600+ entries in 0.271s
ave1: diana_coman, I'm reading through the eucrypt / RSA code and see that the 'get_random_prime' function will open and close the random number generator itself. I would like to open the
entropy source once and reuse it, but maybe there is good reason to do it like this and I should not attempt to do it differently?
mircea_popescu: ideally you want to kill the "csprng" altogether and simply feed the
entropy pool.
a111: Logged on 2018-02-09 20:16 pete_dushenski: ben_vulpes: fed fg to /dev/random then crossed my fingers and closed my eyes in hoping that gpg sourced
entropy from there
pete_dushenski: ben_vulpes: fed fg to /dev/random then crossed my fingers and closed my eyes in hoping that gpg sourced
entropy from there
☟︎ mircea_popescu: think about it for a second, what's the aleph of
entropy ?
mircea_popescu: and suddenly the fg
entropy debit is relevant : eulora server will be capable to produce iirc no more than 64 serpent keys/second per installed FG.
mircea_popescu: as you'll reject the primes and end up with the same 2045 bits of
entropy mod6: when you say 'lost bottom bits' worth of
entropy -- you save the discarded bits and use them later', are you talking about the highest order 2 digits, and the lowest 1, saving their original lower-order half and using that?
a111: Logged on 2017-11-13 11:43 mircea_popescu: this is evidently a "loss" of
entropy, in the sense that what is advertised (4096) differs from what is actually delivered (no more than 4090). i am of a good mind to start calling them 4090 bit keys tbh.
mod6: <+mircea_popescu> in other news : it was established in teh minigame torture rooms that in point of fact 4096 bit keys contain only 4090 bits of
entropy at the very most (minus whatever koch-gpg manages to shave off in other ways). << uugh. every time we peel a layer back...
mircea_popescu: this is evidently a "loss" of
entropy, in the sense that what is advertised (4096) differs from what is actually delivered (no more than 4090). i am of a good mind to start calling them 4090 bit keys tbh.
☟︎ mircea_popescu: in other news : it was established in teh minigame torture rooms that in point of fact 4096 bit keys contain only 4090 bits of
entropy at the very most (minus whatever koch-gpg manages to shave off in other ways).
ag3nt_zer0: i think the confusion for me stems from hearing two different descriptions of brain wallets - one described as a way to, if i recall correctly, convert a privkey to a string of words to then be memorized and carried in brain over international borders or what not... and the other encounter I have with this concept is pete's method of generating a high
entropy keypair and I am pretty sure I am answering my own question here but wou
ag3nt_zer0: it feels like a no-brainer but ahhh... if I use pete_dushenski's high
entropy wallet method, I only need the private key generated by the words right? I dont need to keep the words... seems obviously dumb when I write it but the redditards are throwing me off here
a111: Logged on 2017-09-02 00:04 mircea_popescu: asciilifeform seed is a combo of site-produced TRNG
entropy and player-set (with defaults if playher doesn't feel like setting). you can change your portion at any time.
davout: BYO
entropy, can't possibly hurt
a111: Logged on 2017-11-03 19:26 vlad56324: but if i generate
entropy with my paper + pen, am i on the safe side or still intel can theoretically fuck me?
vlad56324: but if i generate
entropy with my paper + pen, am i on the safe side or still intel can theoretically fuck me?
☟︎ mircea_popescu: very literally true, too. the act of fermentation as a thermodynamic process is correctly modelled as an increase in
entropy ie exactly "that way lies demonology"
mircea_popescu: which is what i mean by "
entropy work". $value-of-
entropy work.
mircea_popescu: asciilifeform "if one built a cylinder with independent pistons and a partition, and put a single molecule in, and knew on which side it found itself, that one could extract
entropy work out of the assemblage!"
mircea_popescu: asciilifeform seed is a combo of site-produced TRNG
entropy and player-set (with defaults if playher doesn't feel like setting). you can change your portion at any time.
☟︎ Barbarossa_: fwiw I've never heard a player even ask how they generate the
entropy Barbarossa_: Pokerstars, the largest site, uses a semi-transparent mirror for
entropy Barbarossa_: don't get me wrong: I'm mostly just trying to wrangle for an even cheaper implementation of gold standard
entropy (despite not being a joo)
mircea_popescu:
entropy poor machine is definitionally not supposed to rsa
PeterL: well, on
entropy poor machine it would be slow, wouldn't it?
mircea_popescu:
http://btcbase.org/log/2017-08-10#1696685 << it's cheap in the sense making your shoes by hand is cheap. it can be fun, but that's as far as it goes. leaving aside problems of how much a pair of aluminum, ruby or w/e dice cost (ie, GOOD dice), a throw provides you with a few bit's worth, FG spits out kB's worth per second. on a per-
entropy-bit cost, figuring in capital goods, salary for the thrower, etcetera, FG is about 5 de
☝︎ edivad: at these times porn industry should have generated enough pornstar name
entropy edivad: using deterministic shit, I'm reducing the
entropy of my keys, correct?
edivad: basically, i recently learned how to generate private keys with a D16 + paper and pencil, and i thought that was a great way to have low cost true
entropy a111: Logged on 2016-08-18 12:32 mircea_popescu: asciilifeform since we're on this btw, the way i want tmsr-rsa key generation to work is as follows : a contains a number of
entropy bytes specified by user in tmsr-rsa.conf read whenever tmsr-rsa.conf specifies (such as urandom); b contains a base-tmsr string specified by user. c = base-tmsr(a).b ; p = nextprime(cut(sha512(c),257)) ; process is repeated for q = nextprime (cut(sha512(c'),258));
PeterL: in " n / e^2 bits of
entropy ", what are n and e, the key modulus and exponent?
mircea_popescu: and since we're apparently doing rsa likbez : if r used in padding above contributes less than n / e^2 bits of
entropy to the final, padded message, coppersmith has a few words to tell you.
mircea_popescu: you mean, you had a boxed fg running and it produced 20GB of
entropy so far and you can't detect anything more or less than with an unboxed FG ?
mircea_popescu: "i will derive my
entropy from physical processes nearby!" "o aren't you cute"
mircea_popescu: now this is interesting. there is no... state machine
entropy tester ? ynot!
mircea_popescu: the whole discussion is, given a stream of perfect
entropy, how to construct known-degree-of-badness out of it.
mircea_popescu: asciilifeform no that's exactly what we're doing. controlledly-bad-level
entropy.
mircea_popescu: asciilifeform there is that, yes. but we're doiong this for instrumentation in teh lab not for any other purpose. it's a tracer for
entropy, like the shit they make you swallow to see your stomach.
mircea_popescu: in a sense. it has multiple utilities, it allows you to try and guess (numerically) whether for instance better
entropy or more passes are useful for rabin miller
mircea_popescu: then we feed it into
entropy-dependent processes (say the rabin miller test, as discussed yest) and see what comes out.
mircea_popescu: M' is now a "known low
entropy bitfield". we know it to have degraded by 100/1Mb or w/e the case may be
a111: Logged on 2017-07-10 19:50 mircea_popescu: which incidentally brings us to a very workable and very useful tmsr definition of
entropy quality : take a FG string. flip a number of consecutive bits to 1. the result is your
entropy quality, such as 100/1mb if you flipped 100 bits.
mircea_popescu: ben_vulpes here's a high pay grade question for you : of the two models of "controlled de-
entropy" i spawned in a week, specifically a) count of randomly placed flipped bits, as in the discussion with you re that and b) string of randomly initiated, n bit long SET bits, as discussed in
http://btcbase.org/log/2017-07-10#1681268 which does the bitcoin foundation regard as a better candidate for standardization as "the republic'
☝︎ mircea_popescu: which incidentally brings us to a very workable and very useful tmsr definition of
entropy quality : take a FG string. flip a number of consecutive bits to 1. the result is your
entropy quality, such as 100/1mb if you flipped 100 bits.
☟︎ mircea_popescu: asciilifeform that's another thing i would like : a graph of the relation of the m-r failure rate to the a)
entropy quality and b) margin.
jurov: and cryptographers just invented --
entropy.
a111: Logged on 2017-06-27 05:44 mircea_popescu:
http://btcbase.org/log/2017-06-27#1674829 << your correct answer there was to say you use FG as a clock. which'd have totally sunk him, "my time comes in MB
entropy chunks, ha-HA!"
mod6: <+asciilifeform> ^ d00d pushing 'onerng' over FUCKGOATS, with argument that the former 'is open source, mathematically verifiable, ...drivers for all current os, even openbsd...' while the latter 'no drivers, connection using obsolete medium - serial port, limited
entropy' << limited
entropy?! herp.
mod6: i went back to my linux output
entropy files to see about the 'ff fd' thing; I'm really jammed up on openbsd. and that's a different side-quest we can discuss later. but now i'm wondering about the flow-control/output from collections done on linux
Framedragger: oooh nice. /me yet to generate 1gb+ of
entropy, will post when that's done
lobbes: (+mircea_popescu) mod6 i can't imagine lobbes 's have any issue lending the bot, once this is all in place. << yeah, no issue here. I'd be honored to have genuine
entropy traded via bot