tmsr - Search: a

57300+ entries in 0.352s

PeterL: It checks to see if it is using the right key by comparing the decrypted text agains a pre-known challeng-string (cs)

a111: Logged on 2017-08-09 14:12 PeterL: using the wrong key will result in a random byte string, so with a cs of 1 byte, you have 1/256 chance of looking like it was the right key

asciilifeform: this produces a solution always.

mircea_popescu: asciilifeform i was discussing a more general rsa scheme, not gossipd specifically.

a111: Logged on 2017-08-09 14:11 PeterL: if you have a 0 byte cs, then every message looks good

mircea_popescu: and rnd(256, l) is not equivalent because who the fuck knows what rnd does when a > b.

PeterL: I will have a look at making a reversing function for the mpfhf

mircea_popescu: PeterL so if you feel like writing a mpfhf reverser... afaik nobody has to date.

mircea_popescu: anyway, let it be said that there's nothing wrong with oaep as far as we know, but for the sake of argument a mpfhf based padding scheme would conceivably work like this : 1. given message m, of length l, generate r = random bits, of length l' up to l but not less than 256 bits. 2. compose m' = r + m + c (in that order), where c is l - l` (and its bitness is always same as the bitness of len(m')-256). 3. compose Pm = R + S + ☟︎

PeterL: mircea_popescu linking to a pdf, what is the world coming to!?

mircea_popescu: and since we're apparently doing rsa likbez : if r used in padding above contributes less than n / e^2 bits of entropy to the final, padded message, coppersmith has a few words to tell you.

PeterL: is that a good thing?

mircea_popescu: basically it takes a random string, jumbles it with the original message, and spits out two halves. the hope with it is that it provides all-or-nothing security, in the sense that to recover any bit of the message you need to correctly process the entire pair of jumbled strings.

mircea_popescu: it's a sort of two-box permutation thing.

mircea_popescu: now, alf's scheme is probably valid padding, though it is very expensive. it works like so : to encrypt a message m to key X, you : a) generate two one-time keys, A and B. you encrypt some bits of m to A and some to B, randomly chosen. you pile together : the bits of m encrypted with A, the bits of m encrypted with B, the schedule of which is which, and the keys A and B into one large m'

mod6: meanwwhile, I'll add a preface to the HOWTO doc on the minimum requirements. thanks to diana_coman for gathering them up once upon a time.

PeterL: no, recipient goes through his list of keys A and B until he finds the one that decrypts it

mircea_popescu: PeterL and then you add key A and B to the message at the end so recipient can un-pad ?

PeterL: this is the padding algorithm described by alf: take random bits r and message x, encrypt r to key A and encrypt (r XOR x) to key B

PeterL: aha, that seems like a logical solution.

mircea_popescu: https://www.ti89.com/cryptotut/rsa3.htm << very handy rsa tutorial in that it uses base 10 and alphabet-indexing for letters. so one can actually rsa by hand and get a good model of what's going on. ☟︎

mircea_popescu: PeterL the logical approach would be to include a checksum neh ?

PeterL: using the wrong key will result in a random byte string, so with a cs of 1 byte, you have 1/256 chance of looking like it was the right key ☟︎

PeterL: if you have a 0 byte cs, then every message looks good ☟︎

a111: Logged on 2017-08-08 23:33 mircea_popescu: PeterL +# IMPORTANT NOTE: if the cs is too small, messages have a chance to get decrypted by the wrong key << what is the logic behind this ?

mircea_popescu: and mind that m-r is a ~probabilistic~ test.

mircea_popescu: found a c impl somewhere ?

edivad: i know, it wasn't a smart move, but if you see a spike of traffic now you know that it wasn't a ddos attempt

edivad: ok thanks, intially i thought that maybe doing 400-500 mb of http traffic could be seen as a bad thing

mircea_popescu: they also end up on archive.is, because the bot archives links and the odds of a whole day going by without a single log reference are small.

edivad: I've done it yesterday for a friend that asked me a dvd with the logs inside, to read them when on holiday with no internet access

edivad: a thing that i've not asked and now i remembered

BingoBoingo: !~later tell trinque maybe look into the edivad deedbot registration thing? Guy is having a hard time

BingoBoingo: http://qntra.net/2017/08/a-list-of-known-bitcoin-ransom-cases/#comment-107260

mircea_popescu: and in random other lulz : it's funny how the libertards worshipping at the watergate shrine usually omit to mention that by then washington post had been a libel tabloid for years. somehow dillard stokes' name never comes up. somehow they don't seem to notice it always was simply us sturmer.

edivad: well, I have a spare brazilian passport in the drawer, so when I've read the universal plan, I instantly got some very powerful energy for a future exit plan

BingoBoingo: And it's a rather portable skill

BingoBoingo: Painting done well is a perfectly respectable trade.

edivad: but then after a month i realized that I was needing a better plan

edivad: mircea_popescu: because the universal plan for wealth makes some great guidelines, but then since every situation is different, I'm trying to understand if there is a better approach for who hasn't already a job and is studying

mircea_popescu: this is how growing up goes : you take stock of situation, you make a plan, you implement it.

edivad: or there is a better way to get credit, without harming finance of my family (so not asking to them to put collaterals for my loans)

edivad: but my question is: as a student without a regular jub, should I need to a aim at a minimum wage job, to possibly apply for credit and then fly away to a second/third word country, get a decent house, marry and reproduce?

edivad: I know bitcoin since a couple of years and learned the hard way how to protect my funds and stay away from scams. Now I finally got into the sweet spot where I realized how many orders of magnitude my savings are safer in bitcoins

mircea_popescu: you can just register a key you know.

BingoBoingo wishes trinque a night with no strange knocks on door

mircea_popescu: a sound policy.

edivad: maybe it's just a permission problem?

mircea_popescu: seems you're missing a file for some reason.

mircea_popescu: edivad this is somewhat odd as i recently had a new node configured, came out just fine.

mircea_popescu: mod6 did a u160 test item end up stranded in there ?

edivad: i'm a junior sysadmin trying to install trb on my VPS without success

deedbot: http://qntra.net/2017/08/a-list-of-known-bitcoin-ransom-cases/ << Qntra - A List Of Known Bitcoin Ransom Cases

BingoBoingo: "In Urfeld it turns out that over night the garden was trampled by deer." << Who could have predicted free food would just walk by and make a mess of your labor food.

BingoBoingo: "The chickens on the lower floor bother me a little, though their usefulness makes sense to me in every way." << What redditard would accept this compromise!

BingoBoingo: The thread runs for a while

BingoBoingo: lol "M. Poopscoop provides a solid foundation to comedy gold. With the current pace of events, in particular coinbase and the DPR trail he doesn't get as much laughs as he used to. I don't have the impression that is going to change anytime soon with the comedy features at an ATH." << The studious ignoring highlighted

mircea_popescu: the obvious question being, "how come the ugly one ends up a fiat politician ?" ; and the obvious answer being that sane girls find better shit to do.

mircea_popescu: https://www.tvfagaras.ro/wp-content/uploads/2013/10/media_136471005390712700.jpg <<< supposedly, angela merkel with a coupla friends, at romanian nudist beach (costinesti) in teh 80s.

mircea_popescu: there probably was a cock or some other radioactive material.

mircea_popescu: such a lulzy fucking scene considering the usistani history in both involuntary self-crit humor and bathtub alcohol it's practically an un-unrollable loop of funny.

mircea_popescu: to drive this point home, they have her fish out a coupla cubes put them in a glass before pouring vodka

mircea_popescu: in other "people themselves" : charlize theron's character in atomic blue (this borderline sleeve superheroine-spy of a retro-hallucinated 90s, as in the real 90s the us agents got fucking raped in eeurope/berlin) is SO FUCKING HOT she takes baths in iced water.

asciilifeform: while we're at it, why not yet a trillion $ / per peg on obummer's used knickers

asciilifeform: but also didjaknow, 'but what they can do is, after a hardfork happens, they could buy all the coins that the MP and the rest of whales dump into the market to try to kill the fork, and not only that, but they could pump it even higher by simply printing more money and pumping the price of "gavincoin" above legacy chain. what then'

mircea_popescu: i dunno dumbsticks, maybe youy don't make a fool of yourself in prose.

mircea_popescu: asciilifeform yes, but that takes you know, like actual tools. whereas nude reason of a kid posessed of high school maths would have allowed the correct limit be picked.

mircea_popescu: because, you see, the "phd level" wikitards are entirely bereft of a clue to the degree of not understanding inflexions AT ALL.

mircea_popescu: elsewhere in the rotting pile, "If a function is inlined 10 times, there will be 10 copies of the function inserted into the code. Hence inlining is best for small functions that are called often."

asciilifeform: eh there's also that one they put near the arse, devil stoking a furnace

mircea_popescu: a right, actually, there's one, the queen of spades eh.

BingoBoingo: My favortie part is "MP preventing Segwit" when instead the power rangers were compelled to Segwit a certain way leaving Bitcoin alone.

asciilifeform: also i thought mention of mp/trb/et al were a hangin' offense at tardstalk

asciilifeform: N isn't a secret nor does it vary with payload, it is the digit iterator,

mircea_popescu: it's one thing to say "carpentry is not very efificent, they need hammers", but the case here seems to be more of a "carpentry does not exist, they require gas planks, which can't exist"

asciilifeform: that anything at all is, is a marvel.

mircea_popescu: and in typical medium success stories, https://medium.com/@andreaarmstead16/how-i-become-a-bona-fide-member-of-the-great-illuminati-1ee9eed25ea3

mircea_popescu: PeterL +# IMPORTANT NOTE: if the cs is too small, messages have a chance to get decrypted by the wrong key << what is the logic behind this ? ☟︎

mircea_popescu: ime, but the only guarantee the design provides is that it will die out EVENTUALLY. for all you know it can survive years through sheer chance. so weak keys are a very serious potential problem for gossipd.

mircea_popescu: http://btcbase.org/log/2017-08-08#1695453 << you have to. we'd be the first people to move to a cheaper test algo if this was feasible, in tmsr-pgp etc. but as he correctly points out, most of the keys you make are weak. an important point to consider here is weakness propagation : one weak key can potentially expose other key exchanges, resulting in a chain of (unknowingly) lost secrecy. the design will have it ablate over t ☝︎

a111: Logged on 2017-08-08 18:55 PeterL: so I felt like taking a stab at gossipd, take a look? http://p.bvulpes.com/pastes/ul3Op/?raw=true

deedbot: http://www.contravex.com/2017/08/08/blackzillas-first-track-day/ << » Contravex: A blog by Pete Dushenski - Blackzilla’s first track day.

BingoBoingo: Today's Trilema re-read http://trilema.com/2015/these-fools-have-been-handed-a-technology-so-clever-so-disruptive-and-revolutionary-that-the-rulers-of-the-world-would-have-to-fully-unmask-themselves-as-ruthless-tyrants-in-order-to-suppress-it/

asciilifeform: i.e. PeterL put in a great deal of sweat, it shows; but the result does not make my work any easier, unfortunately

asciilifeform: for the thick : a large portion of keys generated by the linked code, will phuctor immediately.

asciilifeform: i understand what is meant by 'prototype', but an rsatron (ignoring for a moment the constant-time thing) that uses fermat's primality test as the sole probe, is analogous to a grenade with a half second fuse

PeterL: it also serves as a practice for me for understanding rsa algorithm

PeterL: it is not a very long program

PeterL: it does not run mpfhf on packets, that was just a way to hash to get a name for keys

PeterL: well, this is just a prototype

asciilifeform: in a lang with gc?!

PeterL: I took a stab at writing my own rsa

PeterL: so I felt like taking a stab at gossipd, take a look? http://p.bvulpes.com/pastes/ul3Op/?raw=true ☟︎

asciilifeform: 'My favorite on Windows 10 is a tool called "Shutup10" which lets you configure Windows 10 data-leaking behaviours in one spot.' yeah clown

phf: also guy's a clown, "LISP" tag, "omg hyperspec is too complicated", "emacs+evil" mode

ben_vulpes: hey professor calculus had a sweet rocket

ben_vulpes: well hey, put a few knickers in some degree of knot, so he's got my vote in the midterms

trinque: on the contrary, politely offed himself while leaving a "manifesto" written in pantsuit, trying to turn the discrimination term on them and other gargle.

trinque: tape your cock to your asshole buddy; they'll make a company manual out of you then.

a111: Logged on 2017-08-07 04:30 mircea_popescu: but see, that's not at all the point. for one thing : all scholarship is nonsense. for the other, soviet school si entirely propaganda, which is to say "prepare organ donors for a certain way of life". the fucking point of the fixed form 3rd/4th grade composition is to allow the submarginal intellects making up the bulk of the population to tattoo their brains into a form that'll then allow them to survive, as traffic agents