log☇︎
271 entries in 0.764s
asciilifeform: i suspect that koch was blindly following the schoolbook here.
asciilifeform: the nonsensical padding scheme used by rfc2440/4880/koch is on display , incidentally
asciilifeform: naturally koch methodically omitted it
asciilifeform: i mean ffs, koch dun even leave a knob to get ~key~ entropy trngistically.
mircea_popescu: dja understand motherfucking koch fixed one of the witnesses in mr ?
asciilifeform: there is such a thing as maliciously-ugly c. i.e. what koch et al write.
asciilifeform: which is monstrously retarded, but koch did not ask me, lol
asciilifeform: for what do we need an n-th koch
mircea_popescu: which yes, kock wouldn't be koch if he didn't live to try and befoul the tools of salvation through association with his turpitudes.
asciilifeform: koch wouldn't be koch if he did not write it like-so.
asciilifeform: ( it was perhaps 80% of how asciilifeform cut koch-mpi , by similar proportion )
asciilifeform: but it isn't clear to me why weaker koch test would have different answer than stronger m-r
mircea_popescu: was it ever checked whether it would appear prime to koch-gpg ?
asciilifeform: http://btcbase.org/log/2017-12-14#1751803 << at one time i linked to 'diff' src here, when hunting for ordering nonuniformity that turned out to be a uniturdism . it made koch's war crime, look clean. ☝︎
asciilifeform: i can even see the logic, 'why would i give half a shit what rngolade to feed to my koch whitenertron'
asciilifeform: and 'uses the components of elgamal' and 'leaks like a sieve if we use koch's routines, via side channel' required additional pedanticism somehow ?
asciilifeform: mircea_popescu: the linked item earlier is from when asciilifeform dug out and studied koch's proposed sidechannel countermeasure. proclaimed it nonsensical and useless, and bit the bullet, 'must bignum from scratch.'
diana_coman: mircea_popescu, we can do it yes; I guess the question is where to start i.e. no point in starting from koch that I can see; starting from asciilifeform 's sane-mpi would be one; adds and deletes stuff
asciilifeform: thing could shrink further, i left koch's buffering system , used by the logger ( also remained ), intact
mircea_popescu: anyway. my conclusion is ima do the eu-crypto as a new genesis, because really most of the koch crap in mpi (esp the prng crap) got dirtched
asciilifeform: so it is still entirely a koch product
asciilifeform: ( she is using my sanitized gpg bignum. but i did not preserve koch's faux-rng atrocity ; so anything pertaining to entropy, is new )
asciilifeform: you lose 1. but in koch's variant you lose 2 .
asciilifeform: aha, koch does
asciilifeform: mod6: noshit koch doesn't do this
mod6: <+mircea_popescu> in other news : it was established in teh minigame torture rooms that in point of fact 4096 bit keys contain only 4090 bits of entropy at the very most (minus whatever koch-gpg manages to shave off in other ways). << uugh. every time we peel a layer back...
mircea_popescu: the reason is that (in a translation of what koch-gpg does into sanity) you take 2045 bits of rng for each possible prime, stick 11 in front and 1 in the tail and THAT is your 2048 bit prime candidate.
mircea_popescu: in other news : it was established in teh minigame torture rooms that in point of fact 4096 bit keys contain only 4090 bits of entropy at the very most (minus whatever koch-gpg manages to shave off in other ways).
diana_coman: existing koch-rsa, simply once with co-prime e, the other time with prime e
asciilifeform: ang-st: asshole in C << koch, drepper, et al. but they're old and they ain't making more, for some reason.
mircea_popescu: http://btcbase.org/log/2017-11-08#1734650 << this is very much a koch-gpg problem in the vein of "lobbes warning people not to rely on the "control dials" as provided by koch-gpg, for being unreliable" and probably the most important example thereof. ☝︎
asciilifeform: ( unsurprising koch mechanics )
mircea_popescu: well, at first it was about lobbes warning people not to rely on the "control dials" as provided by koch-gpg, for being unreliable ; then you wanted to talk about fps and then at some point and without warning anyone apparently pivoted to talking about pubkeys and signatures.
mircea_popescu: yes, koch fps are ineptly chosen names. yes there's value in having a biunivocal name-item relation by default.
asciilifeform: observe the mendacious idiocy of koch's signature code, where if sha1 hash collision is found , can forge sigs ~regardless of what sig algo hashing was set to~
mircea_popescu: koch-gpg is an unreliable apparatus in the vein of random-shooting pistols etc.
mircea_popescu: notrly, no. koch-gpg iotself though.
asciilifeform: ( exercise #2 : show how many bits of input entropy are on avg. discarded by koch generator. )
asciilifeform: ( the koch method, of taking R and adding 2 to it until m-r says yes, trivially leaks )
asciilifeform: apeloyee: upstack, it becomes clear that koch put in crt strictly so that gpg can shit out your private key when uncorrected memory flip
diana_coman: <asciilifeform> >> http://wotpaste.cascadianhacker.com/pastes/DrA3R/?raw=true << for n00bs : rsa-cum-crt , as seen in koch's gpg-1.4.10 <- aha, that's what I use, yes; anyways, will comb the thing again a bit later today and then get back with something concrete
asciilifeform: >> http://wotpaste.cascadianhacker.com/pastes/DrA3R/?raw=true << for n00bs : rsa-cum-crt , as seen in koch's gpg-1.4.10
asciilifeform: mircea_popescu: koch
asciilifeform: ( same derps as hosted the koch talk linked earlier, loox like )
asciilifeform: and naturally no koch speech is complete without a 'the web of trust, he feels, is inherently broken. It is only explicable to geeks, and not to all of them, it publishes a global social graph, because signatures on keys imply physical meetings on known dates, and it doesn't scale.'
asciilifeform: 'So instead he's moving toward ECC ciphers, which are well-researched — more so than RSA, according to Koch. '
asciilifeform: 'Koch then moved into Elliptic Curve Cryptography (ECC), which he discussed at some length. RSA, he said, is not likely to stay secure for much longer without really large keys. Support for 4096-bit RSA keys has been in GnuPG for some time, but Koch contends that real security will require 16Kb keys; that makes keys, fingerprints, and signatures all unusably long, particularly for embedded devices and hardware security modules (HSMs)
asciilifeform: meanwhile, in world of koch, https://lwn.net/SubscriberLink/735840/11066f48be7a5f92 << >> http://wotpaste.cascadianhacker.com/pastes/c1NUm/?raw=true
asciilifeform: asciilifeform's 'hacked off koch' has been sitting right there on www since 2015.
mircea_popescu: i wouldn't mind the dood who hacked off rsa from koch pgp and made a server that just passed encrypted comms. that's it.
asciilifeform: if you want 'compromise' rsa, use koch's.
asciilifeform: a 2sec modexp is already a wholly fine replacement for koch's gpg, say.
asciilifeform: i proposed primorial strictly as an initial winnowing to replace the idiot trial divisions koch et al used.
asciilifeform: you will notice that koch's rng atrocity ain't in there.
asciilifeform: ^ asciilifeform's very painstaking 'trbfication' of koch
mircea_popescu: the only item ready to go in is in fact koch's, and so he gets imported.
mircea_popescu: red hat OPTED to be shitheads. like koch usually does.
asciilifeform: koch is neither here nor there, was not part of the measurements, nor is possible to compare because it does not actually do the same job
mircea_popescu: asciilifeform so to try and extract actual reality from this : a ^ b mod m takes 0.26 seconds in koch writing ; same a^b mod m takes 51.3 on your box, notwithstanding a ^ b without any modding takes 1s ?
asciilifeform: this is called slidingwindow and it's what koch does.
asciilifeform: htm is to actual hypertext as koch is to rsa.
a111: 108 results for "koch", http://btcbase.org/log-search?q=koch
asciilifeform: !#s koch
mircea_popescu remembers the day mycobacterium was called "koch's baccilus"
a111: Logged on 2016-08-23 13:08 mircea_popescu: Framedragger the problem here is moreover default trust. so you wake up one day and you see... "gnupg". nomina nuda. you look around, theres' "werner koch" idem, nomina nuda. you look, there's "tor" with "shari" and "isis". names, hollow as can be. but the natural tendency of the brain, to see movement in a succession of stills and meaning in noise and structure in names convinces you these are THINGS.
a111: Logged on 2017-07-22 22:40 mircea_popescu: http://btcbase.org/log/2017-07-22#1689243 << depends what you mean by "rsa encrypted message". a) current rsa "encryption" as implemented by koch-gpg et al consists of encrypting a symmetric key. trivial to test this against a number of rsa keys. b) conceivably item will include a courtesy key fp to help you know.
mircea_popescu: http://btcbase.org/log/2017-07-22#1689243 << depends what you mean by "rsa encrypted message". a) current rsa "encryption" as implemented by koch-gpg et al consists of encrypting a symmetric key. trivial to test this against a number of rsa keys. b) conceivably item will include a courtesy key fp to help you know. ☝︎☟︎
mircea_popescu: (incidentally -- sheldon adelson, who is remarkably not ever mentioned by the sort of people who keep going "koch brothers!!!", but otherwise chiefly famous for a) helping trump get 25mn to win the election and b) being involved in a very typically http://btcbase.org/log/2017-02-27#1619009 shakedown and then buying newspaper to attack presiding judge and also making the "charge" go away. ☝︎
mircea_popescu: our cook's thermometer clearly indicates that the fault in koch's gpg is located in the upper left cpu quadrant.
asciilifeform: iirc the d00d who found the koch whitening lulzgem used a proggy that worked quite like 'barium enema'
mircea_popescu: ie, koch bignum dun actulaly work.
a111: Logged on 2017-06-13 15:17 mircea_popescu: and this model ENTIRELY explains all of the "luminaries". werner koch worked the feeder-chumper cycle. stallman worked the feeder-chumper cycle. curtis yarvin worked the etcetera.
mircea_popescu is sick of "famous people" like of crab apples. let them sit in some other latrine with their "oh i lost my pgp key 20 years ago" zimmerman and their "i dedicate my life to raising impudent street urchins as if they were white people" bernstein and their "oh hi, rng ?" koch and their "o btw, i lied about that laptop" rms everything else.
asciilifeform: mp-en-managua: spoiler: it's a python skin on (yes, via shell, per packet..!) koch gpg
mircea_popescu: koch's styill can, i'm, sure.
asciilifeform: mircea_popescu: the koch episode was actually illustrative of the futility of 'just fix /dev/random'. it'd have done ~zero~ against the koch rng poisoning thing.
mircea_popescu: seeing how the alternative is koch-hashes.
mircea_popescu: and this model ENTIRELY explains all of the "luminaries". werner koch worked the feeder-chumper cycle. stallman worked the feeder-chumper cycle. curtis yarvin worked the etcetera. ☟︎
sina notes to search the logs for koch tomorrow
mircea_popescu: gpg is slated for a rewrite, actually, since it became obvious koch's a dedicated saboteur.
asciilifeform: btw i'm still waiting to meet an explanation re how 'blinding' (e.g., koch's) supposed countermeasure to timing attack, is supposed to help.
asciilifeform: i dun recall koch calling recv() ever
mircea_popescu: koch.
mircea_popescu: BenBE yes, but here's the extra step : not only do i know koch is an evil shithead who dedicates his time doing evil. i also say it.
BenBE: I asked W.Koch about the PRNG about 2 years prior to the break last year. And even then it had been know for years before that, that the PRNG is phishy but nobody cared to actually step forward and rip it open.
mircea_popescu: it is deliberately constructed to weaken rsa ; take the recent http://btcbase.org/log-search?q=%22sha%22+gpg "sha fails, koch-gpg fingerprints are meaningless", which had been foretold here for... years.
mircea_popescu: BenBE trouble is we're moving away from the inept koch standard.
asciilifeform: http://btcbase.org/log/2017-04-07#1640108 << i wonder if we hit some hidden koch limit ☝︎
mircea_popescu: koch is not some coder, he's a sad fuck who lies about where he gets the code.
jhvh1: mircea_popescu: Heckler & Koch VP70 - Wikipedia: <https://en.wikipedia.org/wiki/Heckler_%2526_Koch_VP70>; Hk VP70 The gun that changed it all - YouTube: <https://www.youtube.com/watch%3Fv%3D0Wq5_3rkqd8>; Heckler & Koch's Historic VP70 - Tactical Life: <http://www.tactical-life.com/firearms/heckler-koch-historic-vp70/>
mircea_popescu: the above being the ENTIRETY of "usg cyberwarfare capacity" by the way. that it got idiots (schneier, koch, weimer etc), to write software that sets p as password everywhere independent of user input and then ten million imbecile lusers to use that "because it's what everyone does" where everyone is so defined to exclude everyone sane.
mircea_popescu: the only hostis humani generis are the anonymous usg tools. the gavin-koch-weimer-boeck-younameit.
mircea_popescu: no i know. the point being - insanity contradicts expectation. i'm not importing koch.
asciilifeform looks forward to the demolition of koch-pgp.
ben_vulpes: not that STEM even is salvageable from the imperial ruins, riddled with nsa stoolies like koch, overfitters like mann and the entirety of 'social sciences'
asciilifeform: http://openpgp.org/software <<< aaaah apparently not only koch liquishit but 'here pick from this long list of shitwares, ALL GREAT!111'
asciilifeform: mircea_popescu: it needs tmsr-rsa (i ain't releasing anything with aes or koch's idiocy)
asciilifeform: certainly nobody's hardwarizing koch's bucked of'liquishit.
mircea_popescu: im sure koch got >1k and IM FUCKING SURE microsoft is worse than any "anti-gay-marriage racists" out there.
a111: Logged on 2016-12-11 21:50 mircea_popescu: and then koch wants to go around pretending like he's one of us.