1300+ entries in 0.147s
zx2c4: all of them? some of the advantages are indisputable like key size and computation speed and implementation ease. im guessing you dont believe there's a security advantage over
RSA? you're not soothed by the fact that many attacks against
RSA dont work with ECC? okay, but that still doesn't discredit the indisputable advantages. so then maybe your position is that ECC has _weaker_ security than
RSA for various reasons? that'd be a more interesting
zx2c4: mircea_popescu: im curious -- why are you so bent on
RSA? ECC has been around for quite some time now and has numerous advantages
a111: Logged on 2018-04-12 16:12 zx2c4: things like
RSA boil down to number theory problems. but that's in a sense scarier than the set of problems that good block ciphers tend to boil down to. because it means that those primitives have lots of _structure_, and generally structure is something that can be exploited. just look at all the amazing and fantastic attacks on things with structure. so just boiling down to a [currently considered] "hard problem" doesn't provide as much solace
mircea_popescu: yes, that's how wer dop it. do you happen to be familiar with diana coman's work on the ada impl of
rsa/keccak etc >?
zx2c4: things like
RSA boil down to number theory problems. but that's in a sense scarier than the set of problems that good block ciphers tend to boil down to. because it means that those primitives have lots of _structure_, and generally structure is something that can be exploited. just look at all the amazing and fantastic attacks on things with structure. so just boiling down to a [currently considered] "hard problem" doesn't provide as much solace
☟︎ zx2c4: another advantage of DH over
RSA is that ECDH allows for really short and sweet keys
zx2c4: KEMs like
RSA are more complicated to implement in as few round trips as DH-based protocols
mircea_popescu: spooked my foot, when we looked through the smoldering pile left after that idiot ross, it came to light ~nobody was using
rsa.
ave1: diana_comon, Yes, I read the test and the code and your text (also played with the test a little). So I was a little suprised that rsa_oaep_encrypt used mpi code. I will write an alternative.
diana_coman: to answer your question directly though: 1. it certainly could - rsa_oaep_encrypt is just a wrapper so it's meant more as an example of using all the stuff together rather than a standard: I'd expect that there would be other/different wrappers, made to suit specific uses
ave1: diana_coman: could the input parameter of rsa_oaep_encrypt be a character array? it is now an MPI this will discard any leading zero's of a message an exclude binary stream/file encryption. (same goes for decrypt)
la: !!register -----BEGIN PGP PUBLIC KEY BLOCK----- Comment: User-ID: LALALA <LALALA@fakemail.com> Comment: Created: 3/28/2018 10:44 PM Comment: Type: 2048-bit
RSA (secret key available) Comment: Usage: Signing, Encryption, Certifying User-IDs Comment: Fingerprint: 741311C4CD2C31823CD5E41EE677AA7C19F99541 mQENBFq8YSkBCAC8PPWEbi10oYLKZ0x+3kvwZvlzzRyzXArdedKx5jRUgu/VACja Dq5+bGlT7zjISt1eOmAVuraQuGnwlfitigiiE92A4CNclFjw2J0SIM+BXpcFXFbF rev0f0
mimisbrunnr: Logged on 2018-03-26 01:41 mircea_popescu: incidentally, "every shop must have a website (with ssl everywhere!!!)" and "every customer must have a loyalty card" trends of useless nonsense somehow haven't converged to the most basic sanity of, "give us your
rsa pubkey, then download your data from our website whenever you want to, just go to shop.com/yourname"
mircea_popescu: incidentally, "every shop must have a website (with ssl everywhere!!!)" and "every customer must have a loyalty card" trends of useless nonsense somehow haven't converged to the most basic sanity of, "give us your
rsa pubkey, then download your data from our website whenever you want to, just go to shop.com/yourname"
mircea_popescu: asciilifeform incidentally this is exactly the general formula i'd expect of nsa sponsored holes in
rsa. p = a * x ^ b
mircea_popescu: ave1 i will say the "test harness for
rsa/etc" is a very solid usecase for file-fed fg-emu.
ave1: diana_coman, I'm reading through the eucrypt /
RSA code and see that the 'get_random_prime' function will open and close the random number generator itself. I would like to open the entropy source once and reuse it, but maybe there is good reason to do it like this and I should not attempt to do it differently?
diana_coman: fwiw the footprint of eucrypt with default runtime is 215K (separate components: mpi 109K; bit_keccak 17K; keccak 42K;
rsa 19K; serpent 20K - 31K (depending on level of optimisation chosen)
diana_coman: phf, hm, I *did* use those; the trouble is that in principle the
rsa stuff is *not* null terminated as such and I couldn't get them to work properly in such case (or is it not even possible, regardless of passing the length?)
jurov: ben_vulpes: gpg: encrypted with
RSA key, ID 4C4FCE69 gpg: decryption failed: secret key not available
mircea_popescu: in other news : as work on eucrypt is winding down -- the whole item is just about complete, needs serpent and we've decided to add an oaep-
rsa wrapper (mostly as a pretext to do some ada-c interop testing), so roughly speaking by end of month it should actually be done -- we're moving on to shaping up the eulora client-server comms model. this will mostly be a design discussion, will take place in #eulora, prolly take up som
a111: Logged on 2018-02-14 15:09 mircea_popescu:
http://btcbase.org/log/2018-02-13#1783585 << continuing on this discussion (not so as to improperly call asciilifeform 's usual dithery blather such ; but for the record, that a discussion was at least ~attempted~) : s.mg boardroom eventually decided yesterday to employ a format for the pre-padded
rsa messages. it will consist of [F][random bits][message].
mircea_popescu:
http://btcbase.org/log/2018-02-13#1783585 << continuing on this discussion (not so as to improperly call asciilifeform 's usual dithery blather such ; but for the record, that a discussion was at least ~attempted~) : s.mg boardroom eventually decided yesterday to employ a format for the pre-padded
rsa messages. it will consist of [F][random bits][message].
☝︎☟︎ ben_vulpes: hey, pete_dushenski how didja plug the fg into the koch-
rsa keygenerator?
ben_vulpes: pete_dushenski: you don't want a 4096 bit key; i can't find the relevant logs at the moment but koch-
rsa does bad shit when generating keys > 2048 bits
ben_vulpes: he is also in my koch-
rsa l1, what of it?
mircea_popescu: a
rsa-cum-fg-terminal COULD be built. in preference of "proper micro in each man's home"
caaddr: something from the same book: gpg2 does not allow export of the two
RSA primes, p and q, from a password protected key. it does not think that you *own your own primes*. the primes upon which your reputation rests
mircea_popescu: for instance -- leaky machine will make your
rsa impl leak
mircea_popescu: paternity is purely conventional in this strong sense. among us, we may think r,s & a invented
rsa. among some gray beards somewhere else, they may well know better.
mircea_popescu: the ~type~ of problem that cropped up with the xor assignment (whereby -- careful at context X might shoot self in foot) is ~exactly~ and with no remainder the type of problem we are fighting, whereby "oh, this ssl totally works for
rsa, except... when it does not"
mircea_popescu: look into diana_coman 's work re all the "Safe and good enough (tm)
rsa"
mircea_popescu: entirely true that if one builds a hash which can be provenly as strong as
rsa, then thathash powered oaep would be the natural padding for
rsa apeloyee: 'what is minimal circuit for
rsa' << probably ripple-carry adder + a few registers
mircea_popescu: suppose "employee" wants to steal "secrets" from nsa hq. a) encrypt to
rsa key ; b) put in tmsr tumblr bot ; c) carry vacation pics back and forth. problem ?
mircea_popescu: so basically, the summary would be, that fellow took symmetric cyphering, sawed it open, used half of the parts for an ad-hoc
rsa padding scheme, and implemented the whole kaboodle in python./
mircea_popescu: . (Note that this is a direct encryption of plaintext material with the help of
RSA and not an encryption of a key for e.g. AES with
RSA and afterwards an encryption of the plaintext with AES). Based on this function are the functions rsaencryptplaintexttoct() and rsaencryptbytearraytoct(), which process a user-given plaintext string and byte sequence respectively." << this distinction seems rathger without a difference.
mircea_popescu: "# encrypttoct(): Encrypts a sequence of blocks of constant size of mb bits, on the one side applying the for
RSA known method of transformation on the individual blocks, on the other side using certain commonly in symmetric block encryption employed methods, namely plaintext-and-ciphertext- block-chaining (with a pseudo-random IV). A sequence of blocks that stems from the plaintext of the user can thus be encrypted with
RSA mircea_popescu: "Lets verify the
RSA seal of ffa_ch6_simplest_rsa.vpatch, the Chapter 6 code itself, using itself". epic.
gabriel_laddel: the order I was anticipating was: M release for tmsr (free, obo), then NNFG, then
RSA. lobbes has done/ is doing archiver
gabriel_laddel: never pdf to text, but yes, archiver, NN via FG,
RSA impl in CL, yes linux distro
mircea_popescu: it'll be funny 5mn years from now, when we're all sitting around with whatever pools & eggnogs of the future and
rsa still stands, undaunted, in preference of ~everything else.
a111: Logged on 2018-01-04 20:10 asciilifeform: ( likbez : all you need for the mythical holy grail, 'fast iron
rsa', is a very large-bitnessed adder-cum-barrelshifter and a few storage registers that can be programmatically shuffled between. )
revnja: i have an
RSA key registered, querying it with !!up doesn't provide me a challenge, deedbot just tells me I cannot !!up myself.
revnja: i'm a guy that registered an
rsa key with deedbot but for the life of me cannot get it to provide a challenge for voice
mircea_popescu: there's ~no reason to have legacy DSA sigs in tmsr-
rsa ; similarilyt why would i support sha2 in v ?
a111: Logged on 2017-12-23 15:56 mircea_popescu: (if memory serves the original split, design choice made late 1990s, was due to either suspicion or reality that either sign or decrypt possibly leaked bits ; the idea of separate keys is not even bad, necessarily, but this does NOT say anything positive about a clunky, ad hoc, untransparent and machine-automagical key hierarchy system. so basically, people probably will have at least two keys in tmsr-
rsa, except they won't b
mircea_popescu: (if memory serves the original split, design choice made late 1990s, was due to either suspicion or reality that either sign or decrypt possibly leaked bits ; the idea of separate keys is not even bad, necessarily, but this does NOT say anything positive about a clunky, ad hoc, untransparent and machine-automagical key hierarchy system. so basically, people probably will have at least two keys in tmsr-
rsa, except they won't b
☟︎ a111: Logged on 2017-12-19 17:24 diana_coman: and in more recent lol-with-gpg: the primegen function in gpg allocates secure memory for candidate prime when generating for
rsa BUT then it goes on and calls is_prime on that "n" and is_prime calculates and stores n-1 in ...insecure memory
diana_coman: and in more recent lol-with-gpg: the primegen function in gpg allocates secure memory for candidate prime when generating for
rsa BUT then it goes on and calls is_prime on that "n" and is_prime calculates and stores n-1 in ...insecure memory
☟︎ a111: Logged on 2017-12-12 16:11 asciilifeform: meanwhile,
https://archive.is/uL4b5 << usg burns yet another of $infinity ssl decrypt methods, to push 'Disable
RSA encryption!'