500+ entries in 0.021s
sina: anyhooz. patience from the usual suspects on RSA discussion greatly appreciated. must be off, have wonderful days all.
sina: mircea_popescu: and yet it is so, the logs are the only place I can imagine such a sentence being discussed today
sina: seek and ye shall find
sina: I mean I can picture reading it in the logs
sina: "You only think I guessed wrong! That's what's so funny! I switched glasses while your back was turned! Ha ha, you fool! You fell victim to one of the classic blunders - The most famous of which is "never get involved in a land war in Asia" - but only slightly less well-known is this: "Never go against a Sicilian when death is on the line"! Ha ha ha ha ha ha ha! Ha ha ha ha ha ha ha! Ha ha ha... "
sina: actually this quote seems like 100% mircea_popescu
sina: that is the one, although the book from which it derived is equally enjoyable
sina: whenever DPR does a thing, Vizzini is forced to say "Inconceivable"
sina: oh. so in the movie Vizzini is the supersmart villain trying to kidnap this lady, and the good guy Dread Pirate Roberts keeps chasing him despite various obstacles Vizzini has created
sina: also a famous internet meme
sina: some actor playing the character of "Vizzini" in "The Princess Bride"
sina: mircea_popescu: only as a matter of curiosity, given your worth re above statement, do you take any of these actions?
sina: trinque: to clarify, contentment in understanding, not of the status quo
sina: asciilifeform, trinque, no misconceptions in my summary?
sina: then I am reasonably content :P
sina: mircea_popescu: if that is a complete list, then I am content with a useful answer.
sina: "today, until a constanttime solution is in place, gpg is the tool of choice for RSA encryption. any time you use it, you can't know whether you have completely compromised your private key. and we use it anyway."
sina: alright. please let me attempt to summarise the discussion thus far, and correct any misconceptions
sina: and so it is, "do not encrypt 500 cake recipes a second"
sina: trinque: does the general commit his troops to an action and see if he fails? or try and understand the enemy movement and tactics, to say "ok, crossing the bridge with enemy awaiting on farside, bad idea" without needing to act on it
sina: whereas I am asking, what is the gradient of consequence, given differing scenarios and adversaries
sina: but that is not congruent with actions taken, otherwise all here would treat their keys as compromised?
sina: it seems the answer so far given is only "the consequence is always the worst, given this particular act"
sina: trinque: of course! and I ask, is there no value in understanding the consequences of a given act?
sina: again to reiterate I seek only understanding, not to make a point or argument
sina: does my line of thought really make so little sense?
☟︎ sina: otherwise asciilifeform would surely say "what is the point of encrypting, I am broadcasting my key to all, every time"
sina: want to send my encrypted cake recipe to trinque"
sina: it's not an argument, only the next thought that pops into my head as a consequence of the discussion. all here seem on the same page re constanttime stuff, yet all here are using the tool in spite of that, so there must be some thought process which allows someone as reasonably paranoid as asciilifeform to do so, i.e. "I am not concerned with timing attacks of class X, Y, Z from adversary A, B,C when I
sina: and yet, here we all are, encrypting, decrypting, signing ascii with some RSA stuff all the time, in spite of that
sina: anyone who can ping my box? anyone in the world?
sina: or to ask alternatively, broadcast to whom?
sina: can I safely state, if I want to email trinque RSA encrypted cake recipe, that asciilifeform can never read it?
sina: trinque: given the quoted statement, what are the implications? for example, does it imply that a passive network adversary will not be in a position to mount a timing attack? or does it so?
sina: I ask here, because I feel here can give a useful answer
sina: feel free to say "it's a dumb question, go away"
☟︎ sina: given observation of behaviours
sina: only seeking of complete understanding
sina: at least until 21st century hygeine comes along
sina: none of us do, and yet, tmsr uses "18th century hygeine" anyway. I am assuming because of considered evaluation of possible threats and their outcome
sina: trinque: my question being, given a sina sitting in the crater, what is the list of things ~impervious to, what is the list of things not
sina: trinque: to extend your analogy. you are on a field, in a crater. you are ~impervious to horizontal machine gun attack thanks to the crater, but vulnerable to mortar attack
sina: given that. what are the practicalities, today, on the ground
☟︎ sina: asciilifeform: "you cannot conceal an awl inside a sack" understood and accepted
sina: again, it's understood
sina: e.g. asciilifeform uses gpg, even though he knows some adversary might read his key via timing attack, because the list of adversary which can do so, he has discounted
sina: for the purpose of proper understanding
sina: just, hopefully a list of adversary capability mapping to outcomes
sina: which is fine, and I guess my point, because you must understand there is some adversary which can read your keys and some which cannot and you as of current, accept the risk
sina: right. so you use it, despite it being as "awlish" as anything?
sina: my understandinf of your POV is that there is currently no adequate constanttime impl
sina: asciilifeform: so what software do you currently use for RSA encryption
sina: what I'm trying to understand, is which adversaries can mount a timing attack, and which cannot, given async comms
sina: I guess I should rephrase my question
sina: right, I know the thing of synchronizing bullets with the propellor spins
sina: however I would note that at the end of that thread it was still unclear to me how the final model I proposed was unsafe in any case
sina: asciilifeform: if you would consider this question as a continuation of that thread rather than repeat, I'd appreciate
sina: "to listen" ...to...EMR...right?
sina: giving them away to whom? certainly not to a passive network adversary...right?
sina: I lose the key because an adversary is nearby watching all my EMR?
sina: can you give me an example situation mircea_popescu?
sina: but if I write an email on my box, encrypt it with RSA, then send it...what timing info can be derived?
sina: I mean, I get that there are timing attacks you could perform if there was a synchronous stream of traffic happening
sina: as commonly implemented
sina: asciilifeform: basically I am wondering about the "threat model" of constanttime sidechannel stuffs. for example, let's say I want to write you an email with RSA encrypted body, or receive same from you, is there really a sidechannel there? I guess I'm asking in terms of async vs sync encrypted comms
sina: hi shinohai! nb, and you?
sina: asciilifeform: if you are about I have a question for the resident expert on constanttime stuff
sina: enjoy your remaining weekend!
sina: alright ladies and gentlemen, off to visit some friends and have some pho
sina: double encoding is the best and least confusing kind of encoding
sina: that sounds reasonable
sina: hey phf, quick q, is lisp memory safe?
sina: trinque: I just came to try and get a rise out of asciilifeform :P
sina: have a nice evenin all
sina: not gonna hang around, got a headache
sina: anyway I just wanted to test and make sure all of my things were working post upgrade
sina: haha that sounds a lot more fun
sina: I just upgraded to Fedora 26 :)
sina: it's an in memory key value store with concurrency business
☟︎ sina:
http://btcbase.org/log/2017-07-09#1681116 << AFAIK there are only three methods of handling this, either read header bytes which specify how many bytes to read, or read until a newline-type char or read a fixed number of bytes. would be interested in discussing that further if others know of better ways to handle, it's an interesting problem. I guess reading a fix number of bytes is preferable.
☝︎