71700+ entries in 0.019s
mircea_popescu: to encrypt : take plaintext message M, no longer than 250 bytes, and zero-pad it to 250 bytes. take pile of random bits R 250 bytes long. calculate X = M xor R. calculate Y = R xor MPFHF(X) set for R.len = 250 bytes. RSA the 500 byte pile of X || Y. done. to decrypt : de-RSA the 500 byte pile. cut it in two halves. calculate R = Y xor X. calculate M as X xor R. done.
☟︎ mircea_popescu: erlehmann it's a pile of patches. how the compiler optimizes the rebuilding is irrelevant ; if you change one file it can rebuild the whole thing or not ; but v still only changes the one file and still doesn't have the problem.
mircea_popescu: letting him "figure for self" at this juncture is unsanitary.
mircea_popescu: asciilifeform anyway, let's sit down and make something sane for this guy. peterl i mean. what's his message supposed to be like ?
mircea_popescu: otherwise why implement a ptron rather than simply a rsatron.
mircea_popescu: but in my own mind the "well alf is making P" pretty much was "he's walking to path to both cs and rsa impls to the furthest node"
mircea_popescu: afaik pretty much the only candidate besides rsa itself.
mircea_popescu: i thought there's consensus re offering c-s in teh tmsr cryptotron
mircea_popescu: pubkey crypto dunb enter into it, this is a discussion of signature hashing (digests, really) schemes.
mircea_popescu: the statement is that if pss is used atop rsa, then baring poor implementation a forgery is going to cost more than what reversing rsa costs.
mircea_popescu: but, it given, it's no wonder all cars migrating to being the same engine in different plastifications.
mircea_popescu: it's incomprehensible to me, how this "i moved from a forum to a ... forum" thing works in the public's mind.
mircea_popescu: (ftr, the way pgp does it is that it repeats two bytes of a more or less random block of 16 bytes, and then checks if they came out the same. this is in fact WORSE than
http://btcbase.org/log/2017-08-09#1696023 but then again contemporary applied cryptography is a very low effort, low quality field).
☝︎ mircea_popescu: and incidentally, pss should prolly be in the final tmsr-rsatron huh.
mircea_popescu: (the rsa forgery comment was re sig ^ e mod n || sig mod n always verifies as validly signed.)
mircea_popescu: so you want to take a message m, add that many random bits to it, and then add twice that many bits as a hash of the pile, thereby using 25% of the space for the plaintext ?
mircea_popescu: trying to stuff a mac or something in there will make the bondogle regret the days of the aes/rsa combo.
mircea_popescu: asciilifeform yes, well, everything has problems. but there's a difference between using a crc as hash and using a crc as checksum ; and using say sawed-barrel keccak (take first or last x bytes, whatever) isn't all that good because it's really not designed for fragment behaviour like that, nor was such studied
mircea_popescu: and with this, PeterL finds himself exposed to galois fields, polynomial division, and the rest of the "easy to implement and straightforward" jewels.
mircea_popescu: you would see value in eg irc dropping its 200 char limit or what was it ?
mircea_popescu: so your gossiptron only accepts lines of up to 256 chars in length, then you lzw that and pad etc. not the end of the world.
mircea_popescu: as alf says : "something to all comers". primo target of ddos monkeys.
mircea_popescu: but even if you send them "together", there's no guarantee they stay unfragmented. not at that size.
mircea_popescu: PeterL what is the scheme contemplated here, that you take a say 8 byte message, generate an 8 byte r, then create a 16 byte padded message by appending the r and the r xor m and then rsa that ?
mircea_popescu: (the precediny line was 146 characters, which is less trhan 146 bytes, especially if you do a lzw or something like sane people first)
mircea_popescu: PeterL and as asciilifeform aptly points out, this happens to be convenient, because it's right around the size of the nonfragmenting udp packet.
mircea_popescu: and so thereby a 4096 bit key can handle chunks of up to 512 bytes of message.
mircea_popescu: do an example once, it's instructive. easy to follow because small numbers.
mircea_popescu: that the result is smaller than n is of no consequence to you is it.
mircea_popescu: but in any case, the point is -- rsa is not better for shorter messages. for really short messages it can be really shitty. which is why my 256 minimum bits in the padding scheme.
mircea_popescu: PeterL yes, there is that. larger e provides some protection agaisnt this issue.
mircea_popescu: had there been a wrap, i couldn't have extracted the cube root [quite so easily]
mircea_popescu: that's what i meant earlier with the e-root. if say your key is 1024 bits, and your exponent is 3, and your "encrypted" message is, numerically, 1404928, i can readily extract the cube root and find the original as 112.
mircea_popescu: short messages are a problem for rsa, not a boon. this is generally fixed by padding.
mircea_popescu: now, intuitively, would you imagine this worked at all if the string was so short it never fully wrapped ?
mircea_popescu: basically they had this early elliptic curve crypto, implemented as an arbitrary cone on which they wrapped a string. because the string is fixed length see, whereas the section of cone is not.
☟︎ mircea_popescu: well cesar was a roman, wasn't he ? the "technologically advanced" dorks that took the sail tech of the people who sailed from sweden to south africa and made some square sailed tubs that sunk in the mediterranean half the time.
mircea_popescu: PeterL can you tell me anything about what the greeks used for encryption ?
mircea_popescu: pro tip : it is always a very useful thing to be able to reflect your own mental process, which starts with being able to answer "where i got this from". makes error handling much faster and infinitely more efficient.
mircea_popescu: PeterL let's get back to cogency here. how did you come to the "512 rsa packet limit" ?
mircea_popescu: im guessing i'll be taking ads in the local newspaper, "looking for lawyers willing to sue the government, apply within".
mircea_popescu: b) they want to... "know your customers". bitch, it's none of your fucking business ? uh no, because ley so and so say so.
mircea_popescu: in other lulz, /me went to open bank account today. you can not BELIEVE how fucking pussy whipped these people are. a) bank's only wire intermediary is bank of america. why ? uh... that's what the other banks do too. but... why ? umm... is it because you schmucks are a us colony, in the sense you don't get medicare and they still get all your shit anyway ? uhhhh
mircea_popescu: erlehmann so what, you're of a firm "will only work for evil empires" persuasion ?
mircea_popescu: because udp packets if nothing else ; besides "longer" is not the same as endless.
mircea_popescu: PeterL the cutting into chunks should happen prior at some client level. it's ok if your think accepts no messagtes lonmger than x. irc doesn't either.
mircea_popescu: don't even have to, but consider the context. yes "it's what rsa is", that's what i'm checking, that he knows.