500+ entries in 0.04s

mircea_popescu: ave1 i will say the "test harness for rsa/etc" is a very solid usecase for file-fed fg-emu.

ave1: diana_coman, I'm reading through the eucrypt / RSA code and see that the 'get_random_prime' function will open and close the random number generator itself. I would like to open the entropy source once and reuse it, but maybe there is good reason to do it like this and I should not attempt to do it differently?

diana_coman: fwiw the footprint of eucrypt with default runtime is 215K (separate components: mpi 109K; bit_keccak 17K; keccak 42K; rsa 19K; serpent 20K - 31K (depending on level of optimisation chosen)

deedbot: http://www.dianacoman.com/2018/03/01/eucrypt-chapter-12-wrapper-c-ada-for-rsa-oaep/ << Ossasepia - EuCrypt Chapter 12: Wrapper C-Ada for RSA + OAEP

diana_coman: phf, hm, I *did* use those; the trouble is that in principle the rsa stuff is *not* null terminated as such and I couldn't get them to work properly in such case (or is it not even possible, regardless of passing the length?)

jurov: ben_vulpes: gpg: encrypted with RSA key, ID 4C4FCE69 gpg: decryption failed: secret key not available

asciilifeform: http://btcbase.org/log/2018-02-23#1785703 << some discoveries re the idiocy of the enemy are so astonishingly, riotously vexing of the very imagination, that they are difficult to believe. like the time that an ex-nsa-grunt stuck sharing an oar with asciilifeform on a slavegalley, insisted that usg until late obummer reign did not have a canonical Official implementation of rsa, and that when such was finally ratified , it was from a☝︎

mircea_popescu: in other news : as work on eucrypt is winding down -- the whole item is just about complete, needs serpent and we've decided to add an oaep-rsa wrapper (mostly as a pretext to do some ada-c interop testing), so roughly speaking by end of month it should actually be done -- we're moving on to shaping up the eulora client-server comms model. this will mostly be a design discussion, will take place in #eulora, prolly take up som

a111: Logged on 2018-02-14 15:09 mircea_popescu: http://btcbase.org/log/2018-02-13#1783585 << continuing on this discussion (not so as to improperly call asciilifeform 's usual dithery blather such ; but for the record, that a discussion was at least ~attempted~) : s.mg boardroom eventually decided yesterday to employ a format for the pre-padded rsa messages. it will consist of [F][random bits][message].

a111: Logged on 2018-02-13 22:06 diana_coman: in other issues: rfc on oaep for tmsr, see http://trilema.com/2017/tmsr-rsa-spec-extremely-early-draft/#comment-124596

mircea_popescu: http://btcbase.org/log/2018-02-13#1783585 << continuing on this discussion (not so as to improperly call asciilifeform 's usual dithery blather such ; but for the record, that a discussion was at least ~attempted~) : s.mg boardroom eventually decided yesterday to employ a format for the pre-padded rsa messages. it will consist of [F][random bits][message].☝︎☟

diana_coman: in other issues: rfc on oaep for tmsr, see http://trilema.com/2017/tmsr-rsa-spec-extremely-early-draft/#comment-124596☟

ben_vulpes: hey, pete_dushenski how didja plug the fg into the koch-rsa keygenerator?

ben_vulpes: pete_dushenski: you don't want a 4096 bit key; i can't find the relevant logs at the moment but koch-rsa does bad shit when generating keys > 2048 bits

asciilifeform: b41e209ccc264812: as you can see, current deedbot eats. but non-rsa keys will be phased out at some point.

asciilifeform: consider, i have a http://btcbase.org/log/2018-01-06#1766133 , and that's a (slow but working) rsa. really everyone using multi-MB-of-c-liquishit for whatever application, should be scratching his head and thinking about life☝︎

asciilifeform: now to revisit upstack, once i describe peh-rsa , and demonstrate signing etc, it will be possible to make straightforward mechanical puzzle for whoever wants to play.

asciilifeform: mircea_popescu: this is one of those items that really wants the rsa fpga

asciilifeform: and more generally, if one could park an rsa-speaking machine , of extraordinary physical resilience, somewhere nobody could reasonably get to, but can still maintain radio contact

asciilifeform: aite, mircea_popescu gets a 1bit bus and 4096b rsa op takes 25 years.

ben_vulpes: he is also in my koch-rsa l1, what of it?

mircea_popescu: a rsa-cum-fg-terminal COULD be built. in preference of "proper micro in each man's home"

caaddr: something from the same book: gpg2 does not allow export of the two RSA primes, p and q, from a password protected key. it does not think that you *own your own primes*. the primes upon which your reputation rests

caaddr: I didn't know there was any python involved in phuctor. I see that http://trilema.com/2015/on-how-the-factored-4096-rsa-keys-story-was-handled-and-what-it-means-to-you/#comment-114249 mentions migration from python to GMP

asciilifeform: it's a fucking rsa modulus

mircea_popescu: for instance -- leaky machine will make your rsa impl leak

mircea_popescu: paternity is purely conventional in this strong sense. among us, we may think r,s & a invented rsa. among some gray beards somewhere else, they may well know better.

mircea_popescu: the ~type~ of problem that cropped up with the xor assignment (whereby -- careful at context X might shoot self in foot) is ~exactly~ and with no remainder the type of problem we are fighting, whereby "oh, this ssl totally works for rsa, except... when it does not"

mircea_popescu: rsa in js seems hairy however you slice it.

mircea_popescu: look into diana_coman 's work re all the "Safe and good enough (tm) rsa"

mircea_popescu: o wait, no key. dja got a rsa key ?

mircea_popescu: entirely true that if one builds a hash which can be provenly as strong as rsa, then thathash powered oaep would be the natural padding for rsa

asciilifeform: ( hashes, observe, have lived and died, rsa -- even paint never chipped. )

asciilifeform: whereas one ~could~ build one where rsa per se must fall, for it to fall.

asciilifeform: theoretically could make one that only stands on 1, rsa.

asciilifeform: an oaep (or similar scheme) ciphertron rests on 2 elephants : strength of rsa, and strength of the (voodoo) hash.

asciilifeform: and incidentally, all you want for padding is a n-bit-to-n-bit hash; and if rsa itself is strong, than simple modexp ( or , if you like, two, 1 the normal way, and then 1 of the output bits, reversed ) is a satisfactory hash for paddings.

apeloyee: 'what is minimal circuit for rsa' << probably ripple-carry adder + a few registers

asciilifeform: apeloyee: i've thought about 'what is minimal circuit for rsa'. i.e. ideally would eat x,y,m , of b bitness, and shit forth x^y mod m after ~b^3 clock cycles.

asciilifeform: apeloyee: they could in principle try intel-style fascism with built-in rsa sig verifier or the like. but afaik the only vendor to date to attempt any such thing, was xilinx, and it wasn't even in earnest

mircea_popescu: suppose "employee" wants to steal "secrets" from nsa hq. a) encrypt to rsa key ; b) put in tmsr tumblr bot ; c) carry vacation pics back and forth. problem ?

mircea_popescu: so basically, the summary would be, that fellow took symmetric cyphering, sawed it open, used half of the parts for an ad-hoc rsa padding scheme, and implemented the whole kaboodle in python./

mircea_popescu: . (Note that this is a direct encryption of plaintext material with the help of RSA and not an encryption of a key for e.g. AES with RSA and afterwards an encryption of the plaintext with AES). Based on this function are the functions rsaencryptplaintexttoct() and rsaencryptbytearraytoct(), which process a user-given plaintext string and byte sequence respectively." << this distinction seems rathger without a difference.

mircea_popescu: "# encrypttoct(): Encrypts a sequence of blocks of constant size of mb bits, on the one side applying the for RSA known method of transformation on the individual blocks, on the other side using certain commonly in symmetric block encryption employed methods, namely plaintext-and-ciphertext- block-chaining (with a pseudo-random IV). A sequence of blocks that stems from the plaintext of the user can thus be encrypted with RSA

mircea_popescu: you got a rsa key knoobie ?

asciilifeform: obv. this sort of misery will not be used in ffatronic rsa.

mircea_popescu: lol he patched rsa. ehehehe

mircea_popescu: "Let’s verify the RSA seal of ffa_ch6_simplest_rsa.vpatch, the Chapter 6 code itself, using itself". epic.

asciilifeform: closedform rsa, folx!111

deedbot: http://www.loper-os.org/?p=2105 << Loper OS - Finite Field Arithmetic. Chapter 6: Geological RSA.

asciilifeform: ( you want a unique e.g. rsa privmod, but without having to show it to anybody ... )

gabriel_laddel: the order I was anticipating was: M release for tmsr (free, obo), then NNFG, then RSA. lobbes has done/ is doing archiver

asciilifeform: gabriel_laddel: also if you have an rsa, post it plox

gabriel_laddel: never pdf to text, but yes, archiver, NN via FG, RSA impl in CL, yes linux distro

mircea_popescu: it'll be funny 5mn years from now, when we're all sitting around with whatever pools & eggnogs of the future and rsa still stands, undaunted, in preference of ~everything else.

a111: Logged on 2018-01-04 20:10 asciilifeform: ( likbez : all you need for the mythical holy grail, 'fast iron rsa', is a very large-bitnessed adder-cum-barrelshifter and a few storage registers that can be programmatically shuffled between. )

asciilifeform: ( likbez : all you need for the mythical holy grail, 'fast iron rsa', is a very large-bitnessed adder-cum-barrelshifter and a few storage registers that can be programmatically shuffled between. )☟

revnja: i have an RSA key registered, querying it with !!up doesn't provide me a challenge, deedbot just tells me I cannot !!up myself.

revnja: i'm a guy that registered an rsa key with deedbot but for the life of me cannot get it to provide a challenge for voice

asciilifeform: consider the approach in ffa. only critical bottlenecks, that soak up 90+% of cycles and create an impractically-slow rsa op , get massaged ~to the extent necessary~ , and without compromising type safety

asciilifeform: trinque: orig stimulus for ffa was gossipd's rsa-in-realtime req.

mircea_popescu: ie, if http://btcbase.org/log/2017-12-18#1753823 takes one week to compute, a full rsa sized item would take about a year.☝︎

mircea_popescu: there's ~no reason to have legacy DSA sigs in tmsr-rsa ; similarilyt why would i support sha2 in v ?

a111: Logged on 2017-12-23 15:56 mircea_popescu: (if memory serves the original split, design choice made late 1990s, was due to either suspicion or reality that either sign or decrypt possibly leaked bits ; the idea of separate keys is not even bad, necessarily, but this does NOT say anything positive about a clunky, ad hoc, untransparent and machine-automagical key hierarchy system. so basically, people probably will have at least two keys in tmsr-rsa, except they won't b

mircea_popescu: (if memory serves the original split, design choice made late 1990s, was due to either suspicion or reality that either sign or decrypt possibly leaked bits ; the idea of separate keys is not even bad, necessarily, but this does NOT say anything positive about a clunky, ad hoc, untransparent and machine-automagical key hierarchy system. so basically, people probably will have at least two keys in tmsr-rsa, except they won't b☟

mircea_popescu: so in re http://btcbase.org/log/2017-12-23#1757315 which is on the face very sane, we are in fact in the situation of an undesirably very complex policy already. yet another examplke of what tmsr-rsa is intended to fix.☝︎

asciilifeform: mircea_popescu: this goes all the way to the fact that we dun actually ~understand~ rsa ( in that there is no proof that you ~must~ factor to break ; or what the complexityclass of factoring is )

asciilifeform: asciilifeform's cut of mpi did not include primegen or rsa.c

a111: Logged on 2017-12-19 17:24 diana_coman: and in more recent lol-with-gpg: the primegen function in gpg allocates secure memory for candidate prime when generating for rsa BUT then it goes on and calls is_prime on that "n" and is_prime calculates and stores n-1 in ...insecure memory

diana_coman: and in more recent lol-with-gpg: the primegen function in gpg allocates secure memory for candidate prime when generating for rsa BUT then it goes on and calls is_prime on that "n" and is_prime calculates and stores n-1 in ...insecure memory☟

mircea_popescu: idea is to use tmsr-rsa anyway

a111: Logged on 2017-12-12 16:11 asciilifeform: meanwhile, https://archive.is/uL4b5 << usg burns yet another of $infinity ssl decrypt methods, to push 'Disable RSA encryption!'

asciilifeform: ( not, naturally, because it matters worth a shit what pseudocipher plebe uses in sslolade. but to fudspray on rsa per se. )

asciilifeform: meanwhile, https://archive.is/uL4b5 << usg burns yet another of $infinity ssl decrypt methods, to push 'Disable RSA encryption!'☟

mircea_popescu: well, you might consider making yourself a rsa key and registering with deedbot

a111: Logged on 2016-04-30 01:34 deedbot: [Recent Phuctorings.] Phuctored: 9 divides RSA Moduli belonging to 'randomnoize (Tor relay operator) <randomnoize@riseup.net>; randomnoize (Tor relay operator) <randomnoize2009@googlemail.com>; ' - http://phuctor.nosuchlabs.com/gpgkey/9319605DD9BFB5972272003BC0D6D2E999783C7256A75BF1BE08178A359F9542

a111: Logged on 2016-12-27 22:14 mircea_popescu: course since the nsa consulting work for minigame is going to produce ada rsa, it might be an idea to have an ~ada~ tmsr crypto lib.

mircea_popescu: yes ; but can you appreciate how ffa is a lot more apt for tmsr-rsa than for a simm cipher ?

mircea_popescu: the deeper problem here is that the evolution of warfare has rendered a symmetric cipher useless. for the launch codes or how you call it we're mostly in consensus to use pure rsa, if memory serves, and for the prattle of eg game server, serpent will do.

mircea_popescu: in general i expect it is made for ~any purpose. be it rsa, c-s, or yes, tetris.

a111: Logged on 2017-08-09 21:53 asciilifeform: at any rate it is just as easily implemented on pmachine as rsa.

a111: Logged on 2016-08-26 16:34 asciilifeform: http://btcbase.org/log/2016-08-26#1529877 << timing can be 'ceilinged' and it solves problem. but i am still chewing on the problem of enemy being able to determine who is speaking to whom by deriving the public keys. (this is trivial with rsa, and i've been working on answering the q of whether is is also true for c-s)

asciilifeform: mircea_popescu: cs is numbertheoretical cipher, just as rsa, requires sane bignum.

a111: Logged on 2017-12-02 22:30 asciilifeform: fwiw asciilifeform will submit ffa.rsa to be judged in mircea_popescu's symm cipher contest, supposing the latter is still running

asciilifeform: fwiw asciilifeform will submit ffa.rsa to be judged in mircea_popescu's symm cipher contest, supposing the latter is still running☟

a111: Logged on 2016-12-27 22:14 mircea_popescu: course since the nsa consulting work for minigame is going to produce ada rsa, it might be an idea to have an ~ada~ tmsr crypto lib.

mats: no mention of rsa

mquander: mircea_popescu: i understand asymmetric encryption and RSA

mircea_popescu: rsa key is a basic tool of computer literacy anyway. like ability to write down own name basic standard of traditional literacy.

mircea_popescu: got a rsa key ?

mircea_popescu: receiver listens to frequencies for specific quanta of transmission : "this is station X transmitting count Y", rsa-signed. IF the signature verifies, and IF the y was not before seen (and if x on unit's access list etc) THEN the item is placed into quueue, to be sorted by signal strength. otherwise, dropped as noise.

asciilifeform: i'll recount an episode recently reported by asciilifeform's pet, on reconnaissance into a heathen pit . two d00dz argued re 'post-rsa crypto'. and one drew forth from his sleeve an erudite wankery, n-th generation stolen from thel0gz! : 'why not cipher using playing field of cellular automaton, say, game of life, initial state as key...'

a111: Logged on 2017-11-27 18:17 asciilifeform: moral -- measure seven times, cut once, etc. ( asciilifeform for instance is stuck with a 2048b rsa, at least until we finally throw gpg )

asciilifeform: moral -- measure seven times, cut once, etc. ( asciilifeform for instance is stuck with a 2048b rsa, at least until we finally throw gpg )☟

asciilifeform: ben_vulpes: nobody's rsa padding is worth two shits

ben_vulpes: also ironclad rsa padding is notquiteright, trinque i believe knows a bit more

asciilifeform: diana_coman: aside from von neumann, and the crc encyclopaedia of well-known algos, i cannot in good conscience recommend much reading. there are works devoted to specific known attacks on rsa ( song y. yang, plus a few ru items ) ; at least 1 dead tree on differential cryptoanalysis ( how items like des get trivially demolished ) whose author presently escapes me; and that's just about it