log☇︎
93000+ entries in 0.771s
fromphuctor: on a single PC?
fromphuctor: so for this brute-forcing, don't you need a little bit of fast PC?
asciilifeform: which is ~more or less a brute force starting at sqrt(N).
asciilifeform: trinque: just about any scenario involving a stooge khadeer would make considerably more sense with a properly-generated pgp key
asciilifeform: trinque: if fella is a stooge, no reason for him not to have ~normal~ pgp key with puppet master having copy of the private.
trinque: asciilifeform: guy gets trotted out every shooting to "islam is not about this!" so one might suspect him as having a reason to have a bad key
asciilifeform: mircea_popescu: my best hypothesis is a) khadeer generated key with, e.g., 'jihadcrypt' b) winblowz gpg with the memcpy from rng nopped out by ???
mircea_popescu: asciilifeform incidentally, "owned by whitening" is not altogether a bad theory wrt the null-entropy keys. ie, "they replaced rng with null-outputting one, never noticed because whitening". this, of course, doesn't explain why gpg would end up with null-generated keys, but whatevs.
_FeltPen: tbf - haven't mined in a while, but i have a nice fleet of antminer S1s
shinohai: Besides getting trggered by a hashtag, for instance.
mircea_popescu: shinohai _FeltPen do you two have anything more substantive of a beef than what one might have implied by what he might have said on facebook ?
asciilifeform: pigeon, we did not know, but turns out is a sculptor, MAKES THINGS for city statutes
_FeltPen: normally sanity lives here, so a little confused by your nonsense today.
_FeltPen: what are you talking about shinohai? i don't have a 21co - i tend to root for folks that make things for this ecosystem.
_FeltPen: i'm trying to figure out what shinohai is randomly tweeting at me and making up shit about VC relationships that don't exist. a little confused atm.
_FeltPen: your failing at constructing a thought, shinohai - so disappoint. https://twitter.com/MrFelt_/status/760872268327030784
gribble: (register <nick> <keyid>) -- Register your GPG identity, associating GPG key <keyid> with <nick>. <keyid> is a 16 digit key id, with or without the '0x' prefix. We look on servers listed in 'plugins.GPG.keyservers' config. You will be given a random passphrase to clearsign with your key, and submit to the bot with the 'verify' command. Your passphrase will expire in 10 minutes.
asciilifeform: perhaps a hole in the unbroken wall of stupid
deedbot: [Trilema] You are not a person ; and you don't get a vote. - http://trilema.com/2016/you-are-not-a-person-and-you-dont-get-a-vote/
a111: Logged on 2016-08-03 03:05 fabio__: There has been quite a bit of noise about ECC NIST curves (nistp256, nistp384, nistp521) being tampered with by the NSA. I thought using ECC was all good if you don't use the NIST curves and instead use community approved curves like Curve25519 and Curve1174 by like DJB and friends, or other approved ones at https://safecurves.cr.yp.to/.
mircea_popescu: ;;later tell fabio__ http://trilema.com/2016/you-are-not-a-person-and-you-dont-get-a-vote/ << there yo go, re http://btcbase.org/log/2016-08-03#1513523 : community approved. ☝︎
asciilifeform: no longer work. A protection mechanism against that was implemented in version 3.8.3. '
asciilifeform: 'The way the MatrixSSL team "fixed" the miscalculation issue is not really satisfying: They now restrict the input to the pstm_exptmod() function to a set of bit sizes (512, 1024, 1536, 2048, 3072, 4096). My test input had a different bit size, therefore I cannot reproduce the miscalculation any more, but the underlying bug is most likely still there. ... Despite the fact that the bug may be still there the CRT attack will probably
asciilifeform: ' A common way to speed up the calculation of RSA signatures is an algorithm based on the chinese remainder theorem (CRT) that splits it up into two smaller calculations. However if one of these calculations goes wrong an attacker can learn the private key. Last year Florian Weimer observed that various devices had this error and he could extract their keys. He recently mentioned...'
asciilifeform: ' I just discovered a somewhat similar issue in Nettle. They switched their RSA implementation from GMP's mpz_powm() function to mpz_powm_sec(), which is supposed to be sidechannel resistant. However mpz_powm_sec() is no drop-in replacement. Unlike mpz_pown() it doesn't accept even moduli and crashes with a floating point error. Therefore when trying to use a specifically crafted RSA key with an even modulus this will crash. '
asciilifeform: 'If one tries to calculate a modular exponentiation with the base equal to the modulus (a^b mod a, code) it would return an error. If one tries to calculate a modular exponentiation with the base zero (0^b mod a, code) it would crash with an invalid free operation, potentially leading to memory corruption.'
mircea_popescu: looks like a one-man-newsprop.
phf: the whole font changes meaning take two is coming from the japanese. they were actively promoting this idea back during early unicode standardization days, where there was a strong drive to include every idiosyncratic version of kanji in the standard, because "that's how my family writes it in our last name". ☟︎☟︎☟︎☟︎
shinohai: Soon it will be a federal crime to use handgun or assault-rifle emojis
mircea_popescu: BingoBoingo lol imagine, we made a fat loser with no friends hate rabbits.
mircea_popescu: PeterL no, and leaving the greeks aside : one day some people decided to make an I that looked more like a J. sexier font, stylish, whatnot.
mircea_popescu: and hence numerous examples i'm too much of a business insider to bother fucking listing. who the fuck let these idiots write in the first place, they're an insult to the cattle that had to die for the vellum.
PeterL: aha, right, roman alphabet is just a transmutation of greek etc?
PeterL: you could make a custom font with each letter shifted (so my A looks like your B etc), right?
BingoBoingo: <asciilifeform> this inevitably brings to mind the characters in BingoBoingo's links, who curse doctor for going to the root cause of bedridden maggot farm << See there was a purpose!
mircea_popescu: "a font can't change your interpretation of a letter" AHAHAHAHA OH MY FUCKING IEHOVA
asciilifeform: 'In March a Frenchman was actually jailed for sending his ex-girlfriend the pistol emoji, in what was interpreted as a threat. What if a joke sent from an Apple user to a Google user is misconstrued because of differences in rendering?' << lel
asciilifeform: mao's 'cultural revolution' - in fact, had a brief episode of nearly this, with the 'backyard steel' thing
asciilifeform: to move yet again up the stack: mining machinery is improved by engineers, who - if not went to a school, at least are literate - rather than by gawkers who 'drinkin' beers, beers, beeers' in front of the mine, suggest 'hey bubba let's weld on a SHIT HANGING OFF THE SIDEZ'
asciilifeform: well yes, there is sometimes a side drill
mircea_popescu: actually oil drillers use a version of your arm thing.
mircea_popescu: all this shit is made of solid steel mostly because earthmoving is barely a step away from direct abrasion. it's like making tools to push the grinder.
mircea_popescu: for all we know a buldozing naggum is dying right now.
mircea_popescu: in fact, the heavy machinery industry is today very much a "designer item" sort of thing, pretty much any large mine will order machinery to spec for its own particular use.
mircea_popescu: i dun think so. to wit : every kid has a toy buldozer, which he does improvements to.
asciilifeform: it is a necessary thing, but not a solution to the infestation in question
mircea_popescu: it's ~like a fungus colony that secretes plastic substrate for itself to live on.
asciilifeform: or fungus - in a body with functioning immune system
asciilifeform: well yes. consider the predicament of a maggot trying to feed on living flesh
mircea_popescu: if i start screaming at the idiots they WILL execute their job, and well. but absent my scream, they have no fucking idea they're doing a bad job, even. nobody ever told them so.
mircea_popescu: the point being that i have wisened to understand the problem. it is a lack of negative reinforcement.
asciilifeform: the most that can be accomplished is... what a mortician does
mircea_popescu: borrowed a cat, to live there temporarily.
mircea_popescu: i also didn't mind them - but it did drive one girl positively crazy. couldn't sleep, eventually had a mild psychotic episode. so i got rid of them.
mircea_popescu: similarly i guess, once had a colony of crickets
asciilifeform: ah, see, these are a-ok
mircea_popescu: well depends. i once had a colony of ants. which i personally liked.
asciilifeform: ever live in a flat that CANNOT be cleaned short of demolition and flamethrower ?
mircea_popescu: the only practical starting point for hygiene in the mind of the golum is through forcing pain until a desired result. that it's unachievable through means available to the golum does not matter one iota.
mircea_popescu: asciilifeform yes, but hygiene starts as well as exists as a "better squishing". people given the "hey, it'd be elegant to wash" will wash and retain the bugs. people given the "hey, you will be in this dungeon until you squished all the bugs" given "hey, use this, works faster" WILL fucking wash.
mircea_popescu: being "inclusive" is not merely distasteful. it is actually something to carry on your conscience, as a murder, except worse.
mircea_popescu: you're a bad person, there's no two wais about it, kiddy fuckers may be great or horrible. you're horrible, no great.
mircea_popescu: if you participate in "communities" that make this difficult, you are, personally, a bad person. it's not "oh, i'm just trying to on facebook".
mircea_popescu: then you are, personally, a bad person.
mircea_popescu: if you are a guy who was on a list where a maggot tried to get in and you didn't, personally, flame and humiliate that maggot,
asciilifeform: there were no 'gender comment commits', not only in, e.g., system v unix, but in symbolics 'genera' (smbx corp employed, interestingly, a multitude of chix, some of whom appear in my bookcase even now)
mircea_popescu: nevertheless - there must be collective guilt at work here, as a concept, for the opposition. if you are "a computer programmer", and you aren't part of the solution, you ARE part of the problem, ands personally responsible for it.
asciilifeform: not only is it a mistake to ask the maggots, but likewise it is mistake to ask the maggot-farmer
mircea_popescu: merely opening the matter of should to the maggots is a bad idea.
mircea_popescu: no. a sane examinator always begins by twisting the necks he can, not the necks he "should".
asciilifeform: a sane exterminator would begin by asking why the bed has 100kg of maggots in it to begin with
mircea_popescu: even if any single maggot only exerted 1/800 N and as part of squirming in a different direction altogether,
mircea_popescu: i get that it's a diffuse, socialist, retarded sort of forcing where nobody actually does anything that could possibly be upon them. but that dun matter so much, if you end up pushed out of bed by a colony of maggots, THE MAGGOTS DID IT.
mircea_popescu: see, but that's not it. same FUNCTION of organ. that's the issue. the anal ring is made to keep farts in, and ~arguably~ to pleasure a beloved penis now and again. this is very much the same function.
asciilifeform pictures said 'sculptor' grunting out a dodecahedron
asciilifeform: by that token a dog taking a shit is a sculptor.
asciilifeform: it was a desperate wunderwaffen.
asciilifeform: it is a kind of forced/nudged idiotarianism, via os architecture, useland does not have the direct access to the hardware (incl. the scheduler) to force a proper sampling of whatever hardware rng
mircea_popescu: maybe (there is a valid argument here, that at the time they were making this shit it was for toys not btc nodes). or maybe they're just usefully idiotarian.
mircea_popescu: it just doesn't actually speak to the foregoing. i suppose the correct rsa implementation comes with a kernel patch.
mircea_popescu: well, it's a statistical matter, so modellable like any other.
asciilifeform: if it were a consistent, known-quantity effect - yes
asciilifeform: (e.g., aes of a stream of nulls, outscores (debiased) geiger, electric rng, whatever you like, on ~100% of the tests)
mircea_popescu: otherwise you're in the position of the camper who doesn't pack a burner because, technically speaking, he doesn't know there will be oxygen where he goes, not having been there before.
mircea_popescu: asciilifeform yes, but this is not a reason to not have the tool.
a111: Logged on 2016-08-03 06:15 mircea_popescu: and speaking of gpg deplorable state asciilifeform can you think of any possible reason the damned thing doesn't come a) bundled with ent and b) with ready implemented tests of local entropy while c) key generation is a subset of entropy testing in all cases ?
mircea_popescu: and speaking of gpg deplorable state asciilifeform can you think of any possible reason the damned thing doesn't come a) bundled with ent and b) with ready implemented tests of local entropy while c) key generation is a subset of entropy testing in all cases ? ☟︎
BingoBoingo: "The results mean that, on Nov. 8, the state's gubernatorial race will be between Koster, a former Republican turned Democrat, and Greitens, a former Democrat turned Republican."
mod6: <+mircea_popescu> more practical would be to force the code to make a pile of say 64 byte keys and sieve them. << this would be interesting.
a111: Logged on 2015-05-20 15:03 mircea_popescu: http://log.bitcoin-assets.com/?date=20-05-2015#1139680 << speaking of this, am I the only one nonplussed by all this "we use <<best practices>> fixed exponent" bs ? it's an unavoidalbe magic number , okay, but it's tyhe sort that should eminently be a knob for the user. a proper gpg would have e user-settable at the key generation phase (with 65536+1 as a default, sure)
a111: Logged on 2016-08-03 02:58 mircea_popescu: incidentally, the curious amateur historian may be well served by a review of the 2nd anglo-dutch war. some underlined parts : the anglos were deeply overextended politically - their crummy country consisting of one single town and a bunch of retarded peasants ; while the republic had many more merchants, with lots more money. in practice this meant that the english could pay for one ship where the dutch could afford seven ;
mircea_popescu: actually to formalize that : a 4096 bits key means a p that is 257 to 259 bytes long ; and a q that is 258 to 260 bytes long. end of fucking story. ☟︎
mod6: <+asciilifeform> could've sworn this was in the logz << i recall a few discussions, ya.
mircea_popescu: when we reimplement rsa plox : a) either p length odd and q length even or vice-versa ; b) neither within 1 of a lattice power
a111: Logged on 2015-05-24 14:45 Apocalyptic: "there's no guarantee p and q have the same bitsize is there ?" // I think there is, a couple of lines above it generates them both with nbits/2 bits, so I would say yes, unless there is a bug in "generate_secret_prime", because this function specifically sets the two high bits to 1
mircea_popescu: this is already a fucking stupid idea.
mircea_popescu: more practical would be to force the code to make a pile of say 64 byte keys and sieve them.
mircea_popescu: asciilifeform btw re the fermat discussion, i wonder if anyone ever did a proper review of rsa code for lattice and fermat-closeness weakness in p,q generation.
fabio__: ok I think I understand your position a bit better now thanks
mircea_popescu: well the ecc justification is "shorter keys", other than a bunch of "new! better!" crapola.