1700+ entries in 0.16s
mircea_popescu: entropy poor machine is definitionally not supposed to
rsa mircea_popescu: why shouldn't whatever spare cycles his brain has be used to improve tmsr-
rsa ?
mircea_popescu: 4096 is the smallest power of two which produces a
rsa key that is, factually, incomputable.
mircea_popescu: and in no case "
rsa would be worth using with longer keys"
mircea_popescu: the point remains : if what you are saying it's not practical to change keys (ie, that the per-op value add of key is less than the per-op value lost to suspected leak) THEN therefore what you are saying is "
rsa is not worth using"
mircea_popescu: which is why we're putting all this crazy effort into proper
rsa, ffa etc.
mircea_popescu: and so the proposition here is that WHILE
rsa encryption does not leak bits, nevertheless
rsa signing does ?
mircea_popescu: in exchange you get two things : you get 2x the size of message blocks (an advantage that is actually a disadvantage as now you're using 1kb udp packets which is i expect margionalkly worse than 2 512s) ; and you get a harder
rsa (an advantage which is no sort of advantage, the 4096
rsa is already harder than the extant universe)
a111: Logged on 2017-08-16 16:03 mod6: my question is then; with regards to the tmsr-
rsa rough-sketch spec, do we then entertain the idea of other key-lengths, no just 4096 as currently outlined?
shinohai: But latest trilema states: " 2048 keys are too short. 8192 keys are too long. Keys of a length that's not a power of two are no good.
RSA keys are 4096 bits and that's the end of the story."
mod6: my question is then; with regards to the tmsr-
rsa rough-sketch spec, do we then entertain the idea of other key-lengths, no just 4096 as currently outlined?
☟︎ a111: Logged on 2017-04-09 14:45 mircea_popescu: asciilifeform incidentally, the more i think about it the more i'm convinced the ONLY "fingerprint" for
rsa key may be... the modulus. 4096 bits and fuck you, if you can't take 32 chars you don't belong here.
mircea_popescu: anyway, ima try and pen a pre-rfc on tmsr-
rsa, unless anyone has objections ?
mircea_popescu: asciilifeform there's nothing wrong with HAVING it. and people can use it. BUT for
rsa we should use the even one.
a111: Logged on 2017-08-14 17:50 mircea_popescu: but this important point has important consequences, because now we can't have my eccentric
rsa keys. must be 4096, because the only alternatives ffa permits are 2048 which is too short and 8912 which is too long.
mircea_popescu: but this important point has important consequences, because now we can't have my eccentric
rsa keys. must be 4096, because the only alternatives ffa permits are 2048 which is too short and 8912 which is too long.
☟︎ mircea_popescu: tmsr
rsa standard key is 515 bits, made out of a 257 and a 258 bit long prime.
☟︎ mircea_popescu: a yes. a mb or so's worth is good to have. afaik all
rsa impls have some small primes. heck, peterl's gossiptron had a list.
mircea_popescu: asciilifeform it would seem an 8ball usable for 4kb
rsa key verification would be exceedinglty large.
mircea_popescu: trinque there's no way to prove owner of secret S did not share secret S with someone else. that's why "key sharing" dun work for
rsa/bitcoin/etc.
mike_c: yeah, I want to dig up some logs on the
rsa stuff.
mircea_popescu: and now the idea is... since this could ALSO be used as a padder (in the
rsa sense), a reverser is needed (takes r and s and spits out m)
mircea_popescu: and trinque was about to release a payments thing for deedbot by ... end of july yo! and then there's the ffa growing towards a proper tmsr-
rsa, and of course the gossipd sandbox, and a coupla yet sikrit items and so on