log
500+ entries in 0.064s
dorion: http://logs.ossasepia.com/log/trilema/2020-02-17#1958151 - hm, yeah. it did seem that I was forcing it a bit. I just now brought up the eulora comms protocol and tmsr rsa specs as first examples that came to mind to drive your point home further. I ought to have taken
diana_coman: mircea_popescu: it has indeed everything needed as far as I know and certainly rsa, keccak, oaep, the whole package.
mircea_popescu: diana_coman, afaik it actually has evreything needed, including rsa, hash function, oaep even ? just no pss implemented ?
ossabot: Logged on 2019-01-13 09:29:50 mircea_popescu: ad interim the draft is, that the client stores all the keys (rsa, serpent, whatever) one per line, the rsa ones in republican format, the rest unspecified as of yet, in a file called keys.tmsr encrypted by the rsa key of the client.
diana_coman: mircea_popescu: we have eucrypt that generates the rsa keys and serpent and all that client and server need; we however do not have (and it was supposedly in discussion/waiting/etc) a clear way to store them securely; let me dig log ref
mircea_popescu: what's the problem with the rsa bootstrap ?
diana_coman: the bootstraping rsa keys
ossabot: Logged on 2019-10-19 10:28:27 trinque: http://logs.ossasepia.com/log/trilema/2019-10-19#1946746 << there's nothing secret. asciilifeform bitches about being poor, I tell him I have a 100k or so on a prototype run of his (apparently not yet design-complete, so w/e) RSA item, this passes in silence.
ossabot: Logged on 2019-10-18 16:39:33 mp_en_viaje: if you're interested in my (allegedly clueless, as it periodically is) understanding of the matter, alf wasn't interested in baking you a rsa chip because the item is not currently feasible. it specifically requires an object not yet known to exist, the extremely long mult'er.
ossabot: Logged on 2019-10-18 16:36:28 trinque: I even told alf I had the cash to do an experimental run of the RSA chip, and he ignored, because why have friends
trinque: http://logs.ossasepia.com/log/trilema/2019-10-19#1946746 << there's nothing secret. asciilifeform bitches about being poor, I tell him I have a 100k or so on a prototype run of his (apparently not yet design-complete, so w/e) RSA item, this passes in silence.
mp_en_viaje: if you're interested in my (allegedly clueless, as it periodically is) understanding of the matter, alf wasn't interested in baking you a rsa chip because the item is not currently feasible. it specifically requires an object not yet known to exist, the extremely long mult'er.
trinque: I even told alf I had the cash to do an experimental run of the RSA chip, and he ignored, because why have friends
trinque: I think it's hard to see the market, but in the last thread about the hardware RSA device it was clear I wasn't talking about market the same way as you, and that's where the clarity ended.
mircea_popescu: http://logs.nosuchlabs.com/log/trilema/2019-09-06#1934352 << this, actually, may be the thing that eventually fixes rsa keysizes for us, when we're finally there.
asciilifeform: aaand this is counting whole interval, in which not only rsa but e.g. keccak padding calc. gotta happen.
asciilifeform: if you actually want to verify 4096bit rsa packets at line rate, tho, yer stuck baking silicon.
asciilifeform: http://logs.nosuchlabs.com/log/trilema/2019-08-24#1930840 << this is interesting enuff to merit own answer. on 3Ghz opteron, and with bvt's asm , could perhaps get even 28 kbaud ! of rsa..
asciilifeform: BingoBoingo: and perhaps also , the 'Account management is done through RSA process' oughta point to mp's 'social engineering' article
asciilifeform: well also in http://trilema.com/2015/on-how-the-factored-4096-rsa-keys-story-was-handled-and-what-it-means-to-you/
diana_coman: I still need to run tests and timings re "fast" but as a principle, it's not the first requirement (rsa is not for speed anyway)
asciilifeform: diana_coman: depending on meaning of 'peh iron', could be quite inexpensive ( e.g. to plant it on commonplace battery-powered item, e.g. pic32mz, is entirely possib. ). but possibly this is not what diana_coman was thinking of, but instead the full orchestra where e.g. 4096b multiplier for fast rsa ?
mircea_popescu: -ChanServ- [#trilema] To speak in #trilema you must be voiced. If you have a RSA key registered with deedbot, send !!up to it in a private message, decrypt the challenge string and return it with !!v ; else politely ask one of the voiced people to voice you. << meanwhile became total bs.
mircea_popescu: soooo.... lobbes knows how to do this rsa thing huh
asciilifeform: ftr asciilifeform is sewing a constant-time keccak so that peh can rsa in battlefield. is someone gonna do this in my place, so i can write www log ?? ☝︎
asciilifeform: ( why would ~not~ want ? conceivably, cuz rsa is expensive. at least until we have e.g. that 8192bit mips iron, or similar )
asciilifeform: iirc we had at least 1 thread re fact that pc is ~monstrously~ inefficient in re rsa, and even very simple custom ic, on batteries would massively win over 'bleeding edge' x86 ☝︎
asciilifeform: mp_en_viaje: ftr asciilifeform is of same position on 'where to rsa' as in 2013 -- ideally get it the hell off the pc.
mp_en_viaje: then again, rsa on unix... holy shit.
asciilifeform: mp_en_viaje: why transmit the key over the (potentially loud) serial ? rsa in the box.
a111: Logged on 2019-07-29 13:48 asciilifeform: http://btcbase.org/log/2019-07-29#1925432 << needs keccak to actually rsa 'in anger', picked this up nao that asciilifeform returned from awol (where wrote 4l ln of ultimately failed asm experiment 'm') . but also thought about this point prior, will elaborate : ☟︎
a111: Logged on 2019-07-29 11:16 mp_en_viaje: re "drop shitty gpg" : the one remaining issue is key bootstrapping. to use peh instead of gpg one can't just keep plaintext rsa privkeys ; but peh has no built-in symmcipher either, so wut do.
asciilifeform: http://btcbase.org/log/2019-07-29#1925432 << needs keccak to actually rsa 'in anger', picked this up nao that asciilifeform returned from awol (where wrote 4l ln of ultimately failed asm experiment 'm') . but also thought about this point prior, will elaborate : ☝︎☟︎
mp_en_viaje: re "drop shitty gpg" : the one remaining issue is key bootstrapping. to use peh instead of gpg one can't just keep plaintext rsa privkeys ; but peh has no built-in symmcipher either, so wut do. ☟︎
mp_en_viaje: aparently, 2048 rsa
ave1: 4096-bit RSA key, ID 14D30364, created 2017-05-18 "ave--"
asciilifeform: using pure rsa.
mod6: ssh -o ServerAliveInterval=5 -o ServerAliveCountMax=3 -i ~/.ssh/key_for_remote_host_id_rsa girlattorney@A.B.C.D -D 127.0.0.1:56565
asciilifeform indeed cannot do 4096b rsa by hand in half hour, nor knows anyone who can
mircea_popescu: asciilifeform he's doing basically his own version of http://trilema.com/2015/on-how-the-factored-4096-rsa-keys-story-was-handled-and-what-it-means-to-you/ ; to exactly the same results.
asciilifeform: to add to this already tall pile o'lulz, per crapple, epoxy aint enuff , power switch (deliberately flimsy) nao includes a cr50-style rsa ic, and not replaceable w/out Official Blessing from vendor (and for good measure, epoxied into the lump)
asciilifeform: for systems like mircea_popescu's eulora rsa tho, possibly one'd want >7.5kB/s , but possibly also suffices.
asciilifeform: 1 moar hypothesis : on boxes where very slow rng (e.g. fg unavailable ) or where heavily milked fg, generating e.g. ephemeral rsa privs with high frequency, economy may be much greater, as fewer doomed m-r shots means fewer '?' invocations for their witnesses gen.
a111: Logged on 2019-05-16 19:47 mp_en_viaje: meanwhile in same old lulz : a) https://www.linkedin.com/in/nicolereneecichocki purged (ineptly, https://duckduckgo.com/?q=nicole+renee+cichocki][google] eg still lists it) ; b) spare invented http://www.truthbeautyandgoodness.net/about
mp_en_viaje: meanwhile in same old lulz : a) https://www.linkedin.com/in/nicolereneecichocki purged (ineptly, https://duckduckgo.com/?q=nicole+renee+cichocki][google] eg still lists it) ; b) spare invented http://www.truthbeautyandgoodness.net/about ☟︎
stjohn_piano_2: gpg: encrypted with RSA key, ID C8EFFF13
stjohn_piano_2: gpg: encrypted with 4096-bit RSA key, ID 625FF273, created 2019-04-15 "stjohn_piano_2"
stjohn_piano_2: gpg: encrypted with RSA key, ID C8EFFF13
stjohn_piano_2: asciilifeform: when i run your command there, I get: "gpg: encrypted with RSA key, ID C8EFFF13, gpg: decryption failed: secret key not available"
mp_en_viaje: so, /me notices referrals from something called 7ooo.ru/forums to ye olde http://trilema.com/2015/on-how-the-factored-4096-rsa-keys-story-was-handled-and-what-it-means-to-you/
a111: Logged on 2014-02-15 20:33 asciilifeform: betcha if you plucked the quasi-mythical Pill Against RSA from its Indiana Jones subterranean vault, perhaps six people alive would understand what they are looking at were it shown to them.
asciilifeform: e.g. one ~could~ have preconds on ~all~ of the ops, but then say goodbye to inlining and hello to 'geological' rsa.
asciilifeform: i.e. performs, e.g. rsa, with zero conditional-on-inputs branch instructions, anywhere.
asciilifeform: fwiw 'speed of ffa' for applications involving modexp ( rsa keygen & enc/dec ) hinges ~entirely on speed of the multiplier unit in $iron .
BingoBoingo: chonkin: I recommend registering a GPG key (preferably RSA 4096) with deedbot before you disconnect. That way you can come back and keep your voice: http://deedbot.org/help.html
mircea_popescu: act~ definition of interesting ; concrete definitions are things like "write a tape to do rsa with".)
asciilifeform: sorta how i ended up starting with starvation minimum of control flow ops, and slowly added'em in after attempts to write e.g. rsa keygen w/out'em turned out quite ugly
asciilifeform: http://btcbase.org/log/2019-03-14#1902463 << limonov had entire b00k on subj, with slightly different twist ( tldr : the 'free world' built 'disciplinary sanitarium' (his term) where ideas-dun-matter-even-if-you-somehow-come-across-one cuz they all get http://trilema.com/2015/on-how-the-factored-4096-rsa-keys-story-was-handled-and-what-it-means-to-you/ ) ☝︎
asciilifeform: constanttimeized stein's o(n^2) gcd ( http://www.loper-os.org/?p=2963 ) is not only imho fast enuff (even a magical 100fold speedup in it, would not affect speed of rsa key gen measurably , consider above ) but fits-in-head and has no error terms.
feedbot: http://qntra.net/2019/03/rsas-shamir-did-not-receive-us-visa-for-rsa-conference/ << Qntra -- RSA's Shamir Did Not Receive US Visa For "RSA Conference"
mircea_popescu: aww. is this http://trilema.com/2015/on-how-the-factored-4096-rsa-keys-story-was-handled-and-what-it-means-to-you/ all over again ?
mircea_popescu: "working" nothing, this is nude and rude "we will whitewash over republic, http://trilema.com/2015/on-how-the-factored-4096-rsa-keys-story-was-handled-and-what-it-means-to-you/ style".
asciilifeform: in that e.g. it imposes ridiculously small bus widths, gimping rsa;
asciilifeform: mircea_popescu: i would not go so far as to say 'entirely useless', 2ce the bitness gets you 2ce the rsa speed for same clock.
asciilifeform: 4MB aint enuff to e.g. trb inside. tho 1 could rsa in it.
diana_coman: hm, it's all about what the task does so I suppose it's enough to plonk in there some rsa ops
asciilifeform: http://btcbase.org/log/2019-02-04#1892238 << possibly oughta include the tidbit re arithmetical part of ffa being 100% built (can gen rsa primez nao, can do so easily after ch17, where looping is introduced) ☝︎
asciilifeform: if you want to do , e.g., 4096bit rsa, needs iron with at least 256kB of ram . and 2 serial ports, 1 on which to hang FG, other for operator i/o. that's moar or less it, in re minimal iron req'd.
asciilifeform: dist. of primes -- until rsa. and so on.
mircea_popescu: http://btcbase.org/log/2019-01-22#1889150 << there's no way to have a rsa-aware client without the corresponding server, yes ? it's a whole migration, just, i was hoping she'd only have to do the server side, was the point of http://btcbase.org/log/2019-01-05#1884608 comment. ☝︎☝︎
asciilifeform: or recall the scytale thing ( 'original rsa' )
asciilifeform: ( it's the motor that powers e.g. m-r , and also underpins the proof that rsa pub:priv pairing is unique )
asciilifeform: i'll add , for completeness of thread, that if yer ~sending~, rather than receiving, rsa packets, your bottleneck will be ~rng~ long before it could ever be the arithmetron per se
asciilifeform: helps to recall that the problem which originally prompted asciilifeform to write ffa, is a (currently hypothetical) application where rsa sigs are carried in ~individual packets~
bvt: http://bvt-trace.net/vpatches/ffa_ch4_ffacalc.kv.vpatch.bvt.sig http://bvt-trace.net/vpatches/ffa_ch5_egypt.kv.vpatch.bvt.sig http://bvt-trace.net/vpatches/ffa_ch6_simplest_rsa.kv.vpatch.bvt.sig
mircea_popescu: (the view that gpg aka koch-rsa leaks bits via signature isn't entirely dispelled even today)
a111: Logged on 2017-10-09 16:39 asciilifeform: ... it follows that a 0.85sec 4096b modexp is all you need for a reasonable 'rsa phone' item.
mircea_popescu: ad interim the draft is, that the client stores all the keys (rsa, serpent, whatever) one per line, the rsa ones in republican format, the rest unspecified as of yet, in a file called keys.tmsr encrypted by the rsa key of the client.
asciilifeform: take for example diana_coman's system , where 16 witnesses are used. ( i'd use moar, but let's go with the example. ) so if we're generating 2048b primes (for 4096b rsa mod), per ch.14b timings on asciilifeform's iron this costs ~2.9s per modexp, and thereby ~93sec per m-r procedure.
asciilifeform: let's say yer baking one of the p, q of a 4096bit rsa mod. it needs 2048bit , i.e. 256byte of FG. a standard FG at room temp shits out 7kByte/s. therefore 256 / (7 x 1024) ~= 0.0357 sec., for a fillup of candidate register.
asciilifeform: i can picture, for instance, that some folx will have a pubkey where 'well, first you gotta decrypt via these 2 rsa keys, and depending on the low 4 bits of the plaintext, the rest is via 1 of these 4 c-s' or the like.
mircea_popescu: just note that eucrypt having rsa does in no manner hurt your serpent-only-phonecrypto putative app ; just like it having serpent dun hurt a "this is my pgp implementation" usecase, and so on.
asciilifeform: i'm carrying out mircea_popescu's orig spec, where 'i want a peh key with my rsa modulus that i carved on the mountain' or how it went.
asciilifeform: ( and at any rate we gotta have trad rsa working 1st, before any such side dishes can be considered )
asciilifeform: c-s actually has 1 interesting win over good old rsa -- it dun need a hash padtron
asciilifeform: ( as for the other thing -- much of asciilifeform's oddball 'must work for all integers!' thrust, is on acct of his interest in cryptosystems other than classic rsa, e.g. c-s and variations on theme )
asciilifeform: ( why this is, is because for certain types of pubkeycrypto, you want to test adjacent nums for primality. rsa in particular. )
mircea_popescu: i thought this entire discussion was a) specifiucally as to daykin (not to stein) and b) specifically as to primegen for rsa secret key baking, (not "in general math functions).
asciilifeform: simply so happens that it is also needed for rsa primegen.
mircea_popescu: cuz im not going to have non-2048 factors in my 4086 bit rsa key, wtf.
mircea_popescu: this wasn't a rsa genprime application ?
mircea_popescu: had you instead used 32 bit rsa, you'd have had two 16 bit primes you'd have daykin'd with 2×3×4×7×11×13 aka 0x5DD8
mircea_popescu: consider the simpler case of 16 bit rsa. you thus make two 8 bit primes. you daykin each of these with 210, which happens to be the 8 bit primorial, aka 11010010.
asciilifeform: ( i suspect btw that if there were , you could nail rsa, thinkaboutit )
asciilifeform: i've been referring to mpi and gmp interchangeably as 'koch rsa', but this is unscientific, i must remind that they are diff items.
asciilifeform: tbh i'm not sure what kochtronic rsa will be good for once i have the keygenning ( it apparently dun win on speed anywhere, even tho it gets to skip 0s in modexp.. ) but this time not yet come.
mircea_popescu: asciilifeform it doesn't ; nor will it, because what truly brings serpent in is the ~space~ not the time problem. ie, because of padding, straight rsa doubles message bulk, which is a major problem for online game.
asciilifeform: ( otoh euloratron does not spend much cpu in rsa, as currently sewn )
asciilifeform: bitcoin dun use rsa at all, at least in classical variant of bitcoin
mircea_popescu: http://ossasepia.com/2018/03/01/eucrypt-chapter-12-wrapper-c-ada-for-rsa-oaep/#selection-133.1-133.132 << right, and you want to use ~constant time~ keccak