7400+ entries in 0.126s
Framedragger: your phuctor uses a different hashing scheme. but i suppose wide deployment would be hard and also ultimately futile, given that i assume folks here haven't planned a bright future for gpg
Framedragger: but folks here still use gpg fingerprints, which is funny
Framedragger: (re. pkcs#11, because e.g. that substring-attack is only meant to be against symmetric keys stored in that shitformat, but since e.g. ECDSA keypair's secret logarithm "is just stored as 32-byte scalar value [it's not meant to be stored that way there, but is, because reasons], [...] extract-key-from-key can be used to successively reveal chunks of that scalar value.")
☟︎ Framedragger: cool vc, and i hope your rolling-out of hosting boxes is going most cocksuredly well!
Framedragger: but look it's secure because when it's deriving new secret keys from another secret key it has this majestic security constraint: "If the original key used in this process is sensitive, then the derived key must also be sensitive for the derivation to succeed."
Framedragger: maybe you can run cellular automata on that thing, with those useless APIs
Framedragger: and quite possibly run by a chinese mining cartel to boot
Framedragger: "They were bored to death even with their own thoughts and dreams, bored with the attack they expected momentarily. They were bored of being bored, and too sick and tired of being bored to even consider not being boring. It's just not possible to do, it exceeds human capacity. Turns out that when confronted with the meaningless pointlessness of endlessness, the inadequacy of the muchly lauded human faculty of creativity becomes readily a
Framedragger: s/you claim that/you claim that he claims that/
Framedragger: mircea_popescu: this is super unimportant but under your analysis, he says that 2 is safer than 1. you claim that 1 is safer than 2. should be inverted, methinks. (the "(less safe)" refers to 1, not to 2.)
Framedragger: hm. *this* (i.e.: that "no polynomial-time algorithm exists for factoring the product of two random n-bit primes with some good probability") *is* less safe as compared to the safer assumption that "no polynomial-time algorithm exists for always factoring all products of two random n-bit primes". this is a much safer assumption cf. to the one you interpreted it to mean, no? (no baiting this time - just honestly confused). but eh, may
Framedragger: i don't think 'c)' obtains? no mix-up there. otherwise, sure, blergh re. a) and b)
Framedragger: so wikipedia sux and sometimes you need to glance at it, the way a hasty businessman glances at a dubitable street food stand in a foreign city. sometimes the temporary "before pgp xamarin something" solution is to glance at that damn wikipedia. what of it
Framedragger: mircea_popescu: merely point out that the "root layer of the universe structure" may be a blocker on this bug. but the root layer has needed a paddlin' anyway..
Framedragger: yeah, i've been prone to this, too, but luckily by applying some "heuristic human computronium" a.k.a. common sense no truly stupid tragedies happened.
Framedragger: why in the fuck did she move to SF given the rent prices. this is truly perplexing.
Framedragger actually liked when reading some marx, at least volume 1 of das kapital. lenin can be discarded, save for learning from history or whatever (or that).
Framedragger: well systems which assume "worst case" assumption vs. "random instances" of problem are perhaps better. see end of that answer
Framedragger: yeah i know the latter, i thought there were additional reasons for preferring c-s here. ok.
Framedragger: that's fair. ok. i assume you don't think much of OAEP (i see it mentioned in the logz but only just)
Framedragger: any particular preferences on your part asciilifeform ?
Framedragger: asciilifeform: yeah i've got to that section, interesting, gonna slowly parse it
Framedragger: (their "hybrid implementation" assumes a good symmetric-key cipher..)
Framedragger: (heh they even suggest sha-1 for the hash function, though this is from an olden paper, so.)
Framedragger: (their "proof of security" assumes the hash function is truly one-way)
Framedragger: though a "hash-free variant" appears to be possible, so maybe there's that; need to check.
Framedragger: aha, then i guess you don't really enjoy the fact that gpg uses aes for session key actually? :)
☟︎ Framedragger: asciilifeform: couldn't you use an argument of a similar form to say that e.g. AES depends on luck? (2^256 keyspace of luck, for example..)
Framedragger: designed to introduce an external implicit trust node
Framedragger: true anonymity kinda sux in terms of achievement.
Framedragger: right you are; i was mixing the terms to further my point
Framedragger: but it's possible to maintain stable pseudo identities in groups of people wherein those identities are recognized for what they do; etc etc.
Framedragger: yeah. i mean one day i'll grow balls and get out of my comfort zone of sorta-pseudo-anonymity. your points are valid here, even though i think it's possible to do useful/productive work under pseudo/anonymity. this doesn't work if you require the *world* to recognize your awesomeness, of course :)
Framedragger: fair enough. but i also tell you that there are hosting providers which say fuck you to LE of specific states; but ultimately it boils down to the same security question: "how important are you?" - if you're important enough then sentimentalities of sysadmins will be ignored.
Framedragger: Live Support | Thomas: Yes, sure, we allow. Give us money and we host you and we will **** the german police
Framedragger: stephen: BOTNET ARE ILLEGAL AND YOUR COMPANY MUST NOT HOST SUCH CLIENTS
Framedragger: e.g. 2x4.ru have a reputation of being more hardcore; i know this sounds naive and it probably is, but i've heard this from trustable sysadmins running, er, shadier stuff. this is of course anecdotal and it's naive to trust someone with your hardware anyway.
Framedragger: "i am not aware of any services that can be considered bulletproof much like i'm not aware of any electoral process that can be considered representative, any computer code that can be considered correct or any fiat financial item that can be considered not a scam." << i see your point and i agree, however it's probably not "all of the same"; e.g. 2x4.ru have a reputation of being more hardcore; i know this sounds naive and it probably i
Framedragger: "i am not aware of any services that can be considered bulletproof much like i'm not aware of any electoral process that can be considered representative, any computer code that can be considered correct or any fiat financial item that can be considered not a scam." << i see your point and i agree, however it's probably not "all of the same";
Framedragger: mircea_popescu: yeah of course - i just meant that any LT servers cannot be considered to be "bullet-proof"; but maybe you were not aiming for the latter in terms of phuctor hosting anyway