CADR is named cons regions,
i.e. explicit memory regions where you can cons and every allocation function having a *-in-region equivalent, like (cons-in-region x y region).
i'm not sure if that's there, but you presumably can do some kind (with-cons-region (region ...) body) thing. naturally those regions can be saved (preserved referential integrity) or cleared, etc.
phf: right,
i suspect that scheme.adb doesn't touch on it, because, again, no cons
phf:
i'm not sure how you're planning on doing that, unless you mean ada level pointers. you'd have to have objects with values that are offsets into your virtual heap
phf: there be dragons.
i mean, if you're rewriting a parser in lisp, then you might as well have proper readtables, rather then hardcoded sexp hack
phf: well, right.
i'm not sure what ada.strings is (
i.e. is it a protocol or concrete datatype), so
i can't really comment further
lobbes: Very accommodating d00d indeed.
I invited him here, as well, but you know how that goes
☟︎ trinque: surely the tickerbot has been switched to bitcoin crash? what do
I make of this?
mod6:
i must be missing something
a111: Logged on 2017-11-13 11:43 mircea_popescu: this is evidently a "loss" of entropy, in the sense that what is advertised (4096) differs from what is actually delivered (no more than 4090).
i am of a good mind to start calling them 4090 bit keys tbh.
mircea_popescu: the chances of such repeating happening naturally'd be ~the inverse of ∏(1 - 2i/6.5e612), 1<
i<n where n is the number of keys ever made. fortunately this evaluates to "never" on all extant iron.
mircea_popescu: this is evidently a "loss" of entropy, in the sense that what is advertised (4096) differs from what is actually delivered (no more than 4090).
i am of a good mind to start calling them 4090 bit keys tbh.
☟︎ BingoBoingo:
I thought needing a strobe light to see was something young boys learned escaping Kevin Spacey's basement
BingoBoingo: In other mine chaff: "What the fuck… that is the most messed up thing
I ever read.
I am not European just because
I have white skin, you sicko.
I do not relate to the experiences of white people, why would
I identify with them? You probably have an inferiority complex and feel the need to pretend you’re white because you hate yourself."
BingoBoingo: asciilifeform:
I've been ferrying a miss trainwreck around as favor to her sponsor. Very entertaining ordeal.
a111: Logged on 2017-01-27 23:36 asciilifeform: (
i was once, and
i shit thee not, 'research chemist'. not because knew any chemistry, but because there was --
i shit thee not -- no box to 'tick' in the form, for 'programmer')
mats:
i've heard a number of stories with folks using pointy end of empty rifle to strike dwelling inhabitants during breach&clear, jokesters bringing hatchets, axes, machetes for MOUT, etc
mircea_popescu: asciilifeform honestly,
i believe there's 0 expectation on the part of us army that anyone under that flag will ever fight again. "you wanna shoot, join the police wtf! army is for "assisting local combatants"
mats:
i passed out after getting hit in formation the one time
mircea_popescu: jsm. could come with a handy "pronounciation guide", which the sort of tard outfits listing "evanghelist" and "at large" on their "Careers" page always include in their god-awful "phonetic" pigdin
i mean peeg-deen
mircea_popescu: asciilifeform
i dunno, some random dorks "reinventing" some web or the other.
a111: Logged on 2017-11-13 00:14 hanbot: spyked
i lolled; also "use the remaining to produce milk for four cows." might be better stated as "use the remaining to produce four cows' worth of milk." or similar
spyked:
http://btcbase.org/log/2017-11-13#1736972 <--
I did follow in read-only mode. (and unfortunately suspecting that
I will continue to do so until upcoming vacation, when
I can start doing ~actual productive work) the principle being,
I either read daily, or logs pile up and
I fall continuously out of sync. (almost happened last weekend!)
☝︎