log☇︎
346 entries in 0.919s
asciilifeform: stjohn_piano_2: at the risk of belabouring the obv., you gotta see to it that yer custom pgp wrapper actually has access to the priv that went with the pub you regged
asciilifeform: loox like stjohn_piano_2 built/attempted to build a 'display these pgp-signed .txt with html sugar' mechanism ?
mp_en_viaje: i have no idea! conceivably tell him, "dood looky, this is entirely dependent on pgp". not get item you're not satisfied with, i dunno. complain at some point somewhere, so i don't find myself in this weird position where i'm asked about things i dunno about and dunno what to say ?
asciilifeform: good % of pgp use historically -- resembled the medieval 'plague amulets'. y'know, the one where scrap of leather with word 'arsenicum' (cuz buying actual arsenic costs tuppence, and scrap -- one )
asciilifeform: come to think of it, wtf did he even bother with pgp pub.
a111: Logged on 2018-11-14 20:50 asciilifeform: but for general-purpose pgp replacement, conceivably could use something 'hungrier' but with 0 fixed structural bits. i'ma invite mircea_popescu et al to consider the subj.
asciilifeform: but for general-purpose pgp replacement, conceivably could use something 'hungrier' but with 0 fixed structural bits. i'ma invite mircea_popescu et al to consider the subj. ☟︎
asciilifeform: i dun have any cuntoo boxes here yet. all of my dev machines run vintage gentoo, where the gpg that python-gnupg sees is gpg2 (cuz idjit portage pulled it in, long ago). asciilifeform's actual pgp-ing happens on diff machine, naturally, with 1.4.10 . but apparently phf's hack for subkeyism breaks the thing in this combo.
asciilifeform: mircea_popescu: observe that i was able to index 9.3 mil pgp comment strings somehao, on 1 iron, and with <1s lookup
asciilifeform: ng), and is offered with pgp-verified record of changes [phf's patch viewer], .... etc '
mod6: I had started on a ada vtron last year, but I got hung up with some of the string handling, and the fact that I had to use shell-outs for pgp. I'd like to get back to it at some point. I would love to dispense with the shell outs - and can probably do so, but not until 'peh' is finished.
asciilifeform: verisimilitude: also highly recommend to make yourself a pgp key, and reg with deedbot,
a111: Logged on 2018-08-18 19:25 xdeller: tbh standalone armored data more likely to be served with application/pgp or pgp-xxx instead of text/plain, if somebody on other end would care enough to set proper mimetype for .asc
xdeller: tbh standalone armored data more likely to be served with application/pgp or pgp-xxx instead of text/plain, if somebody on other end would care enough to set proper mimetype for .asc ☟︎
mod6: Alright all, the TRB vtree was updated with asciilifeform's ascii-armored pgp sig.
asciilifeform: cnomad: please consider registering a pgp key with deedbot :
mod6: fettiffany: read http://deedbot.org/help.html and get yourself a PGP key, and register it with deedbot per help page.
a111: Logged on 2018-05-14 13:30 asciilifeform: ^ pretty lulzy prehistory -- usg is burning the vuln in the most traditional way, complete with 'responsible disclosure'ism and a boeck-style 'researcher' ; nao spinning in every propaganda organ in unison as 'pgp broken!'
BingoBoingo: <asciilifeform> ^ pretty lulzy prehistory -- usg is burning the vuln in the most traditional way, complete with 'responsible disclosure'ism and a boeck-style 'researcher' ; nao spinning in every propaganda organ in unison as 'pgp broken!' << Apparently @hanno has a take on this too that sums to the rest of the party line "who could be using this with hygeine?"
asciilifeform: ^ pretty lulzy prehistory -- usg is burning the vuln in the most traditional way, complete with 'responsible disclosure'ism and a boeck-style 'researcher' ; nao spinning in every propaganda organ in unison as 'pgp broken!' ☟︎
a111: Logged on 2014-08-16 02:27 mircea_popescu: by now i can sorta distinguish the noobs from the veterans because the noobs send me gpg blobs with "Content-Type: multipart/mixed;" mixed in, whereas the veterans just neatly paste the pgp in the email body.
asciilifeform: it does not make any sense to attempt to do business with folx who won't pgp
douchebag: with all pgp stuff I decrypt
a111: Logged on 2018-04-18 11:34 ascii_lander: http://btcbase.org/log/2018-04-18#1801317 << aaand i betcha this is because they're camwhores, and have nfi what is pgp or even that d00d generated a key for'em at all , and he gave the magicstring over voicechat with the camgurls
ascii_lander: http://btcbase.org/log/2018-04-18#1801317 << aaand i betcha this is because they're camwhores, and have nfi what is pgp or even that d00d generated a key for'em at all , and he gave the magicstring over voicechat with the camgurls ☝︎☟︎
zx2c4: no, not at all. im also not quite sure what to do with these pgp encrypted blobs i cant decrypt
asciilifeform: if a fella who balks at mention of pgp and wot reg , is hosting a trilema mirror, than who knows, anything possible, cats lie with dogs, lions with lambs..
mod6: Alright, well, consider getting a PGP key and registering it with deedbot
a111: Logged on 2018-03-08 14:27 ave1: I'll have to think about it, I do not want to make changes that make things more complex for "reasons" and then more complex enzovoorts enzovoorts. And then end up with PGP
ave1: I'll have to think about it, I do not want to make changes that make things more complex for "reasons" and then more complex enzovoorts enzovoorts. And then end up with PGP ☟︎
asciilifeform: xahlee: make a pgp key. register with deedbot,
mircea_popescu: in the meanwhile -- it'd be a very good idea to make yourself a pgp key and register it with deedbot.
asciilifeform: ate: consider registering a pgp key with deedbot
rog: how do i connect thru windows then with a pgp?
mircea_popescu: wer so first off, register your pgp key with deedbot to preserve identity. you do have one yes ?
mircea_popescu: concernedscaling why not make yourself a pgp key and reg with deedbot at that ?
a111: Logged on 2017-10-19 07:09 mircea_popescu: http://btcbase.org/log/2017-10-19#1726582 << a) this is not factual. you manufacture power chord that only works or doesn't work, through eg http://btcbase.org/log/2017-10-12#1724529 ; b) if your power chord came with special rsa analysis and also had a special "flash power when pgp is being used" switch, you'd get into manufacturing your own power chords in very short order.
mircea_popescu: http://btcbase.org/log/2017-10-19#1726582 << a) this is not factual. you manufacture power chord that only works or doesn't work, through eg http://btcbase.org/log/2017-10-12#1724529 ; b) if your power chord came with special rsa analysis and also had a special "flash power when pgp is being used" switch, you'd get into manufacturing your own power chords in very short order. ☝︎☝︎☟︎
asciilifeform: in so far as i can tell, none of these items have anything to do with even kochian pgp
mircea_popescu: ideally, gift the man a used laptop with pgp on it.
asciilifeform: Barbarossa_: once you get a pgp key, consider registering with deedbot
asciilifeform: fyr: get an old laptop with no nic and pgp on that. fiddybux.
mircea_popescu: valica make yourself a pgp key if you don't have one an' register it with deedbot so i don't have to keep voicing oyu
mircea_popescu is sick of "famous people" like of crab apples. let them sit in some other latrine with their "oh i lost my pgp key 20 years ago" zimmerman and their "i dedicate my life to raising impudent street urchins as if they were white people" bernstein and their "oh hi, rng ?" koch and their "o btw, i lied about that laptop" rms everything else.
asciilifeform: in other vintage lulz, https://pthree.org/2014/08/18/whats-the-matter-with-pgp
mircea_popescu: erlehmann you seem like a nice enough fellow, why not register your pgp key with deedbot ?
mod6: http://btcbase.org/log/2017-05-25#1661674 << was thinking there, for those who would want it, a model where guy asks for N bytes of entropy via FG. would generate N bytes. base64 encode the binary entropy file (similar to trb deps), place the sha512 output hash of the base64 decoded file along with the ent & dieharder output in a clearsigned message, then PGP encrypt it to the requester. ☝︎
mircea_popescu: fromloper consider getting a proper name / registering your pgp key with deedbot while at it.
Framedragger: it's one thing tor jumping ahead with newhope because omg POSTQUANTUM, but a pgp board.. lol
a111: Logged on 2016-06-17 02:16 asciilifeform: btw does mircea_popescu know what would happen if a pgp key with his main key but new magical subkey were generated and posted to sks ?
asciilifeform: mircea_popescu: hey, it's what they picked for 'how to deal with pgp'
a111: Logged on 2016-12-28 21:59 phf: Framedragger: it's always the same with you, "this online personality construct is great" "they do useful research" etc. until they publish "i don't believe in pgp" or really act in any way that you didn't expect. and then you don't have any recourse, because they are online personality constructs. how well do you know this "online researcher" if you ~having spent significant amount of effort to collect and upload ssh keys~ didn't even
phf: Framedragger: it's always the same with you, "this online personality construct is great" "they do useful research" etc. until they publish "i don't believe in pgp" or really act in any way that you didn't expect. and then you don't have any recourse, because they are online personality constructs. how well do you know this "online researcher" if you ~having spent significant amount of effort to collect and upload ssh keys~ didn't even ☟︎
asciilifeform: the other interesting experiment, yet undone, is to generate ssh, ssl, pgp, etc. keys on some of the other os with known-broken rng -- e.g., freebsd 2010-2014 (or when was it), possibly other
a111: Logged on 2015-08-08 04:11 asciilifeform: mircea_popescu: in somewhat related nyooz, i've been experimenting with what for now i call 'v' - a very dumb 'versioner' that i've been writing, which eats solely 0) pgp keys 1) patches 2) signatures for same, many-to-many mapping of (2) to (1)
asciilifeform: trinque: my original, unpublished vtron, only pressed (tracking the dependency flow), and user was expected to check the pgp sigs of the inputs, with bare hands, prior
asciilifeform: mircea_popescu: the current setup (with the patch.nickname.sig) is an artifact of the idiocy of pgp, where one cannot take the signature and extract a hash from it with which you can look up the patch from a manifest of patch hashes in O(NlogN)
mod6: I like what it does, and it seems to make sense in the case where I might need this one single time. To prevent against cryptographic death, I can generate this key pair, sign it with my PGP key, and then send a one time message of my new PGP key fp to save me from hitting the ground.
mod6: I should clearsign the pubkey with my pgp-pubkey and deedbot this, aha?
asciilifeform: Framedragger: phuctor's scheme is sufficient for distinguishing pgp keys with same moduli but variant metafields from one another, and for no other purpose.
Framedragger: also, something about a virtual folder for sharing data with friends whose pgp keys you have? you just do echo "attack at dawn" > /something/friendname/secret.txt
mircea_popescu: asciilifeform if you were to write timetables, how much time would you count "generate a pgp key and register it with deedbot" ? full hour ? ten minutes ? full day ?
asciilifeform: i cannot speak for others, but i disapprove of only two details -- 1) the solution of problems using wordplay & redefinition, the characteristic 'millenial' sin, e.g., 'this ftp daemon is TMSR WEB!', this can of cig butts is lisp machine 2) failure to maintain elementary self-hygiene -- have a hut with locking door, and FOR FUCKS SAKE, MAN, a pgp key
asciilifeform: i signed mircea_popescu's article with victim's pgp privk
asciilifeform: mircea_popescu: you often meet roach with pgp key?!
mircea_popescu: anyway, consider registering your pgp key with deedbot, so you can self-voice.
asciilifeform: think 'pgp but with delegation to slaves'. usg is/was for some reason obsessed with such schemes.
scriba: Logged on 2016-09-22: [13:18:17] <a111> Logged on 2015-12-14 02:37 PeterL: so I was playing with the idea of http://trilema.com/2015/the-pgp-w-mode/
a111: Logged on 2015-12-14 02:37 PeterL: so I was playing with the idea of http://trilema.com/2015/the-pgp-w-mode/
asciilifeform: 'Although boatmanstv at one point switched to PGP-encrypted e-mail (which he referred to as “ppg”) using “darknetstv@outlook.com” with the OCE, because his recipient was in fact an FBI agent, that didn’t matter. ...'
Framedragger: look at that one person knows to actually include human readable timestamp into the inside of a pgp signed message which deals with timing-sensitive info!!!
asciilifeform: alice_: consider registering your pgp pubkey with deedbot.
asciilifeform: the hearnia strategy, 'we'll steal your thing and make idiot version and sell it to EVERYONE as the Real Thing' was tried, yes, with pgp.
mircea_popescu: "come see what zimmerman thinks about encryption - a guy who admits to losing his pgp key sometime in the 90s and doesn't see the problem with this"
asciilifeform: (does anyone find it interesting that modern gpg uses ~same mpi implementation as dark age pgp, but with massaged function names ('mp_' vs 'mpi_') ?
asciilifeform: ' ... I tried this on two different platforms with two different byte orders. In particular, I used a mips-ultrix and sun386i. The results, are the same, and show that there is no problem with PGP 2.3a, or, at least, I cannot reproduce your bug. Sorry.'
asciilifeform: 'In summer of 2000, I had a look at the new key format PGP had introduced. In Europe a number of researchers voiced concerns about the new ADK feature that were routinely being ignored in the US, the home of PGP. This ignorance motivated me to look closer into the new PGP version and I discovered a serious problem with the way additional keys could be added without a user's consent. '
Framedragger: asciilifeform: apologies if i am mistaken here, but iirc phuctor was reported to have cracked some pgp keys when at that point in time none of the keys cracked had valid self-sigs. the presentation from tmsr (trilema/phuctor) to me appeared to have overstated the results, so to speak. (but then later subkeys with valid selfsigs were found, iirc). this isn't a technical point, i suppose.
Framedragger: ("random js pgp crap" does not belong in the "(semi)sane software for dealing with openpgp" set)
mircea_popescu: sedition consider registering your pgp key with deedbot.
asciilifeform: trinque: just about any scenario involving a stooge khadeer would make considerably more sense with a properly-generated pgp key
asciilifeform: trinque: if fella is a stooge, no reason for him not to have ~normal~ pgp key with puppet master having copy of the private.
phf: asciilifeform: it's an attack against a pgp key consumer with a specially broken viewer. userid in this case tries very hard to account for specific set of circumstances (i'm seeing 4 vectors so far), and we're only matching for one, specifically fact that ben_vulpes doesn't sanitize his html.
mircea_popescu: btw, you got your pgp reg'd with deedbot ?
mircea_popescu: do consider making a pgp key and registering it with deedbot
Framedragger: asciilifeform: actually with pgp you'll just end up trusting your much dreaded aes256 since openpgp will do the whole 'session' thing as you know
asciilifeform: 'Silent Circle already lost some of its key personnel in recent months. Cryptography luminary and co-founder Jon Callas departed for Apple in May and in June, CEO and President Bill Conner resigned, with Neiderman stepping in as interim chief. Co-founder Phil Zimmerman, best-known as the creator of encrypted messaging protocol PGP, remains on-board, living in the firm’s adopted home town of Geneva.'
asciilifeform: ... it would be displayed as latest; folks who -receive-key longfp would end up with it; all known pgp clients - happily encipher to it; etc.
asciilifeform: btw does mircea_popescu know what would happen if a pgp key with his main key but new magical subkey were generated and posted to sks ? ☟︎
asciilifeform: ^ this may actually be practical with pgp
mod6: gotta add one last part before we can really use it in here; get it a pgp key, register it with deedbot, then build in functions to selfvoice
asciilifeform: spandrell: you are encouraged to return with pgp key.
mircea_popescu: so the way this channel works is that you register your pgp signature with the bot ; and then you can maintain an identity. otherwise anyone can "be" spandrell
asciilifeform: mircea_popescu: 'unwashed herd avoids pgp like soap' is hard to square with 'the vast majority of pgp pubkeys date to that period'... no?
asciilifeform: http://btcbase.org/log/2016-06-03#1475427 << briefly returning to this thread, there is a remaining possibility - that at one point there were ~many more~ phuctorable pubkeys extant, but most were somehow purged, 'accidented' from sks. with that in mind i would ask for whosoever might know of a historic (1990s vintage) archive of pgp keyz. ☝︎
mircea_popescu: lmao omfg. dude published the 2012 census with a pgp (v2.0!) 1kb rsa key ; and he claims to be inspired by... XKCD!!! to do a fucking hilbert curve. omfg the unit-square covering discussions were all in vain, xkcd is the source.
asciilifeform: mircea_popescu: yes. but when a key is phuctored, it expects to find the fields associated with a pgp key in the requisite db table.
mircea_popescu: actually come to think of it, someone should write code to turn standard base64 (like comes out of pgp armor etc) into text. have a nice markov-based state machine with a large-ish dictionary and a syntax/grammar checker.
alikim: I have 4 computers and a life and I live with normal people, if you go on them like "I lost my pgp key, I lost my life" they suggest you visit a doctor.. or get laid and drunk in any order
asciilifeform: (and does it actually make sense to phuctor them ~together~ with pgp keyz?)