log☇︎
64 entries in 0.883s
BingoBoingo: mp_en_viaje: Every shared hosting customer's home directory and databases are being uploaded to trinque's deedbot box now as gpg encrypted tarballs.
BingoBoingo: Now, one thing we do need is some sort of ftp server we can use to get shared hosting customers GPG'd tarballs with their files and databases
asciilifeform: btw does mircea_popescu have a apache tarball to sign ('as found') and share for cuntoo etc, a la gpg-1.4 ?
asciilifeform: status messages are parsed by programs to get information from gpg about the validity of a signature and an other parameters. Status messages are created with the option "--status-fd N" where N is a file descriptor. Now if N is 2 the status messages and the regular diagnostic messages share the stderr output channel. By using a made up file name in the message it is possible to fake status messages.'
a111: Logged on 2018-05-04 15:00 asciilifeform: jurov: the way it works is, every time /rss pg is generated , we go select mods from factors order by whenfound desc limit N ( n is 20 currently ) ; call this M, it is a list of moduli affected by that factor being known. afterwards , ~each~ of these lists is tested against the set of ~gpg keys~ , in the shape of select * from gpgkeys where [the list from earlier] && mods , and this yields up a list of most-recently-popped ~keys~, w
asciilifeform: jurov: the way it works is, every time /rss pg is generated , we go select mods from factors order by whenfound desc limit N ( n is 20 currently ) ; call this M, it is a list of moduli affected by that factor being known. afterwards , ~each~ of these lists is tested against the set of ~gpg keys~ , in the shape of select * from gpgkeys where [the list from earlier] && mods , and this yields up a list of most-recently-popped ~keys~, w ☟︎
asciilifeform: bitcoin, gpg, show every symptom of authorship by programmertards, rather than academitards -- quite different types of 'shambling walker', as far apart as typhoids and lepers
apeloyee: but gpg uses CRT, thus shaving a bit off d itself ~doesn't matter. looks like "because said so"
a111: Logged on 2015-06-29 02:56 asciilifeform: i sorta want to start doing this thing where we for blocks 0 ... n, sha512sum block_n | gpg ...
mod6: <+mircea_popescu> in other news : it was established in teh minigame torture rooms that in point of fact 4096 bit keys contain only 4090 bits of entropy at the very most (minus whatever koch-gpg manages to shave off in other ways). << uugh. every time we peel a layer back...
mircea_popescu: in other news : it was established in teh minigame torture rooms that in point of fact 4096 bit keys contain only 4090 bits of entropy at the very most (minus whatever koch-gpg manages to shave off in other ways).
davout: asciilifeform: i'm not speaking about gpg as its currently-existing braindamaged implementation of a shaky protocol
mod6: my V doesn't use diff anyway, only patch, gpg, sha512sum, and wget -- and otherwise just standard shell tools such as echo, mkdir, rm, cat, etc.
mircea_popescu: it is deliberately constructed to weaken rsa ; take the recent http://btcbase.org/log-search?q=%22sha%22+gpg "sha fails, koch-gpg fingerprints are meaningless", which had been foretold here for... years.
diana_coman: mod6, list of deps for trb from what I gathered on a fresh, minimal centos box: bc, gcc, g++, gpg, wget, perl, patch, rsync, sha512sum, unzip
asciilifeform: the sha1 people posted the algo. shouldn't take too much work to turn it into a, e.g., gpg fp clobberer.
asciilifeform: or, alternatively, a much easier sha1 collision, in which case i only fool ~all extant gpg clients~ but not a d00d with magnifying glass actually multiplying out the rsa
a111: Logged on 2014-10-16 14:00 mircea_popescu: btw, cazalla bingoboingo and everyone else in the same situation : if the blob gpg spits out when you sign contains a SHA1 you are using the older, and perhaps not all that secure digest algo. you should move on to sha512 either with --digest-algo SHA512 or else edit gpg.conf to insert personal-digest-preferences SHA512 SHA384 SHA256
mircea_popescu: first case of koch-gpg / openshit-ssh keys sharing a factor. pity it's such a lulzy one, HOWEVER, it does make the "sks error" nonsense just a little more lulzy.
asciilifeform: when you built gpg-error, it shat out a binary, gpg-error-config
asciilifeform: well, the way it is done in gpg (rsa sig of sha1) is indeed retarded
jurov: yes, your shares are tied to your gpg fingerprint, so pls make a signed request to onetime/automatic delivery toi certain coinbr account
a111: Logged on 2016-06-04 14:44 mircea_popescu: asciilifeform ftr, i have nfi what you're using, but most people here are using either aes256 or twofish, i would suspect. and if they do not - they should edit ~/.gnupg/gpg.conf and add personal-cipher-preferences AES256 TWOFISH right above the line that says personal-digest-preferences SHA512
mircea_popescu: asciilifeform ftr, i have nfi what you're using, but most people here are using either aes256 or twofish, i would suspect. and if they do not - they should edit ~/.gnupg/gpg.conf and add personal-cipher-preferences AES256 TWOFISH right above the line that says personal-digest-preferences SHA512 ☟︎
Framedragger: http://btcbase.org/log/2016-06-04#1476783 << don't forget that a "full" gpg fingerprint is a shitty 160 bit sha1sum, heh ☝︎
jurov: shinohai: you send me gpg signed request to add all your qntra shares to coinbr account X , and if you want, to do it automatically from now on
jurov: it uses sha-1 of gpg --decrypt to spot duplicates
punkman: retroshare does p2p forums with gpg, but I wouldn't really trust the thing
kakobrekla: shasum /usr/bin/gpg
jurov: hanbot & hdbuck: you can call the s.qntr shares any time now or later, upon gpg signed request with destination coinbr/mpex account and whether it should be delivered once or always ☟︎
danielpbarron: i noticed today that you don't need to rename the files in order for them to verify; you can sha1sum and gpg --verify the downloaded attachments as they come, and go straight to extracting the tar afterwards
asciilifeform: i sorta want to start doing this thing where we for blocks 0 ... n, sha512sum block_n | gpg ... ☟︎
trinque: Hasimir: deedbot records the sha256 of gpg signed messages into the bitcoin blockchain
ben_vulpes: ascii_field: would you share the code for splitting the gpg dumps up?
BingoBoingo: funkenstein_: Edit your GPG conf file to switch from SHA1 to a better message digest
Adlai: mike_c: i'd rephrase that as "is it kosher to associate a single wot node with multiple nicks" ie ratings to nicks sharing a gpg key should apply to both equally
nubbins`: ostensibly so it's easier to shame people who have registered both a gpg key and a btc address, but choose not to auth via gpg
punkman: re: sha1 and gpg settings, this is useful https://github.com/coruus/cooperpair/blob/master/saneprefs/gpg.conf
assbot: Logged on 16-10-2014 14:00:51; mircea_popescu: btw, cazalla bingoboingo and everyone else in the same situation : if the blob gpg spits out when you sign contains a SHA1 you are using the older, and perhaps not all that secure digest algo. you should move on to sha512 either with --digest-algo SHA512 or else edit gpg.conf to insert personal-digest-preferences SHA512 SHA384 SHA256
Apocalyptic: by the way are SHA1 gpg-signed messages considered read ? I read somewhere one might rather use sha256 or higher, don't know if there's any merit to that claim
mircea_popescu: btw, cazalla bingoboingo and everyone else in the same situation : if the blob gpg spits out when you sign contains a SHA1 you are using the older, and perhaps not all that secure digest algo. you should move on to sha512 either with --digest-algo SHA512 or else edit gpg.conf to insert personal-digest-preferences SHA512 SHA384 SHA256 ☟︎☟︎
justusranvier: Tonight is bitstien giving a #bitcoin-otc and GPG contracts tutorial, followed by yamamushi demoing his "filesharing over bitmessage" app
mircea_popescu: you know, the schneier of "this is an interesting article on gpg by Random Asshat Greene, Cryptozoologist"
fluffypony: listing on an "exchange" that anyone can list on with zero due diligence or even an email address verification makes it doubly challenging...I suggest leveraging the -otc WoT and GPG contracts (http://wiki.bitcoin-otc.com/wiki/GPG_Contract) to build trust and tie yourself down to shareholders
gribble: Nick 'bitcoinpete', with hostmask 'bitcoinpete!~bitcoinpe@S01060016cbc6cced.ed.shawcable.net', is identified as user 'bitcoinpete', with GPG key id 165749929F9A6BDD, key fingerprint E6625CC14638C4CA404694E9165749929F9A6BDD, and bitcoin address None
gribble: Nick 'bitcoinpete', with hostmask 'bitcoinpete!~bitcoinpe@S01060016cbc6cced.ed.shawcable.net', is identified as user 'bitcoinpete', with GPG key id 165749929F9A6BDD, key fingerprint E6625CC14638C4CA404694E9165749929F9A6BDD, and bitcoin address None
gribble: Nick 'bitcoinpete', with hostmask 'bitcoinpete!~bitcoinpe@S01060016cbc6cced.ed.shawcable.net', is identified as user 'bitcoinpete', with GPG key id 165749929F9A6BDD, key fingerprint E6625CC14638C4CA404694E9165749929F9A6BDD, and bitcoin address None
thestringpuller: so then non related person sends you the issuer a gpg signed email from both the original shareholder and themselves signifying an exchange
tg2: brb sha1 1024 gpg key inbound
benkay: either gpg, or sharpie in the pooper.
gribble: Nick 'bitcoinpete', with hostmask 'bitcoinpete!~bitcoinpe@S01060016cbc6cced.ed.shawcable.net', is identified as user 'bitcoinpete', with GPG key id 165749929F9A6BDD, key fingerprint E6625CC14638C4CA404694E9165749929F9A6BDD, and bitcoin address None
thestringpuller: mircea_popescu: "This means that the physical machine which hosts the trading engine is not accessible directlyii from the Internet." <<< so if i were to vpn a machine with a private gpg key and send data over the wire (via some computer) I would never have to worry about the keyring being compromised? Or is the most effective way to sign/encrypt/decrypt/verify data on an airgapped machine then marshall it over v
bounce: skipped the standard issue FUDwords artcle for the abstract of the paper. it reads like the ecdsa equivalent of the cache hit/miss sidechannel gpg key snatch. ie, don't run bitcoin transactions on shared or even virtual anything boxes. no running wallets on ec2, say.
herbijudlestoids: BingoBoingo: how is turtle F2F different from retroshare...which uses mircea_popescu favorite GPG
nubbins`: [SSWs] are numbered and GPG signed instruments which create the right for a beneficiary specified by GPG fingerprint to purchase a specified number of S.MG shares directly from MiniGame"
nubbins`: "Special Stock Warrants (abbreviated SSW) are numbered and GPG signed instruments which create the right for a beneficiary specified by GPG fingerprint to purchase a specified number of S.MG shares directly from MiniGame for a specified price, no earlier than a specified date."
jurov: and, if they absolutely strive improve over gpg, need to better protect input/output from copy/paste/encoding mishaps
mircea_popescu: for instance, if i were to sign blocks with my gpg signature the suspicioun would be misplaced, as it's not bloody likely i've shared my private key with some random miner to win a bet.
ThickAsThieves: "Please note that due to my vacation in Spain, the payout and buy back of the S.DICE shares will not happen until the 28th. I am sorry for this but I do not have my gpg key and such on my laptop they are on a dedicated computer of which I currently do not have access to. Best Regards, DeaDTerra"
jurov: i think mp is the wrong person to ask things from... you want to have corporations that issue something like gpg-signed share certificates
kakobrekla: can someone sell me 1 share of tu.silver here in otc gpg signed contract, you get keep holding the share for me
jurov: so, dividend issuers have a nice tool they'll need maybe once a month... but end users shall fumble with gpg and browserevery time they trade?
BTC-Mining: I don't know how much shares he had. But I suppose if he signed it with his gpg key, I could indeed pay interests to you for his debt.
mircea_popescu: BTC-Mining i must shamedly confess i haven't been using gpg for all that long.