1500+ entries in 0.161s
diana_coman: chugging along, collecting some data on the mpi-sane-based
rsa stuff
mod6: i did this recently when looking at the
rsa thing that happened back in like august of '15
erlehmann: i think the infineon
RSA super happy fun time triggered it
jurov: "The flaw resides in the Infineon-developed
RSA Library version v1.02.013, specifically within an algorithm it implements for
RSA primes generation. "
☟︎☟︎☟︎ a111: Logged on 2017-10-11 16:41 asciilifeform: i dun buy the 'no one has proven
rsa to be hard so it dun matter how to implement it, let's use wet noodles and dried shit' argument.
mircea_popescu: and this isn't a joke : the "distinction" between
rsa and ecc, whereby "ecc is faster" or "has longer effective key" is bs. ECC is exactly
RSA in polar coordinates, if either fails mathematically both do.
a111: Logged on 2017-10-06 23:13 mircea_popescu: basically the scheme is, you
rsa a random bitfield, then you expand that into as much otp as you want by doing recursively Fi = hash(bitfield + Fi-1). there's a limit on i, obviously, which can be set to 1.
mircea_popescu: i wouldn't mind the dood who hacked off
rsa from koch pgp and made a server that just passed encrypted comms. that's it.
apeloyee: hey, before quadratic sieve was invented, they used to say that breaking 512-bit
rsa will take eleventy zillion years and it's therefore Totally Secure (tm)
mircea_popescu: basically the scheme is, you
rsa a random bitfield, then you expand that into as much otp as you want by doing recursively Fi = hash(bitfield + Fi-1). there's a limit on i, obviously, which can be set to 1.
☟︎☟︎ diana_coman: mircea_popescu,
rsa like...everything else you mean,right?
mircea_popescu: and yes,
rsa properly examined did turn out to be a lot more work, and a lot more stacked shit papered over in the imperial usage, than originally thought.
a111: Logged on 2016-12-27 22:14 mircea_popescu: course since the nsa consulting work for minigame is going to produce ada
rsa, it might be an idea to have an ~ada~ tmsr crypto lib.
mircea_popescu: in any case the problem is that i'll have to design some kind of extender, can't do pure
rsa throughout because of the sheer load. there's multiple messages/sec
diana_coman: asciilifeform, I'm currently looking at eulora
rsa and I'm a bit foggy (I know and followed the bits posted in the logs but it's a long trail): what is available/ready to use atm?
a111: Logged on 2017-03-02 20:53 asciilifeform: the 'let's use anything, ANYTHING but
rsa' thing really grates on me.
mircea_popescu: it'll be sad indeed once phuctor goes away, currently serves as gazette of record of
rsa pubkeys.
a111: Logged on 2017-07-10 19:33 asciilifeform: sooo a 4096b
rsa key takes about a dozen modexp's, on avg, on gpg 1.4.10
mircea_popescu: yes, but as long as you do
rsa, a ^ b mod m = either a ^ b or else, a ^ b - m. that's the complete story, there are no other cases. there's specifically no k * m parameter to be explored there.
mircea_popescu: peterl that's EXACTLY what i mean though. all that shit should logically read "whose size is bit-1
rsa modulus". but they don't.
PeterL: With
RSA-OAEP, one can encrypt messages whose bit-length is up to just a few hundred bits less than the number of bits in the
RSA modulus, yielding a ciphertext whose size is the same as that of the
RSA modulus. << It sounds like he is using a smaller amount of random bits than we are?
mircea_popescu: (tl;dr : here's proof oaep is insecure ; original "proofs" wrong ;
rsa-oaep is not insecure by accident, due to
rsa properteis ; here's oaep+ fixed by me to actually work)
mircea_popescu: so then if joe claims the "Streamlined"
rsa fits in his head, what do you do ?
mircea_popescu: i dunno how many people you will have to shoot to keep them from taking your general-purpose p-based
rsa and writing a narrower, "works for
rsa only" faster program.
mircea_popescu: the sadness here is that indeed tmsr-
rsa is turning into separate item from p itself.
a111: Logged on 2017-08-10 19:45 asciilifeform: forn00bz: an, e.g.,
rsa modexp, in ffa, must be representable by a long roll of paper, on it are ops for ordinary 4function calculator, with very patient slave. and roll ONLY ROLLS FORWARD and has finite # of instructions on it, known in advance when you decide the ffa width.
a111: Logged on 2017-08-10 19:45 asciilifeform: forn00bz: an, e.g.,
rsa modexp, in ffa, must be representable by a long roll of paper, on it are ops for ordinary 4function calculator, with very patient slave. and roll ONLY ROLLS FORWARD and has finite # of instructions on it, known in advance when you decide the ffa width.