log
500+ entries in 0.024s
BingoBoingo: A lol in the spew: "deedbot> http://phuctor.nosuchlabs.com/gpgkey/23B2173C2FF1A9C43007D526720EA2B9EC1CB4AC21503429ACFBA1DA022517B3 << Recent Phuctorings. - Phuctored: 3 divides RSA Moduli belonging to 'James Bottomley <jejb@kernel.org>; James Bottomley <JBottomley@Odin.com>; James Bottomley <JBottomley@Parallels.com>; James Bottomley <James.Bottomley@HansenPartnership.com>; '"
asciilifeform: http://btcbase.org/log/2018-08-10#1840631 << btw i dun have'em all unpacked yet, but estimate the net weight to be somewhere b/w 300 and 500 mil. rsa mods☝︎
asciilifeform: ( recall, this was the orig thrust behind constant-time rsa )
diana_coman: BingoBoingo, thanks! confirmed back on + 1 fg available; unfortunately the simple test from smg_rsa (./tests 11 11 ) still hangs
a111: Logged on 2018-07-31 15:49 diana_coman: asciilifeform, yes, get eucrypt and run the tests for smg_rsa, something like ./tests 11 11 (i.e. 11 times test no 11)
asciilifeform: http://btcbase.org/patches/eucrypt_manifest/tree/eucrypt/smg_rsa/truerandom.c#L65 << incidentally this is erroneous. a correctly-inited FG will never produce interrupt ( the tty ~must not~ interpret 0x03 as control char, it must return all octets verbatim )
asciilifeform: http://btcbase.org/patches/eucrypt_manifest/tree/eucrypt/smg_rsa/truerandom.c#L84 << seems like you re-init the usb dongle every time you read. this is not recommended, i've encountered a chinese ttl plug that wedges if you init it one too many times
diana_coman: asciilifeform, smg_rsa/truerandom.c does the whole stuff really
diana_coman: asciilifeform, yes, get eucrypt and run the tests for smg_rsa, something like ./tests 11 11 (i.e. 11 times test no 11)
asciilifeform: ( deadly simple algo : listen for packet at all times, if received one where nonce incremented and rsa sig is valid, that's now the new packet, and now it, instead of prev, gets pulsed ( http://btcbase.org/log/2018-07-05#1831796 ) out )☝︎
asciilifeform: might be interesting to collect whole set of microshit rsa certs into phuctor.
a111: Logged on 2018-07-07 13:47 spyked: asciilifeform, phathub file contains RSA e and N only. but that's a good point, should also post the other ones under some raw form.
spyked: http://btcbase.org/log/2018-07-07#1832552 <-- updated with non-rsa keys: http://thetarpit.org/posts/y04/076-shithub-2018-06.html#selection-220.0-220.4☝︎
mircea_popescu: it's the direct equivalent of a key, actually. if you regard a rsa key as "a succession of 2048 binary questions" to which one gives exactly correct answers ; then ~choices you make~ are ultimately the basis of identity.
asciilifeform: mircea_popescu: the 6.9 -> 4.6 was in re rsa strictly, unless i misread
spyked: asciilifeform, phathub file contains RSA e and N only. but that's a good point, should also post the other ones under some raw form.
asciilifeform: 'As per the figures above, there were only about 4.6 million RSA keys in existence on GitHub on the 1st of July 2018, as opposed to the approximately 6.9 million found by JuroV' << i suspect that the culprit is the massed usg thrust towards 'use ecdsa nao!'
asciilifeform: spyked: does the csv consist strictly of the rsa keys, or all of'em ? ( asciilifeform currently cannot use non-rsa keys for anyffing )
a111: Logged on 2018-06-26 20:27 mircea_popescu: come to think of it, why am i even having "a wallet", as opposed to say a rsa'd privkey list.
asciilifeform: there's no rsa in trb
asciilifeform: well, trad bitcoin dun rsa
mircea_popescu: come to think of it, why am i even having "a wallet", as opposed to say a rsa'd privkey list.
asciilifeform: (2) is the ro (sorta misnomer, it is upgradeable) rsa checker routine, it is very loosely based on the ancient published one seen in https://github.com/coreboot/chrome-ec/blob/b9f5a3d6baae84950f5ff0c4f7c588e55944818a/chip/g/loader/launch.c , but with a few twists
asciilifeform: and it does seem to get called in the case when neither half of rom passes rsa sig...
asciilifeform: ( spoiler : seems to clumsily look for string 'escue' and some, yet to be determined, magical attribute of a candidate rsa sig )
lobbesbot: phf: Sent 2 hours and 54 minutes ago: <asciilifeform> other interesting observations: 1) loader is not the same as what appears in the src, in either 3.3 or 3.4 fw bin; not only key differs, but eggog strings, and possibly the rsa per se. 2) seems like : nowhere else in the fw is there any other routine which checksums/rsaverifies the cr50 fw , or references the rsa keyz at all other than to print keyid .
a111: Logged on 2018-06-22 18:17 asciilifeform: static const uint32_t LOADERKEY_A[RSA_NUM_WORDS + 1] = { ...blah... } where #define RSA_NUM_WORDS 96 ...
asciilifeform: !Q later tell phf other interesting observations: 1) loader is not the same as what appears in the src, in either 3.3 or 3.4 fw bin; not only key differs, but eggog strings, and possibly the rsa per se. 2) seems like : nowhere else in the fw is there any other routine which checksums/rsaverifies the cr50 fw , or references the rsa keyz at all other than to print keyid .
a111: Logged on 2018-06-22 18:03 asciilifeform: in other lulz, nobody noticed this puzzler, so i'ma put it in the l0gz : https://archive.li/i7BRf << cr50 magic rsa keys; the montgomery multiplier etc uses hardcoded constant, 96 word ( i.e. 3072 bit ) for the mults, but the keyblobs are 97 , for some strange reason, in size...
mircea_popescu: it's supposed to be in enemy hands, as part and parcel of what rsa asym cipher is.
asciilifeform: static const uint32_t LOADERKEY_A[RSA_NUM_WORDS + 1] = { ...blah... } where #define RSA_NUM_WORDS 96 ...
asciilifeform: ^ the 3072 bits that actually get rsa'd on
asciilifeform: in other lulz, nobody noticed this puzzler, so i'ma put it in the l0gz : https://archive.li/i7BRf << cr50 magic rsa keys; the montgomery multiplier etc uses hardcoded constant, 96 word ( i.e. 3072 bit ) for the mults, but the keyblobs are 97 , for some strange reason, in size...
a111: Logged on 2017-10-17 05:59 jurov: "The flaw resides in the Infineon-developed RSA Library version v1.02.013, specifically within an algorithm it implements for RSA primes generation. "
asciilifeform: (i.e. it is not in fact necessary to glitch the rsa check, but would entirely suffice to glitch the unlock command conditional jump)
a111: Logged on 2018-06-11 15:46 asciilifeform: one interesting observation, is that the update mechanism lets you flash in arbitrary crapola into 'rw' section ( it simply won't jump to it if it doesn't pass rsa(sha256(payload)) ) . so theoretically could put a nop sled there, ending with jump into the magic half of unlock routine. and then expose the thing to beta/gamma, and perhaps in a few months it will Do The Right Thing
a111: Logged on 2018-06-11 15:46 asciilifeform: one interesting observation, is that the update mechanism lets you flash in arbitrary crapola into 'rw' section ( it simply won't jump to it if it doesn't pass rsa(sha256(payload)) ) . so theoretically could put a nop sled there, ending with jump into the magic half of unlock routine. and then expose the thing to beta/gamma, and perhaps in a few months it will Do The Right Thing
asciilifeform: cnomad: dpa won't do a lick of good, the boobytrap is a rsa pub sig check, no secrets involved
mircea_popescu: alright. see the topic / read the logs / register a rsa key etc.
asciilifeform: rsa, ecc still 'in software'
mircea_popescu: http://btcbase.org/log/2018-06-11#1823103 << even worse if they have usg's rsa keys in them.☝︎
asciilifeform: there is not even a proof that the difficulty of rsa is equivalent to that of factoring.
asciilifeform: we were discussing 'hardware which you trust to do rsa exponentiation' , neh
asciilifeform: hl`: how much do you like google's tpm, which opens in 3 seconds to 'evil maid' with the magic rsa key ?
asciilifeform: i've established that cr50 ~will~ accept fw update if ver is incremented and rsa signature is valid. so anybody with google's rsa key and 10 seconds of physical access can insert new fw into cr50.
a111: Logged on 2018-06-11 15:46 asciilifeform: one interesting observation, is that the update mechanism lets you flash in arbitrary crapola into 'rw' section ( it simply won't jump to it if it doesn't pass rsa(sha256(payload)) ) . so theoretically could put a nop sled there, ending with jump into the magic half of unlock routine. and then expose the thing to beta/gamma, and perhaps in a few months it will Do The Right Thing
asciilifeform: one interesting observation, is that the update mechanism lets you flash in arbitrary crapola into 'rw' section ( it simply won't jump to it if it doesn't pass rsa(sha256(payload)) ) . so theoretically could put a nop sled there, ending with jump into the magic half of unlock routine. and then expose the thing to beta/gamma, and perhaps in a few months it will Do The Right Thing
mircea_popescu: listen, why not get yourself a rsa key, a proper irc set-up, choose a name that's not retarded and start a blog, publish the respective bits...
asciilifeform: ( what can be flashed in : it gotta pass the rsa sig ; plus it gotta match the board id ; plus the version must be above the previous )
mircea_popescu: anyway ; basically old lizzards hold exact same pov as tmsr, keeping rsa keys and letting the bumbling kiddies play about with the ecc.
asciilifeform: more interestingly, https://chromium.googlesource.com/chromiumos/platform/ec/+/master/chip/g/loader/verify.c << there ~is~ an rsa key embedded, apparently one variant for fw update
asciilifeform: https://chromium.googlesource.com/chromiumos/third_party/tpm2/+/master << for aficionados. the crypto, such as they are, routines in the cr50 thing. ( even seems to include a kind of orc rsa )
mircea_popescu: after all the "rsa is broken because we've been misimplementing it for 20 years under our governmentalpg brand hurr" stories, it'd be quite pleasant.
asciilifeform: https://github.com/coreboot/chrome-ec/blob/master/board/cr50/tpm2/rsa.c#L651 << magic pubkeyz in the rom
lobbes: conceivably, the 'pre-prepared !!v string' method also has the advantage that when tmsr transitions its infrastructure to be using tmsr-rsa, you won't need to recode your botworks
mircea_popescu: just preserve the principle, "rsa signed kernels"
a111: Logged on 2018-05-25 22:44 mircea_popescu: http://btcbase.org/log/2018-05-25#1818735 << is is settled that rsa checks are waste of time / undesirable ? having a sane process doing kernel check may not be terrible, neh ?
a111: Logged on 2018-05-25 15:47 phf: so an intermediate step that someone else could perform is to take your rockchip gentoo, generate new rsa pair, sign the kernel with pub, patch google's uboot with priv and get a clean booting rockchip gentoo setup, without accidentally bricking the device? (while still retaining known amount of google in the system)
a111: Logged on 2018-05-25 15:44 phf: and i guess you're trying to replace google's uboot with a built-from-src one, that doesn't also have rsa checks etc.
mircea_popescu: http://btcbase.org/log/2018-05-25#1818735 << is is settled that rsa checks are waste of time / undesirable ? having a sane process doing kernel check may not be terrible, neh ?☝︎
asciilifeform: i'ma make a long thread , shorter, and summarize, it makes considerably moar sense to have smaller, cheaper, unattended 1-10W checks-rsa-and-relays boxen, then massive 'pirate' mast.
phf: so an intermediate step that someone else could perform is to take your rockchip gentoo, generate new rsa pair, sign the kernel with pub, patch google's uboot with priv and get a clean booting rockchip gentoo setup, without accidentally bricking the device? (while still retaining known amount of google in the system)
phf: and i guess you're trying to replace google's uboot with a built-from-src one, that doesn't also have rsa checks etc.
asciilifeform: phf: i did find the (quite gnarly) method to replace the built-in rsa keys with mine, and how to sign arbitrary kernels. what i did not do , is to build a proper non-googlistic uboot for it, and flash it in in place of old ( 'sapper errs once' , there doesn't seem to be any spi rom contacts brought out on the mainboard for a 2nd try if fails )
mimisbrunnr: Logged on 2018-05-23 00:20 douchebag: -----BEGIN RSA PUBLIC KEY-----
douchebag: ssh-keyscan -t rsa github.com | sed "s/^[^ ]* //" > github.pub
douchebag: -----END RSA PUBLIC KEY-----
douchebag: -----BEGIN RSA PUBLIC KEY-----
douchebag: -----END RSA PUBLIC KEY-----
douchebag: -----BEGIN RSA PUBLIC KEY-----
douchebag: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnGPcqozjoIC989MI+KKzeWIhGupgUQlbhHp0rXlAmvRHUIJHFqmcIPA9wW6Q46mOg7EdS27H/9qgREFbZOqf8CAcVMUWyJ4AhFCTcmt0uv0ETVWwqT1/puJ92/qK6ycpzR0xWeUTsQwXEemMQsR8f4fA9OiH8rIAXV2zesQbg4sijeadcK3a3FEwyowU1WsqYqOxpK2HDl7vAiOu5RXI2Ed6Bmmt/z+9S4SdNBdrGwK1VT886HERQOlaIWy0dh1u8O9g8zmhUiNwhOw7HsmvmuFp39tKQw1hnAXd6JrU4qrklOgV2lFQLcLMSRKHWRj1nuHiJ/QNK2Mud3WwWnD5R
asciilifeform: the 'they hire somebody to make proper rsa card', it's a 'fried ice' hypothetical, tho. because the cc 'fraud' is a required element of maintaining the konsoomer 'purchasing' circulation the system needs in order to live.
asciilifeform: ( asciilifeform's orig. argument, summarized : if bank cards used actual nonleaking rsa, and signed individual transactions under direct physical control of user -- there would be no 'carding'. qed. )
asciilifeform normally thinks of 'bitness' in re rsa, rather than 'byteness'
asciilifeform: mircea_popescu: could, but then also would lose the lulz where sad-rsa victims see their name in google outputs
mircea_popescu: asciilifeform, why else all the pretense, you know. bitpay exists to "please stop using bitcoin", keybase exists to "please stop using rsa", the WHOLE point of the usg ersatzen is exactly this, to get the sort of retard who can't tell the difference between item and usg.fake to stop using item.
mircea_popescu: diginet, btw, you got a rsa key ?
mircea_popescu: afaik the idea is to go to our own rsa eventuyally anyway
a111: Logged on 2018-05-11 15:42 mircea_popescu: "the RSA supercollider and numerical observatory" << ahahaha i like this. a numerical observatory.
a111: Logged on 2016-08-16 21:03 mircea_popescu: it's not "the sks server" that is retarded. is the concept of machine-spread rsa key that's retarded ; much in the way of "machine-generated trust", be it embodied in "dao" or "colored coins" or "safe bitbet"
a111: Logged on 2016-08-16 21:03 mircea_popescu: it's not "the sks server" that is retarded. is the concept of machine-spread rsa key that's retarded ; much in the way of "machine-generated trust", be it embodied in "dao" or "colored coins" or "safe bitbet"
asciilifeform: also the term 'self signature' as used in kochiana/rfc2440/4880 world , is misleading : if all that were signed were a modulus, one could trivially produce 'self sig' for any modulus/exponent that satisfy the rsa equation, incl. ones generated on the spot. 'self sig' in gpg world is simply attempt to tie commentstrings to keys.
mircea_popescu: my only concern here is whether this actually invalidates the e, N, comment republican format, as a rsa key format.
a111: Logged on 2018-05-11 13:46 asciilifeform: nao ! at some point i'ma rewrite it. again. and build it around 'naked' rsa moduli, and with variant types of indices, etc. but i have nfi when i will get a chance to do this.
mircea_popescu: "the RSA supercollider and numerical observatory" << ahahaha i like this. a numerical observatory.
asciilifeform: nao ! at some point i'ma rewrite it. again. and build it around 'naked' rsa moduli, and with variant types of indices, etc. but i have nfi when i will get a chance to do this.
a111: Logged on 2016-10-04 19:27 mircea_popescu: there is of course jurov's http://explo.yt/post/2016/05/20/Parsing-OpenSSH-RSA-keys-in-Python
a111: Logged on 2016-06-17 19:08 jurov: whoever wants my tool for converting rsa moduli to phuctor, send him to http://explo.yt/post/2016/05/20/Parsing-OpenSSH-RSA-keys-in-Python
asciilifeform: and ditto if you have a rsa key, and a set of captured outputs of www....pizarro/$fp/ , you can match'em up
mircea_popescu: anyway, honestly nfi what's so magical about gpg in your mind. they're just as rsa keys as the ssh set ; and just as debian, and etcetera.
mircea_popescu: http://trilema.com/2015/more-factored-rsa-keys-and-assorted-other-considerations/#selection-301.0-341.111 etc
asciilifeform: rright but e.g. 'divisible by 5' is not under category of 'valid rsa mod' no matter how one cuts it
asciilifeform is still waiting for that magical day, when a valid-rsa-key-generated-by-a-human-on-a-pc pops
mircea_popescu: asciilifeform, they were rsa keys off github iirc ?
asciilifeform: and ~every 'tpm'-generated rsa modulus to date
a111: Logged on 2017-10-17 05:59 jurov: "The flaw resides in the Infineon-developed RSA Library version v1.02.013, specifically within an algorithm it implements for RSA primes generation. "
fromdeedbot: hey guys so I did register my RSA key to deedbot as "fromdeedbot" but i got it working. I'm learning a lot of things are new to me right now so please xcuse me ahead of time if i do something in bad from, it's not on purpose
fromdeedbot: i have an rsa key now
ben_vulpes: rsa *and* bitcoin-safe coloware
asciilifeform: tho the principal use imho of phuctor is to the owners of newly-generated rsa keys, to search for self.