500+ entries in 0.026s

mircea_popescu: idea is to use tmsr-rsa anyway

a111: Logged on 2017-12-12 16:11 asciilifeform: meanwhile, https://archive.is/uL4b5 << usg burns yet another of $infinity ssl decrypt methods, to push 'Disable RSA encryption!'

asciilifeform: ( not, naturally, because it matters worth a shit what pseudocipher plebe uses in sslolade. but to fudspray on rsa per se. )

asciilifeform: meanwhile, https://archive.is/uL4b5 << usg burns yet another of $infinity ssl decrypt methods, to push 'Disable RSA encryption!'☟

mircea_popescu: well, you might consider making yourself a rsa key and registering with deedbot

a111: Logged on 2016-04-30 01:34 deedbot: [Recent Phuctorings.] Phuctored: 9 divides RSA Moduli belonging to 'randomnoize (Tor relay operator) <randomnoize@riseup.net>; randomnoize (Tor relay operator) <randomnoize2009@googlemail.com>; ' - http://phuctor.nosuchlabs.com/gpgkey/9319605DD9BFB5972272003BC0D6D2E999783C7256A75BF1BE08178A359F9542

a111: Logged on 2016-12-27 22:14 mircea_popescu: course since the nsa consulting work for minigame is going to produce ada rsa, it might be an idea to have an ~ada~ tmsr crypto lib.

mircea_popescu: yes ; but can you appreciate how ffa is a lot more apt for tmsr-rsa than for a simm cipher ?

mircea_popescu: the deeper problem here is that the evolution of warfare has rendered a symmetric cipher useless. for the launch codes or how you call it we're mostly in consensus to use pure rsa, if memory serves, and for the prattle of eg game server, serpent will do.

mircea_popescu: in general i expect it is made for ~any purpose. be it rsa, c-s, or yes, tetris.

a111: Logged on 2017-08-09 21:53 asciilifeform: at any rate it is just as easily implemented on pmachine as rsa.

a111: Logged on 2016-08-26 16:34 asciilifeform: http://btcbase.org/log/2016-08-26#1529877 << timing can be 'ceilinged' and it solves problem. but i am still chewing on the problem of enemy being able to determine who is speaking to whom by deriving the public keys. (this is trivial with rsa, and i've been working on answering the q of whether is is also true for c-s)

asciilifeform: mircea_popescu: cs is numbertheoretical cipher, just as rsa, requires sane bignum.

a111: Logged on 2017-12-02 22:30 asciilifeform: fwiw asciilifeform will submit ffa.rsa to be judged in mircea_popescu's symm cipher contest, supposing the latter is still running

asciilifeform: fwiw asciilifeform will submit ffa.rsa to be judged in mircea_popescu's symm cipher contest, supposing the latter is still running☟

a111: Logged on 2016-12-27 22:14 mircea_popescu: course since the nsa consulting work for minigame is going to produce ada rsa, it might be an idea to have an ~ada~ tmsr crypto lib.

mats: no mention of rsa

mquander: mircea_popescu: i understand asymmetric encryption and RSA

mircea_popescu: rsa key is a basic tool of computer literacy anyway. like ability to write down own name basic standard of traditional literacy.

mircea_popescu: got a rsa key ?

mircea_popescu: receiver listens to frequencies for specific quanta of transmission : "this is station X transmitting count Y", rsa-signed. IF the signature verifies, and IF the y was not before seen (and if x on unit's access list etc) THEN the item is placed into quueue, to be sorted by signal strength. otherwise, dropped as noise.

asciilifeform: i'll recount an episode recently reported by asciilifeform's pet, on reconnaissance into a heathen pit . two d00dz argued re 'post-rsa crypto'. and one drew forth from his sleeve an erudite wankery, n-th generation stolen from thel0gz! : 'why not cipher using playing field of cellular automaton, say, game of life, initial state as key...'

a111: Logged on 2017-11-27 18:17 asciilifeform: moral -- measure seven times, cut once, etc. ( asciilifeform for instance is stuck with a 2048b rsa, at least until we finally throw gpg )

asciilifeform: moral -- measure seven times, cut once, etc. ( asciilifeform for instance is stuck with a 2048b rsa, at least until we finally throw gpg )☟

asciilifeform: ben_vulpes: nobody's rsa padding is worth two shits

ben_vulpes: also ironclad rsa padding is notquiteright, trinque i believe knows a bit more

asciilifeform: diana_coman: aside from von neumann, and the crc encyclopaedia of well-known algos, i cannot in good conscience recommend much reading. there are works devoted to specific known attacks on rsa ( song y. yang, plus a few ru items ) ; at least 1 dead tree on differential cryptoanalysis ( how items like des get trivially demolished ) whose author presently escapes me; and that's just about it

asciilifeform: ( aside from when creating his original rsa priv )

mircea_popescu: diana_coman thereby all game packets will be multiples of 128 bits, and in principle a client can live off the first original rsa op its entire life if it so wishes.

mircea_popescu: anyway, so what's the work mode here, every now and again server sends client a rsa-encrypted packet containing 16 aes keys ; client enciphers its comms to the server with one selected from a set of 8 selected from those 16 ; and deciphers server's with one selected from set of 8 other than previous set. now and again burns a key.

mircea_popescu: anyway, whatever, diana_coman : the correct implementation approach to patch the 256 bit serpent into 4096 bit rsa is to cut every rsa block into 16 fragments, cipher each independently with diff keys, then paste the 16 keys together make 4096 bit of key.

mircea_popescu: dja see why i'd muchly prefer a native tmsr.rsa length symmetric cypher rather than this nonsense ?

mircea_popescu: right so : usg remora. nothing any http://trilema.com/2015/more-factored-rsa-keys-and-assorted-other-considerations/#selection-413.0-419.38 / http://trilema.com/2016/psa-hanno-bock-still-a-deceitful-shitbag/ "publishes" may be credited to them.

asciilifeform: ahahaha the zoological reservation where e.g. 512bit rsa lives

asciilifeform: ( all implementations of rsa in common use, are unsuitable for real time programs, on account of leaking private key via timing side channel )

a111: Logged on 2017-11-16 13:57 mircea_popescu: aaand in other lulz, https://blog.josefsson.org/2016/11/03/why-i-dont-use-2048-or-4096-rsa-key-sizes/

asciilifeform: http://btcbase.org/log/2017-11-16#1739454 << pretty deep lol , 'I chose a RSA key size of 3925 for my blog' and d00d dun seem to realize that it's exactly a 4096b modulus wit 171 leading zeros ...☝︎

a111: Logged on 2017-11-16 11:30 apeloyee: http://btcbase.org/log/2017-11-15#1739383 << you can just use 4096*4096 multiplies. It's lulzy to see how you rant about "proper" rsa and demand full-size exponents, but somehow restricting range of p and q is OK.

mircea_popescu: aaand in other lulz, https://blog.josefsson.org/2016/11/03/why-i-dont-use-2048-or-4096-rsa-key-sizes/☟

a111: Logged on 2017-11-16 11:30 apeloyee: http://btcbase.org/log/2017-11-15#1739383 << you can just use 4096*4096 multiplies. It's lulzy to see how you rant about "proper" rsa and demand full-size exponents, but somehow restricting range of p and q is OK.

mircea_popescu: yes, in about 6% of cases the N will come out as 111..., in which case you know that both p and q are actually 1111 1111 led, ie you'll have 2 bits of each. and in 0.001% of cases N will led by FF and have the next bit set, so you'll know both p and q have the first octet set. if you have an extension attack allowing you to parlay 8 leading bits into the prime exposure, you can thereby crack rsa in 0.001% of cases.

a111: Logged on 2017-08-14 17:21 mircea_popescu: tmsr rsa standard key is 515 bits, made out of a 257 and a 258 bit long prime.

mircea_popescu: http://btcbase.org/log/2017-11-16#1739432 << factors differing by only a few bits in length aren't particularily unsafe, which is why the original alt-rsa spec involved them (see eg http://btcbase.org/log/2017-08-14#1697613 and the eventual end of that discussion.)☝︎☝︎

apeloyee: http://btcbase.org/log/2017-11-15#1739383 << you can just use 4096*4096 multiplies. It's lulzy to see how you rant about "proper" rsa and demand full-size exponents, but somehow restricting range of p and q is OK.☝︎☟☟

a111: Logged on 2017-11-15 23:43 asciilifeform: and the difficulty of breaking rsa via known methods is proportional to the size of the smallest prime. you oughta know that.

asciilifeform: and the difficulty of breaking rsa via known methods is proportional to the size of the smallest prime. you oughta know that.☟

asciilifeform: because it's 4096b rsa.

asciilifeform: in a 4096b rsa run, p and q are 2048b primes

mircea_popescu: once you decide rsa is based on mult, you decide to take the mult leak.

mircea_popescu: apeloyee there is no such thing in tmsr rsa.

asciilifeform: apeloyee: with 4096b rsa troo

apeloyee: with rsa

asciilifeform: not if i have '9000' entry points to my gossip net, each of which rejects malformed rsa packets in O(1) at line speed

asciilifeform: depressing reading. 'suddenly dud rsa keys, hip!'

asciilifeform: if rsa is strong

a111: Logged on 2017-11-14 14:33 asciilifeform: observe, you cannot say anything re p,q from he middle bits of pq (or rsa would be useless)

mircea_popescu: afaik "shadow brokers" didn't release this principal rsa exploitation tool of "teh equation group", but : imagine you have a machine a) working on your own special-purpose made prng ; and b) generating rsa keys all the time and on call.

asciilifeform: observe, you cannot say anything re p,q from he middle bits of pq (or rsa would be useless)☟

apeloyee: assuming M is a modulus of a useful RSA key, this will work

a111: Logged on 2017-10-06 23:13 mircea_popescu: basically the scheme is, you rsa a random bitfield, then you expand that into as much otp as you want by doing recursively Fi = hash(bitfield + Fi-1). there's a limit on i, obviously, which can be set to 1.

asciilifeform: iirc you were gonna use mircea_popescu's algo ( use rsa to send otp pages, then later use'em )

asciilifeform: re the rsa key entropy, it is possible to trivially regain the lost bottom bits' worth of entropy -- you save the discarded bits and use them later as triggers for 'take nextprime(p) instead of p' and 'take nextprime(q) instead of q' . there may be other possible algos

mircea_popescu: anyway, back to rsa discussion : there's about 6.5e612 primes in the interval 2^2045-1, 0 (by teh prime number theorem). every key needs a pair of these, and no number can EVER be repeated (if it is -- phuctor breaks both keys).

mircea_popescu: it's important to have a rsa key as it's the standard of identity these days.

mircea_popescu: there's a lot to be yet said on the mystical value of rsa. take a "prime" - purely mystical concept, it literally means "was not seen before, virginal." "repetitions can not FOR THAT REASON ever be prime" and so on.

diana_coman: the rsa is same as last time

diana_coman: existing koch-rsa, simply once with co-prime e, the other time with prime e

diana_coman: in other news: data collection on rsa with random co-prime e and then with random prime e almost ready; at first glance on co-prime encryption:decryption times are as expected approx 4:1 (crt); with prime e the ratio is more like 2:1

mircea_popescu: i don't consider rsa was used until we started using it.

ang-st: how long beetween the seminal RSA paper and it's widespread use ?

asciilifeform: for completeness, let's also note the rsa op :

mircea_popescu: what's this "genuine e". rsa is based on p,q,N not on e's.

asciilifeform finds that the l0gz do not currently contain a full description of rsa

a111: Logged on 2017-04-09 14:45 mircea_popescu: asciilifeform incidentally, the more i think about it the more i'm convinced the ONLY "fingerprint" for rsa key may be... the modulus. 4096 bits and fuck you, if you can't take 32 chars you don't belong here.

a111: Logged on 2017-04-09 14:45 mircea_popescu: asciilifeform incidentally, the more i think about it the more i'm convinced the ONLY "fingerprint" for rsa key may be... the modulus. 4096 bits and fuck you, if you can't take 32 chars you don't belong here.

asciilifeform: and i've proposed it here -- relays passing rsa-signed packets on.

apeloyee: an' if you keep sparking next to detector across the street, you will Have Problems. because have to transmit enough to rsa.

asciilifeform: q is whether is is possible to turn this param into the equiv of rsa key.

asciilifeform: for 4096b rsa, use 4096b randomprime e; 2048b randomprime p, q.

mircea_popescu: asciilifeform http://trilema.com/2017/tmsr-rsa-spec-extremely-early-draft/#comment-123474 so there.

a111: Logged on 2017-10-17 05:59 jurov: "The flaw resides in the Infineon-developed RSA Library version v1.02.013, specifically within an algorithm it implements for RSA primes generation. "

mircea_popescu: !~later tell apeloyee http://trilema.com/2017/tmsr-rsa-spec-extremely-early-draft/#comment-123449 let's get teh guy involved as well.

asciilifeform: elsewhere, http://trilema.com/2017/tmsr-rsa-spec-extremely-early-draft/#comment-123446

mircea_popescu: tell you what : criminal lawyer either uses rsa or isn't.

asciilifeform: can deal with it same as with everything else, by lubycode-cum-rsa (i.e. distiller of signal from noise , followed by authenticator )

asciilifeform: though i suppose if someone wants to write pcode for a crtistic rsa, i cannot stop him

asciilifeform: diana_coman: the folx with custom rsa-bruting silicon , i expect are pissing themselves as we speak

diana_coman: <mircea_popescu> asciilifeform no, i know. from the pov of rsa-being-attacked, it's probably better to have non-standard exponent than "everyone uses 65537" <- this

mircea_popescu: asciilifeform no, i know. from the pov of rsa-being-attacked, it's probably better to have non-standard exponent than "everyone uses 65537"

asciilifeform: diana_coman: aite. you will notice that public_rsa mallocs if it finds that the output buffer is same as input

diana_coman: mod6, I couldn't find some that are directly comparable aka only the rsa ops as such

diana_coman: from the post: Durations are given as CPU time in seconds, as reported by the clock() function (time.h) and calculated as ( (double) (end – start) ) / CLOCKS_PER_SEC where end is the value returned by clock() right before starting the RSA operation and end() is the value returned by clock() right after returning from the RSA operation

asciilifeform: whereas declared as void public_rsa(MPI output, MPI input, RSA_public_key *pkey ) and void secret_rsa(MPI output, MPI input, RSA_secret_key *skey )

asciilifeform: because i see a public_rsa(out1, msg, &pkey) but then a secret_rsa( out2, out1, skey )

diana_coman: well yes, basically at rsa stage all I had to change was at generating keys aka source of random bits; the rest was just identifying the relevant parts and nothing more

asciilifeform: ( i dun see any invocations of secret_rsa in there )

diana_coman: asciilifeform, this is the ugly rsa.c used fwiw http://wotpaste.cascadianhacker.com/pastes/W42GS/?raw=true

diana_coman: <asciilifeform> >> http://wotpaste.cascadianhacker.com/pastes/DrA3R/?raw=true << for n00bs : rsa-cum-crt , as seen in koch's gpg-1.4.10 <- aha, that's what I use, yes; anyways, will comb the thing again a bit later today and then get back with something concrete