log
85 entries in 0.81s
asciilifeform: phf: mircea_popescu's method , to be used in the battlefield, still needs some means of tying the keys together formally -- and something that doesn't reduce to the horror of gpg's 'subkeys'
asciilifeform: this recent find is an excellent illustration, it shared the factor solely with own subkeys
Framedragger: http://btcbase.org/log/2016-08-22#1526429 && http://btcbase.org/log/2016-08-22#1526462 << OKAY OKAY, i lose this round. apparently i underestimated the malice in gnupg.... again. lol. (though, i wonder if the "bogus direct key signature import" applies to *subkeys*; but let's assume so, because, gnupg.)☝︎☝︎
asciilifeform: (to the subkeys.)
Framedragger: mircea_popescu: this then is a critique of sks keyservers, strictly. there was a thread on their ML, they rejected the idea of rejecting such subkeys (...)
Framedragger: import subkeys with no valid self-sig? or am i misreading what is stated in the article? because to me those statements (in the broader context) are rendered into that meaning precisely.
Framedragger: asciilifeform: apologies if i am mistaken here, but iirc phuctor was reported to have cracked some pgp keys when at that point in time none of the keys cracked had valid self-sigs. the presentation from tmsr (trilema/phuctor) to me appeared to have overstated the results, so to speak. (but then later subkeys with valid selfsigs were found, iirc). this isn't a technical point, i suppose.
asciilifeform: http://btcbase.org/log/2016-06-23#1487752 << prety sure this is in the logz: a 'submission' can have ANY number of moduli in it, because subkeys.☝︎
asciilifeform: the one where 'key can squirt out a signature for a new key but this can leave no permanent mark on the original,' ergo auto-acceptance of subkeys is invitation for 'evil maid attack' etc.
Framedragger: one practical consideration re you signing my subkeys: what if you really trusted my main key but then i later decided to move that key to offline storage for security, and derive a subkey - one may argue that gpg provides just this kind of means of streamlining the process - i sign my new subkey or whatever, and there's that, no need for you to meet me in person again. otherwise doesn't scale at all, if 1000 people wanted to trust my su
mircea_popescu: if gpg was intended as a sort of otr, "user creates subkeys forever", it's shockingly poorly implemented.
mircea_popescu: "subkeys" are ~equivalent to "domain names" and various attempts to weaken bitcoin that were quashed historically. "wouldn't you like some wool over your eyes ???"
Framedragger: btw i'd choose self-sigs over "trust sks keyservers not to include fake subkeys" any time of the year. obvs the point is to disassemble this false dichotomy. but short-term, self-sigs are not useless at all.
Framedragger: asciilifeform: is there a 'stable' algorithm / spec for deriving phuctor's hash / permalink? you'd mentioned before that it "includes the entire key - names, emails, ~all~ subkeys."
Framedragger: PeterL: gpg client should reject subkeys not signed by master key or somesuch, was the argument i think
Framedragger: re. hanno: oh yeah? i had thought he had had a point, re. those broken subkeys not being used anyway. but i guess the point is that phuctor found some *actually used* keys, etc.
Framedragger: asciilifeform: ah, right; subkeys included. fair enough.
asciilifeform: Framedragger: phuctor's hash is quite inapplicable anywhere else, because it includes the entire key - names, emails, ~all~ subkeys.
asciilifeform: (i don't presently parse out the subness of subkeys)
GyrosGeier: RSA 4096, with three RSA 2048 subkeys
asciilifeform: 'subkeys' suck donkey ballz.
BingoBoingo: I don't think I covered any thing about the subkeys in mine. One of the things passed around before that LOVED subkeys.
assbot: Logged on 24-09-2015 06:18:08; mircea_popescu: <asciilifeform> mircea_popescu: one example of something which Must Die is 'subkeys' << absolutely. i have no fucking idea what chickenbrain thought that's a thing. "o hey, you know what this chevy is made out of ? chevys! because they didn;'t get me that lego set when i was nine and now im fucked in the head."
asciilifeform: subkeys are pure, unadulterated retardation
ben_vulpes: ;;later tell asciilifeform subkeys ruining someone's day?
ben_vulpes: subkeys. i hear they're no good.
phf: i thought the matter of subkeys, "automatic" key replacements or substituions was settled by hanbot's story. i really put too much faith in it as the b-a canon seems like
punkman: dunno, I worry more about someone refreshing his keyring and ending up with extra subkeys under my main key, than a second main key appearing with same fingerprint, so I'm definitely setting my cert-digest-algo to sha512
mircea_popescu: what do you think subkeys are ?
assbot: Logged on 12-10-2015 22:51:13; punkman: btw if you don't want the signatures on your subkeys being sha1, I think --cert-digest-algo is the option that needs changing
punkman: btw if you don't want the signatures on your subkeys being sha1, I think --cert-digest-algo is the option that needs changing
ascii_field: jurov, mircea_popescu: iirc mircea_popescu did not accept refreshed subkeys either
deedbot-: [fr.anco.is] Why GPG subkeys must die - http://fr.anco.is/2015/why-gpg-subkeys-must-die/
asciilifeform: thing about subkeys is that they are a fundamentally ill-conceived idea - the notion that 'i can update my modulus but it is still considered the same key, because it is signed by this other key here, and this fact is to be verified by machine'
assbot: Logged on 10-10-2015 11:50:17; mircea_popescu: asciilifeform agreed re subkeys. tho i think we had agreed on this before.
PeterL: What is the point of subkeys?
mircea_popescu: asciilifeform agreed re subkeys. tho i think we had agreed on this before.
assbot: Logged on 24-09-2015 03:18:40; asciilifeform: mircea_popescu: one example of something which Must Die is 'subkeys'
assbot: Logged on 09-10-2015 11:07:40; punkman: from same thread: "If Collision attacks become viable for SHA-1 fingerprints, then they would probably also become viable for subkeys as well, and it might be possible for an attacker to generate a subkey with a collision for the cross-certifying signature, and be able to graft a false subkey onto a master key with a SHA-1 signature, which would definitely be a key compromise."
pete_dushenski: http://log.bitcoin-assets.com/?date=09-10-2015#1295502 << can't say i've ever understood subkeys, but i'd previously assumed that this was my noobish level of crytographic and technological comprehension. then i read http://log.bitcoin-assets.com//?date=24-09-2015#1284565 and was ever so pleasantly surprised to find my confusion and wariness warranted !☝︎☝︎
punkman: from same thread: "If Collision attacks become viable for SHA-1 fingerprints, then they would probably also become viable for subkeys as well, and it might be possible for an attacker to generate a subkey with a collision for the cross-certifying signature, and be able to graft a false subkey onto a master key with a SHA-1 signature, which would definitely be a key compromise."
mircea_popescu: <asciilifeform> mircea_popescu: one example of something which Must Die is 'subkeys' << absolutely. i have no fucking idea what chickenbrain thought that's a thing. "o hey, you know what this chevy is made out of ? chevys! because they didn;'t get me that lego set when i was nine and now im fucked in the head."
asciilifeform: mircea_popescu: one example of something which Must Die is 'subkeys'
punkman: shinohai: your master key hadn't signed the subkeys? how does that happen?
asciilifeform: trinque: understand, if it includes your actual subkeys, it can go unnoticed
punkman: revoke subkeys every now and then, nobody will notice
assbot: Problems with two active encryption subkeys | GnuPG | users ... ( http://bit.ly/1NcZ0Q9 )
fromphuctor: it's quite a large key with a few subkeys, total upload size is around 13K
Apocalyptic: asciilifeform, by the way do you have any explanation as to why pgpdump skips the KeyID field on invalid subkeys ?
Hasimir: if they're encryption subkey bits then maybe it's from backfired attempts to segregate the cert key from the subkeys ...
trinque: do I understand correctly that you use a "signing key" to sign your various subkeys, thus associating them with one identity?
trinque: BingoBoingo: https://wiki.debian.org/Subkeys << clear as mud
BingoBoingo: mircea_popescu: tbh, someone has to explain this "subkeys" retardation to me sometime. fucking pseudohierarchy devoid of meaning. << Within your big GPG keyblock you can have multiple keys, say a 4096 RSA for signing and another 4096 to encrypt to. Beyond that you can keep stuffing moar keys in there just because...
jurov: someone has to explain this "subkeys" retardation << guess mr.zimmermann overengineered it and then left to rot
mircea_popescu: tbh, someone has to explain this "subkeys" retardation to me sometime. fucking pseudohierarchy devoid of meaning.
Hasimir: do they all have subkeys or not?
ascii_field: Hasimir: so far each of the cases i have examined in detail had -at least one- legit rsa modulus in subkeys
ascii_field: Hasimir: we only see it here if it had one or more rsa subkeys.
Apocalyptic: ascii_field, of the 19 broken moduli so far how many are actually valid subkeys ?
ascii_field: so, one of the recent phucked keys contains two subkeys, both of which are phucked. and the self-sig is... valid.
mike_c: it was discussed on hacker news. looks like there are a handful of invalid subkeys on the sks servers
mod6: how do you know they're subkeys? did I miss this in the log?
justJanne: 8 broken subkeys, it seems.
mircea_popescu: what i don't get is, how exactly you reproduce this ? i can't seem to make sks server to accept extra, unsigned subkeys from anyone.
mircea_popescu: asciilifeform i wonder if this is reproducible, make sks servers display random data as people's subkeys.
assbot: Logged on 12-05-2015 22:03:27; mircea_popescu: so ascii_field from the above, am i correct in deducing that there have been at most 47728 - 31262-4584 = 11882 (out of 47728, or ~1/4) keys without any RSA subkeys in them ?
mircea_popescu: so ascii_field from the above, am i correct in deducing that there have been at most 47728 - 31262-4584 = 11882 (out of 47728, or ~1/4) keys without any RSA subkeys in them ?
asciilifeform: but it is important to remember that 'keys' (in the customary sense) are indexed by the (garbage) hash of the -whole key- rather than fp - because it is actually subkeys that have fp's, rather than 'keys' (as in, what folks typically paste in)
dignork: so if anybody has to deal with multiple subkeys, proper syntax is "gpg -u 8334BB7B5BDFA126! --clearsign file" , notice the key>!< notation, seems to be not so documented
decimation: it seems to me that the cli for signing subkeys is less straightforward than it could be as well
BigBitz: subkeys you mean?
pankkake: all my subkeys do signing xor decryption
pankkake: basically the main signing key is only needed to sign your subkeys, and sign others' keys
mircea_popescu: TestingUnoDosTre subkeys you generate off a main key aren't more anonymous than the main key.
benkay: can you sign with subkeys?
pankkake: TestingUnoDosTre: https://wiki.debian.org/subkeys
pankkake: FYI you can create stronger subkeys
pankkake: you can only use subkeys for example
bgupta: so been reading about S.NSA's first product. Why not just install suitable GPG subkeys on one of these? http://www.g10code.de/docs/openpgp-card-2.0.pdf (And keep your master key airgapped in a safe place)
thestringpuller: mircea_popescu: I thought you could just register the main and subkeys to the WOT key list and just give out the fingerprint?
mircea_popescu: now people just send mainkeys w/o encryption subkeys.
mircea_popescu: as the subkeys are now the target.
davout: might be an interesting addition, as, if i understand subkeys correctly they make the master key very very hard to compromise
davout: mircea_popescu: quick question, does mpex work with gpg subkeys?
gabridome: yeah..Beg your pardon. You should be tierd to answer question to newbies. I didn't check the subkeys...