log
192 entries in 0.561s
asciilifeform: recall , similarly, koch's 'fix' for his mpi bug.
mircea_popescu: all that code SHOULD NOT have been shared. not with fucking red hat, not with fucking koch, not with fucking drepper and so on.
mircea_popescu: you know, EXACTLY HOW KOCH GPG WORKS ?
mircea_popescu: "extension scripts", fancy that wonder. koch put ethereum in gpg before ethereum was even "a thing"
asciilifeform: meanwhile, in other koch gpg2isms : https://archive.li/FWdDD >> '...signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extensions scripts. Modifying the configuration file allows the attacker to inject additional encryption keys under their control, thereby disclosing passwords to the attacker. Modifying the
lobbesbot: trinque: Sent 13 hours and 6 minutes ago: <asciilifeform> might be worth testing whether koch's latest lul affects deedbot's gpg hose
asciilifeform: !Q later tell trinque might be worth testing whether koch's latest lul affects deedbot's gpg hose
deedbot: http://qntra.net/2018/06/koch-burns-gpg-signature-version-vulnerability/ << Qntra - Koch Burns GPG Signature Version Vulnerability
asciilifeform: diana_coman: it was a specific chumpatronic term used by koch et al
asciilifeform: it so happens that i've designed exactly such a device. but it will be filled with ffaware, not koch. and all things in their proper time.
pete_dushenski: http://trilema.com/2016/werner-koch-lies/#selection-165.0-168.0 << "4096-bit Republican standard"
ben_vulpes: hey, pete_dushenski how didja plug the fg into the koch-rsa keygenerator?
ben_vulpes: pete_dushenski: you don't want a 4096 bit key; i can't find the relevant logs at the moment but koch-rsa does bad shit when generating keys > 2048 bits
asciilifeform: sometimes, trivial fix. ( koch's gpg had at least 1 case, iirc ) but doesn't generalize to a mechanical fixer.
asciilifeform: the difference b/w http://btcbase.org/log/2018-01-26#1776941 and e.g. koch-rng remains apparent to anybody with half a brain☝︎
ben_vulpes: he is also in my koch-rsa l1, what of it?
asciilifeform: ^ for anybody else who stepped on same koch mine
mircea_popescu: what is your standard of proof anyway ? suppose x claims that koch works for weimer ; and y claims weimer works for koch. how do you distinguish these claims ?
mircea_popescu: how about this "mechanical borrowing" system you proposes ACTUALLY weakens responsibility, because the 15, instead of taking seriously their true deed, which IS in fact authorship-indistinguishable, rather aim to hide behind a claim of "hey, we merely work here, signing signatures" a sort of "well i really wanted to X and the only part Y available was Koch's so don't blame me"
asciilifeform: just like all cmachineism eventually converges to koch.
mircea_popescu: http://btcbase.org/log/2018-01-08#1766977 << i don't see the problem with using the actual spec. koch "optimizations" not really useful.☝︎
asciilifeform: i suspect that koch was blindly following the schoolbook here.
asciilifeform: the nonsensical padding scheme used by rfc2440/4880/koch is on display , incidentally
asciilifeform: naturally koch methodically omitted it
asciilifeform: i mean ffs, koch dun even leave a knob to get ~key~ entropy trngistically.
mircea_popescu: dja understand motherfucking koch fixed one of the witnesses in mr ?
asciilifeform: there is such a thing as maliciously-ugly c. i.e. what koch et al write.
asciilifeform: which is monstrously retarded, but koch did not ask me, lol
asciilifeform: for what do we need an n-th koch
mircea_popescu: which yes, kock wouldn't be koch if he didn't live to try and befoul the tools of salvation through association with his turpitudes.
asciilifeform: koch wouldn't be koch if he did not write it like-so.
asciilifeform: ( it was perhaps 80% of how asciilifeform cut koch-mpi , by similar proportion )
asciilifeform: but it isn't clear to me why weaker koch test would have different answer than stronger m-r
mircea_popescu: was it ever checked whether it would appear prime to koch-gpg ?
asciilifeform: http://btcbase.org/log/2017-12-14#1751803 << at one time i linked to 'diff' src here, when hunting for ordering nonuniformity that turned out to be a uniturdism . it made koch's war crime, look clean.☝︎
asciilifeform: i can even see the logic, 'why would i give half a shit what rngolade to feed to my koch whitenertron'
asciilifeform: and 'uses the components of elgamal' and 'leaks like a sieve if we use koch's routines, via side channel' required additional pedanticism somehow ?
asciilifeform: mircea_popescu: the linked item earlier is from when asciilifeform dug out and studied koch's proposed sidechannel countermeasure. proclaimed it nonsensical and useless, and bit the bullet, 'must bignum from scratch.'
diana_coman: mircea_popescu, we can do it yes; I guess the question is where to start i.e. no point in starting from koch that I can see; starting from asciilifeform 's sane-mpi would be one; adds and deletes stuff
asciilifeform: thing could shrink further, i left koch's buffering system , used by the logger ( also remained ), intact
mircea_popescu: anyway. my conclusion is ima do the eu-crypto as a new genesis, because really most of the koch crap in mpi (esp the prng crap) got dirtched
asciilifeform: so it is still entirely a koch product
asciilifeform: ( she is using my sanitized gpg bignum. but i did not preserve koch's faux-rng atrocity ; so anything pertaining to entropy, is new )
asciilifeform: you lose 1. but in koch's variant you lose 2 .
asciilifeform: aha, koch does
asciilifeform: mod6: noshit koch doesn't do this
mod6: <+mircea_popescu> in other news : it was established in teh minigame torture rooms that in point of fact 4096 bit keys contain only 4090 bits of entropy at the very most (minus whatever koch-gpg manages to shave off in other ways). << uugh. every time we peel a layer back...
mircea_popescu: the reason is that (in a translation of what koch-gpg does into sanity) you take 2045 bits of rng for each possible prime, stick 11 in front and 1 in the tail and THAT is your 2048 bit prime candidate.
mircea_popescu: in other news : it was established in teh minigame torture rooms that in point of fact 4096 bit keys contain only 4090 bits of entropy at the very most (minus whatever koch-gpg manages to shave off in other ways).
diana_coman: existing koch-rsa, simply once with co-prime e, the other time with prime e
asciilifeform: ang-st: asshole in C << koch, drepper, et al. but they're old and they ain't making more, for some reason.
mircea_popescu: http://btcbase.org/log/2017-11-08#1734650 << this is very much a koch-gpg problem in the vein of "lobbes warning people not to rely on the "control dials" as provided by koch-gpg, for being unreliable" and probably the most important example thereof.☝︎
asciilifeform: ( unsurprising koch mechanics )
mircea_popescu: well, at first it was about lobbes warning people not to rely on the "control dials" as provided by koch-gpg, for being unreliable ; then you wanted to talk about fps and then at some point and without warning anyone apparently pivoted to talking about pubkeys and signatures.
mircea_popescu: yes, koch fps are ineptly chosen names. yes there's value in having a biunivocal name-item relation by default.
asciilifeform: observe the mendacious idiocy of koch's signature code, where if sha1 hash collision is found , can forge sigs ~regardless of what sig algo hashing was set to~
mircea_popescu: koch-gpg is an unreliable apparatus in the vein of random-shooting pistols etc.
mircea_popescu: notrly, no. koch-gpg iotself though.
asciilifeform: ( exercise #2 : show how many bits of input entropy are on avg. discarded by koch generator. )
asciilifeform: ( the koch method, of taking R and adding 2 to it until m-r says yes, trivially leaks )
asciilifeform: apeloyee: upstack, it becomes clear that koch put in crt strictly so that gpg can shit out your private key when uncorrected memory flip
diana_coman: <asciilifeform> >> http://wotpaste.cascadianhacker.com/pastes/DrA3R/?raw=true << for n00bs : rsa-cum-crt , as seen in koch's gpg-1.4.10 <- aha, that's what I use, yes; anyways, will comb the thing again a bit later today and then get back with something concrete
asciilifeform: >> http://wotpaste.cascadianhacker.com/pastes/DrA3R/?raw=true << for n00bs : rsa-cum-crt , as seen in koch's gpg-1.4.10
asciilifeform: mircea_popescu: koch
asciilifeform: ( same derps as hosted the koch talk linked earlier, loox like )
asciilifeform: and naturally no koch speech is complete without a 'the web of trust, he feels, is inherently broken. It is only explicable to geeks, and not to all of them, it publishes a global social graph, because signatures on keys imply physical meetings on known dates, and it doesn't scale.'
asciilifeform: 'So instead he's moving toward ECC ciphers, which are well-researched — more so than RSA, according to Koch. '
asciilifeform: 'Koch then moved into Elliptic Curve Cryptography (ECC), which he discussed at some length. RSA, he said, is not likely to stay secure for much longer without really large keys. Support for 4096-bit RSA keys has been in GnuPG for some time, but Koch contends that real security will require 16Kb keys; that makes keys, fingerprints, and signatures all unusably long, particularly for embedded devices and hardware security modules (HSMs)
asciilifeform: meanwhile, in world of koch, https://lwn.net/SubscriberLink/735840/11066f48be7a5f92 << >> http://wotpaste.cascadianhacker.com/pastes/c1NUm/?raw=true
asciilifeform: asciilifeform's 'hacked off koch' has been sitting right there on www since 2015.
mircea_popescu: i wouldn't mind the dood who hacked off rsa from koch pgp and made a server that just passed encrypted comms. that's it.
asciilifeform: if you want 'compromise' rsa, use koch's.
asciilifeform: a 2sec modexp is already a wholly fine replacement for koch's gpg, say.
asciilifeform: i proposed primorial strictly as an initial winnowing to replace the idiot trial divisions koch et al used.
asciilifeform: you will notice that koch's rng atrocity ain't in there.
asciilifeform: ^ asciilifeform's very painstaking 'trbfication' of koch
mircea_popescu: the only item ready to go in is in fact koch's, and so he gets imported.
mircea_popescu: red hat OPTED to be shitheads. like koch usually does.
asciilifeform: koch is neither here nor there, was not part of the measurements, nor is possible to compare because it does not actually do the same job
mircea_popescu: asciilifeform so to try and extract actual reality from this : a ^ b mod m takes 0.26 seconds in koch writing ; same a^b mod m takes 51.3 on your box, notwithstanding a ^ b without any modding takes 1s ?
asciilifeform: this is called slidingwindow and it's what koch does.
asciilifeform: htm is to actual hypertext as koch is to rsa.
a111: 108 results for "koch", http://btcbase.org/log-search?q=koch
asciilifeform: !#s koch
mircea_popescu remembers the day mycobacterium was called "koch's baccilus"
a111: Logged on 2016-08-23 13:08 mircea_popescu: Framedragger the problem here is moreover default trust. so you wake up one day and you see... "gnupg". nomina nuda. you look around, theres' "werner koch" idem, nomina nuda. you look, there's "tor" with "shari" and "isis". names, hollow as can be. but the natural tendency of the brain, to see movement in a succession of stills and meaning in noise and structure in names convinces you these are THINGS.
a111: Logged on 2017-07-22 22:40 mircea_popescu: http://btcbase.org/log/2017-07-22#1689243 << depends what you mean by "rsa encrypted message". a) current rsa "encryption" as implemented by koch-gpg et al consists of encrypting a symmetric key. trivial to test this against a number of rsa keys. b) conceivably item will include a courtesy key fp to help you know.
mircea_popescu: http://btcbase.org/log/2017-07-22#1689243 << depends what you mean by "rsa encrypted message". a) current rsa "encryption" as implemented by koch-gpg et al consists of encrypting a symmetric key. trivial to test this against a number of rsa keys. b) conceivably item will include a courtesy key fp to help you know.☝︎
mircea_popescu: (incidentally -- sheldon adelson, who is remarkably not ever mentioned by the sort of people who keep going "koch brothers!!!", but otherwise chiefly famous for a) helping trump get 25mn to win the election and b) being involved in a very typically http://btcbase.org/log/2017-02-27#1619009 shakedown and then buying newspaper to attack presiding judge and also making the "charge" go away.☝︎
mircea_popescu: our cook's thermometer clearly indicates that the fault in koch's gpg is located in the upper left cpu quadrant.
asciilifeform: iirc the d00d who found the koch whitening lulzgem used a proggy that worked quite like 'barium enema'
mircea_popescu: ie, koch bignum dun actulaly work.
a111: Logged on 2017-06-13 15:17 mircea_popescu: and this model ENTIRELY explains all of the "luminaries". werner koch worked the feeder-chumper cycle. stallman worked the feeder-chumper cycle. curtis yarvin worked the etcetera.
mircea_popescu is sick of "famous people" like of crab apples. let them sit in some other latrine with their "oh i lost my pgp key 20 years ago" zimmerman and their "i dedicate my life to raising impudent street urchins as if they were white people" bernstein and their "oh hi, rng ?" koch and their "o btw, i lied about that laptop" rms everything else.
asciilifeform: mp-en-managua: spoiler: it's a python skin on (yes, via shell, per packet..!) koch gpg
mircea_popescu: koch's styill can, i'm, sure.
asciilifeform: mircea_popescu: the koch episode was actually illustrative of the futility of 'just fix /dev/random'. it'd have done ~zero~ against the koch rng poisoning thing.
mircea_popescu: seeing how the alternative is koch-hashes.
mircea_popescu: and this model ENTIRELY explains all of the "luminaries". werner koch worked the feeder-chumper cycle. stallman worked the feeder-chumper cycle. curtis yarvin worked the etcetera.
sina notes to search the logs for koch tomorrow