tmsr - Search: koch

ossabot: (ossasepia) 2020-03-09 jfw: ah there was also Eucrypt, part of which was a liberation of gcrypt from Werner Koch & co. right?

ossabot: Logged on 2020-02-04 01:39:30 mircea_popescu: there's a lenghty pile of disadvantages to the current mechanism we use, not least of these being that it actually imports koch-pgp. it also does suspect signature shenanigans of all sorts, which could potentially present security risks

diana_coman: mircea_popescu: I'd very much like to finally move off koch-gpg and so ~anything in that direction is quite of interest to me; I'll gladly help re eucrypt too if/when needed, if that's a block for anyone.

mircea_popescu: there's a lenghty pile of disadvantages to the current mechanism we use, not least of these being that it actually imports koch-pgp. it also does suspect signature shenanigans of all sorts, which could potentially present security risks

mircea_popescu: so koch-gpg is, out of the box, worse than useless for archival : tar / zip / etc as they exist on unix-likes are fucked in the head enough such that if there's a byte error, either the remainder of the archive or the bytes past that one in the list are lost ; but this can be mitigated at least by having multiple copies. gpg however, multiple copies are equally useless, if none make it intact the contents is lost, because

mircea_popescu: in other "lulz", in the sense that koch & co are so fucking evil it boggles the mind : gpg has an ascii armored mode, which however contains no error recovery.

asciilifeform: diana_coman: whole story of how asciilifeform ended up with peh , if you recall, at one pt asciilifeform wanted to bake a battery-powered 'gpg replacement'. then went and saw what gpg actually consisted of, and found that not only koch liquishit, but broken on ~algo~ level

asciilifeform: barrett is admittedly slightly tricky to 'load into head', but it's where we beat the living shit out of koch et al speedwise (for some reason they never bothered to bake a barrett, even tho method was known since '86

asciilifeform: mp_en_viaje: knowing 0 aside from the product , i would say it is not correct to put wolf in the company of koch -- wolf actually did sumthing nontrivial and useful ( mapped out the ice40 matrix )

asciilifeform: http://btcbase.org/log/2019-03-30#1906193 << interestingly, at 139.2 kloc , still 1 of the heaviest proggies in civilized use; vs, e.g., trb ( http://btcbase.org/log/2018-11-29#1876053 ) ; but lighter than koch gpg ( if minus autoconf, http://btcbase.org/log/2017-07-08#1680705 ) or linux kern. ☝︎☝︎☝︎

asciilifeform: koch et al shat out his 'fixed witnesses' thing, and folx ate it largely cuz rng poverty. which we dun suffer from.

asciilifeform: whereas if you actually lift 32+ rng witnesses from a working rng (as in asciilifeform's demo, or diana_coman's proggy, and elsewhere where not koch.. ) actually converges (for so long as you actually have working rng)

asciilifeform: will be lulzy if we end up finding that koch's 'whitener' actually optimizes for sad N

asciilifeform: in koch for instance.

asciilifeform: mircea_popescu: funnily enuff, koch takes approx same time, and that's with him not using rng witnesses at all iirc...

a111: Logged on 2019-02-17 16:05 asciilifeform: ( and when found that ~despite this~, http://www.loper-os.org/?p=2906 , was pant-shittingly hilarious, how koch still managed to be the tortoise in the race )

asciilifeform: ( and when found that ~despite this~, http://www.loper-os.org/?p=2906 , was pant-shittingly hilarious, how koch still managed to be the tortoise in the race ) ☟︎

asciilifeform: iirc diana_coman already did some time in that joint , when walked koch's thing

asciilifeform: ( witnessed in e.g. koch )

mircea_popescu: ie, yes, jenkins sings to carnegie hall, koch cryptograpies to the conference plastic carpet, some kids in egypt http://trilema.com/2011/bine-ati-venit-la-noi-in-tara/#selection-177.0-177.14 and so following.

asciilifeform: koch et al, 'play in carnegie hall', like the infamous florence foster jenkins

asciilifeform: ars longa & vita brevis, to touch ~errything~. i'm prepared to piss on koch, but i won't piss on gliderist who gets in nobody's way

asciilifeform: pretty sure koch is 100% aware.

mircea_popescu: koch application of fermat DIRECTLY maps on the above "random definition".

asciilifeform: ( in that respect, koch is arguably 'professional', entirely bought an' paid for by microshit et al )

asciilifeform: so possible that koch 'duct taped' m-r onto it.

asciilifeform: good % of what's in koch's thing, cannot be explained in any other way.

mircea_popescu: then koch expects to be hired because koch ~is~, whatever the hell he might be, polite, pedigreed, mit-degreed, "famous" in the smartphone sense etcetera.

mircea_popescu: koch is implementing fermat because fermat ~is~ the test, not because fermat ~does~ something.

a111: Logged on 2019-01-30 16:43 asciilifeform: ( as i understand, in koch world fermat test uses ~exactly same # of cycles as 1 shot of m-r )

asciilifeform: arguably this one's even moar outrageous, koch manages to lose even tho he uses miniscule bases in his modexp (in m-r)

asciilifeform: ( as i understand, in koch world fermat test uses ~exactly same # of cycles as 1 shot of m-r ) ☟︎

asciilifeform: diana_coman: i recently reread your series re primes, and found http://ossasepia.com/2018/01/04/eucrypt-chapter-4-random-prime-number-generator/#selection-111.241-117.155 interesting -- koch fermats 1st, but this dun actually save any cpu under any circumstances. pretty lulzy.

asciilifeform: BingoBoingo: to nitpick, s/in Barrett's Modular Reduction/in modular exponentiation/ , koch dun use barrett ( he uses montgomery, which dies on even numbers, lol )

asciilifeform: will be interesting to test on '9000' koch-generated primes, and see if any... aint

asciilifeform: koch , otoh, does other thing entirely, trims the bitness to be below N's

asciilifeform inclined to reject koch's optimization ( which diana_coman retained ) where witness consists of rng(bitness_of_n - 2) , and actually make witness equal to rng(width) mod (n - 2) for full range

asciilifeform: the folx who shat out apache & co., i suspect were at least as aggressively retarded as koch.

asciilifeform: koch's turd, despite being implemented in c, with no bounds checks, actually loses to ch14 ffa , for inputs of same ~width~ -- despite fact that he doesn't constanttime and thereby gets to skip massive work

asciilifeform: it 'works' in the same way as other 'nobus-maintenance' kludges (e.g. koch's 2016 patch) 'work' -- raise bar so that nobus

asciilifeform: it is difficult to dispell even the most outrageous lulhypothesis re koch-gpg. sorta what makes it 'speshul', what, 40MB of ???.

mircea_popescu: (the view that gpg aka koch-rsa leaks bits via signature isn't entirely dispelled even today)

asciilifeform: ( yet aaanother thing that koch didn't give )

asciilifeform: ( recall, diana_coman uncovered various lulz re koch's variant )

a111: Logged on 2019-01-09 15:36 asciilifeform: last night i re-read diana_coman's piece on m-r , it is interesting just how much sweat diana_coman had to put in simply on account of koch gnarl

asciilifeform: last night i re-read diana_coman's piece on m-r , it is interesting just how much sweat diana_coman had to put in simply on account of koch gnarl ☟︎

asciilifeform: mircea_popescu: mpi is subset of gmp that koch cut ( and ate $mil of microshit payola to do it, somehow ) , aha.

asciilifeform: i've been referring to mpi and gmp interchangeably as 'koch rsa', but this is unscientific, i must remind that they are diff items.

asciilifeform: the 1 application where ffa defo dunwork, and koch -- does, is phuctor.

asciilifeform: also recall the (surprising to asciilifeform , but apparently nobody else) discovery that ffatron as-is-stands is ~2.5x faster than koch.

asciilifeform: mircea_popescu: correct. the item that needs padtron, is mircea_popescu's specced 'fuckng replace gpg already' ; and possibly also koch-free euloratrons.

asciilifeform: diana_coman implemented prototype, using koch

asciilifeform: the only folx for whom 'mystery' and 'requires' 50,000 ln of overflowlang -- are koch et al

asciilifeform: ( the punchline is that koch, ssl, etc are ~in this set~ )

asciilifeform: in other noose, earlier this wk , asciilifeform tried to repeat http://www.loper-os.org/?p=2906 test , but using 'gmp', the 'uncut' version of koch's thing, with asmism etc. but lo and behold, it is apparently impossible to repeat the full test battery, because :

mircea_popescu: so your reasoning was that if some bits get left out the koch is gonna eat them ?

asciilifeform: gpg itself is substantially moar crippled than koch's mpi lib

asciilifeform: test was re koch's arithm engine (which does take arbitrary exps etc, and a patched ver is used in e.g. phuctor)

a111: Logged on 2016-11-26 16:31 asciilifeform: koch's shitball per se is written in such a way that the cruft is glued on with broken glass (all the ciphers are modularized in very gnarly multilayered way, whole thing relies through and through on his weirdo streams thing, 1,001 idiocies)

asciilifeform: but i expect ffa-cum-asmism will still beat shit out of koch-cum-asmism

asciilifeform: incidentally, it's a 'fair fight', i.e. both ch14 ffa and mpi-koch lack asmism

asciilifeform: if only merely 'spun in desert'. these are the folx who gave us 'i lost mah keyz' zimmarman, who then pupated into 'rng, what rng' koch, et al

asciilifeform: koch loses surprising amt of cycles to variablewidthisms/heapism.

asciilifeform: ^ which is about on par with koch's, interestingly

asciilifeform: ( and , in fact ~to the credit of~ koch, at least the latter didn't fuck about with 'proofs' )

asciilifeform: approx on par with e.g. koch.

a111: Logged on 2018-11-29 19:21 diana_coman: asciilifeform, and the loc is not the whole story either; I'd much rather read *your* 1000 loc than Koch's 100 loc

diana_coman: asciilifeform, and the loc is not the whole story either; I'd much rather read *your* 1000 loc than Koch's 100 loc ☟︎

asciilifeform: 'Feb. 5, 2015, 8:10 p.m.: After this article appeared, Werner Koch informed us that last week he was awarded a one-time grant of $60,000 from Linux Foundation's Core Infrastructure Initiative. Werner told us he only received permission to disclose it after our article published. Meanwhile, since our story was posted, donations flooded Werner's website donation page and he reached his funding goal of $137,000. In addition, Facebook an

asciilifeform: ( archaetypical ill-conceived 'smart' -- koch's 'keychain' nonsense )

asciilifeform: mircea_popescu: presumably cuz koch stuck a gpl sticker on it

asciilifeform: mircea_popescu: stallman has plenty to answer for, but i dunno what he has to do specifically with koch's gpg

asciilifeform: maybe ilsa koch had one ?

asciilifeform: somehow on koch planet, is seen as acceptable..

mircea_popescu: but yes, as far as anyone knows 2048 bit keys perfectly safe, now and for the foreseable future (this isn't a comment on koch faux-pgp, which unsafe at any length as well documented in logs qntra and so on).

mircea_popescu: i should have thought of that! think alfie, a future world wherein all thart's left is nostalgia for the past. a past which is no longer accessible, except in the limited sense, that victorian novels about prim sad ladies have pages steeped in koch solution ; whereas italian fiction of the plague will gladly give you it.

asciilifeform: pretty sure nobody has any other gpg eater than callout to koch

asciilifeform: recall , similarly, koch's 'fix' for his mpi bug.

mircea_popescu: all that code SHOULD NOT have been shared. not with fucking red hat, not with fucking koch, not with fucking drepper and so on.

mircea_popescu: "extension scripts", fancy that wonder. koch put ethereum in gpg before ethereum was even "a thing"

asciilifeform: meanwhile, in other koch gpg2isms : https://archive.li/FWdDD >> '...signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extensions scripts. Modifying the configuration file allows the attacker to inject additional encryption keys under their control, thereby disclosing passwords to the attacker. Modifying the

lobbesbot: trinque: Sent 13 hours and 6 minutes ago: <asciilifeform> might be worth testing whether koch's latest lul affects deedbot's gpg hose

asciilifeform: !Q later tell trinque might be worth testing whether koch's latest lul affects deedbot's gpg hose

asciilifeform: diana_coman: it was a specific chumpatronic term used by koch et al

asciilifeform: it so happens that i've designed exactly such a device. but it will be filled with ffaware, not koch. and all things in their proper time.

ben_vulpes: pete_dushenski: you don't want a 4096 bit key; i can't find the relevant logs at the moment but koch-rsa does bad shit when generating keys > 2048 bits

asciilifeform: sometimes, trivial fix. ( koch's gpg had at least 1 case, iirc ) but doesn't generalize to a mechanical fixer.

asciilifeform: the difference b/w http://btcbase.org/log/2018-01-26#1776941 and e.g. koch-rng remains apparent to anybody with half a brain ☝︎

asciilifeform: ^ for anybody else who stepped on same koch mine

mircea_popescu: what is your standard of proof anyway ? suppose x claims that koch works for weimer ; and y claims weimer works for koch. how do you distinguish these claims ?

mircea_popescu: how about this "mechanical borrowing" system you proposes ACTUALLY weakens responsibility, because the 15, instead of taking seriously their true deed, which IS in fact authorship-indistinguishable, rather aim to hide behind a claim of "hey, we merely work here, signing signatures" a sort of "well i really wanted to X and the only part Y available was Koch's so don't blame me"

asciilifeform: just like all cmachineism eventually converges to koch.

mircea_popescu: http://btcbase.org/log/2018-01-08#1766977 << i don't see the problem with using the actual spec. koch "optimizations" not really useful. ☝︎