mircea_popescu: you ever read the gpg contracts article on trilema ?

mircea_popescu: appstore gpg ?!

mircea_popescu: i didnmt think to ask for a gpg sig. bought her an icecream and we even kissed!

mircea_popescu: gpg: encrypted with 4096-bit RSA key, ID 16B8E32E, created 2011-07-22

mircea_popescu: gpg: encrypted with RSA key, ID 3594E367

mircea_popescu: mail yes, but i hope to see it disused eventually. gpg does not ? afaik ?

mircea_popescu: gpg: BAD signature from "Stanislav Datskovskiy <stas@loper-os.org>"

mircea_popescu: gpg: Signature made Wed 05 Aug 2015 12:13:13 AM ART using RSA key ID 01ABFFC7

mircea_popescu: asciilifeform here's what i want to accomplish, as a goal : i want to be able to put up a linux system, then go curl http://trilema.com/autobitcoin.sh | gpg -verify > autobitcoin.sh. and then run that autobitcoin.sh, which auto-follows the changes of people i have selected for this task, builds them and runs them ☟︎

mircea_popescu: gpg: Can't check signature: general error

mircea_popescu: gpg: WARNING: signature digest conflict in message

mircea_popescu: gpg: Signature made Wed 05 Aug 2015 12:13:13 AM ART using RSA key ID 01ABFFC7

mircea_popescu: why is it that the greatest republic in history uses "antiquated" software from 1990 as in the case of gpg, why are we on irc, etc etc ? because rapid pace of what ?

mircea_popescu: and guess what... "Vlad likes long romantic walks on the beach, e-mail him sweet nothings to vlad@tsyrklevich.net using his gpg key." links to keybase.

mircea_popescu: you knoiw you can just do gpg --encrypt --armor -r one -r theother righjt ?

mircea_popescu: solrodar do you know what gpg is ?

mircea_popescu: http://log.bitcoin-assets.com/?date=06-07-2015#1189139 << ideally tho, dpaste is used for stuff like encrypted sends, in lieu of mail (which i love tbh, who knew irc + gpg obsoletes email!) or else for stuff like deedbotting. or generally, for spurious useless shit. ☝︎

mircea_popescu: kakobrekla oh and e) have it deedbot a statement gpg'd to the owner's key each month, listing their assets.

mircea_popescu: well, again, gpg has a probabilistic test for primality baked in.

mircea_popescu: but it's what gpg does anyway

mircea_popescu: i guess you can't do that till you sort gpg huh

mircea_popescu: if you run gpg correctrly, whic his to say locally, use plaintext email

mircea_popescu: let the man learn enough about how to use a computer to get a gpg sig and register it with the bot.

mircea_popescu: a number of explanations are readily available : a) M works on specific code that happened to be wrung out of openssh codebase somehow. differential reading of gpg and openssh should indicate it then, and patch history should show us who knows better.

mircea_popescu: even if gpg signed ?

mircea_popescu: then i was like a! wait... you can't copyedit gpg signed matter!

mircea_popescu: yes yes. in any case, mtgox ended exactly the way faux gpg, or system d, or gavincoin, or the sec or the fbi are gonna end

mircea_popescu: http://log.bitcoin-assets.com/?date=04-06-2015#1153835 << /me would much rather see this on 8chan rather than any othe imageboard seeing how the owner of any other imageboard is a poopyhead without a gpg account. ☝︎

mircea_popescu: gpg: Good signature from "Mat Koce

mircea_popescu: curl http://mpex.co/assets/s.bbet-1F2489E8.txt | gpg gpg: Signature made Sat 05 Jan 2013 02:13:25 AM ART using RSA key ID 1F2489E8

mircea_popescu: gpg: BAD signature from "Mir

mircea_popescu hates "html email". why would anyone want html gpg

mircea_popescu: http://log.bitcoin-assets.com/?date=03-06-2015#1152160 gpg --encrypt --armor -r <yourname> hit enter then put whatever passwords in there, hit ctrl-d and save the output. ☝︎

mircea_popescu: force them to have someone on 24/7 with a valid gpg sign, the works.

mircea_popescu: Hasimir minus the fact that it imports unsigned keys (badly signed it rejects, but unsigned at all seem an exception ?), gpg generally doesn't import the diddled exponent keys yeah

mircea_popescu: what you mean by deep in gpg py bowels ? is it exploitable even ?

mircea_popescu: now a bug in [some] gpg... who the fuck knows.

mircea_popescu: http://log.bitcoin-assets.com/?date=20-05-2015#1139680 << speaking of this, am I the only one nonplussed by all this "we use <<best practices>> fixed exponent" bs ? it's an unavoidalbe magic number , okay, but it's tyhe sort that should eminently be a knob for the user. a proper gpg would have e user-settable at the key generation phase (with 65536+1 as a default, sure) ☝︎☟︎

mircea_popescu: justJanne http://trilema.com/2012/gpg-contracts/ << start there.

mircea_popescu: understand, opsec is extremely weak all over. including among supposedly experienced hackers. so, a simple scenario : guy with owned userland gpg sends secret info to hpa, it is magically encrypted to wrong key, email sniffed en route, secret is now known, but only to the people knowing what to look for. hpa responds with something like bad key, guy re-encrypts it and resends it.

mircea_popescu: especially amusingm, the "key was damaged in transit" one. people p2p HD movies all day, nobody's seen this. gpg data moves around as archives - try flipping a byte in an archive see if you can stil lget the content. etc.

mircea_popescu: anyway, im not entirely sure we might ever see the diddled gpg that goes with this didlded key to produce anything interesting

mircea_popescu: mats gpg always did afaik, special algo foir this

mircea_popescu: davout two pairs of gpg keys are known, in the sense that their pubkey modulus has been factored.

mircea_popescu: copypaste https://8ch.net/btc/res/113.html#146 << ppls like the gpg lol

mircea_popescu: copypaste how does the gpg signature thing werk btw ?

mircea_popescu: there are some things that don't need fixing. what needs fixing re gpg is to use rsa throughout, rather than the current lulzatron.

mircea_popescu: http://log.bitcoin-assets.com/?date=14-05-2015#1132130 << the "key deadness" as somehow a part of the key itself, is not only conceptually ridiculous but practically unimplementable. forget it, it's about as relevant to gpg as "the gnu foundation" ☝︎

mircea_popescu:  Good signature from Fredrick Brennan <admin@8chan.co>. Verify this message yourself << check out this shit, a gpg-ready chan

mircea_popescu: copypaste you know it'd be a great idea to make and register a gpg identity, that way you won't have to lose your identity

mircea_popescu: cazalla : it only imported gpg based identities, not bitcoin address based.

mircea_popescu: today. when it was decided that "well, we don't really give a shit about the debian-dominated gpg strong set"

mircea_popescu: anyway, the exercise is interesting because it puts a ceiling on costs. doing a mathematically intricate, non-parallelizable task over ~the entire space of gpg keys~, all 4mn of them, is < 10k usd.

mircea_popescu: and after, of course, the phuctor is started on processing gpg signs

mircea_popescu pokes asciilifeform the conquering hero as to THE STATE OF THE DAMNED GPG KEYS!111

mircea_popescu: gpg nbetwork calls it "the strong set"

mircea_popescu: asciilifeform no listen, so you construct the db, then have gpg spit out the list of fingerprints, then query it over that list. produces pubkyes.

mircea_popescu: ascii_field more on point : consider how much of the windows turdball self-cleanned by simply making gpg required for voice here.

mircea_popescu: jurov gpg does the same thing, yeah, but then again that was the 80s.

mircea_popescu: Error: Was that really a GPG public key? Try again.