deedbot: crayon voiced for 30 minutes.
mircea_popescu: Known Shared Factors: 284648957608675 1118385754444484075 << yeah i guess once a modulus starts showing these, readily reduced by intertested reader.
mircea_popescu: there's millions of them buzzing and the miracle of the first secure computer has yet to be seen.
deedbot: Birdman voiced for 30 minutes.
Birdman: Hello, im just here to read
Birdman: Fellow eulorian, was around b-a sometimes too
gribble: Bitstamp BTCUSD last: 451.39, vol: 1220.84749747 | BTC-E BTCUSD last: 448.293, vol: 2216.06661 | Bitfinex BTCUSD last: 451.47, vol: 4174.91672794 | CampBX BTCUSD last: 454.97, vol: 0.15 | BTCChina BTCUSD last: 454.253625, vol: 16098.60880000 | Kraken BTCUSD last: 451.95, vol: 308.9699291 | Bitcoin-Central BTCUSD last: 451.4452, vol: 7.0300301 | Volume-weighted last average: (1 more message)
mircea_popescu: check that out, stackoverflow got this datamining of users down to a fine art huh.
mircea_popescu: it's not even irc, what is it, some sort of java thing ?
mircea_popescu: at this rate you'll end up a traffic analytics expert :D
mircea_popescu: hey, one of the best natural cocksuckers i ever encountered was a that-expert.
mircea_popescu: i think her mommy had her with a constrictor snake and she had a square bone in her neck.
gribble: Current Blocks: 409824 | Current Difficulty: 1.7865925777252728E11 | Next Difficulty At Block: 411263 | Next Difficulty In: 1439 blocks | Next Difficulty In About: 1 week, 2 days, 2 hours, 34 minutes, and 56 seconds | Next Difficulty Estimate: None | Estimated Percent Change: None
deedbot: fromphuctor voiced for 30 minutes.
deedbot: fromphuctor_ voiced for 30 minutes.
deedbot: ez_ voiced for 30 minutes.
deedbot: fromphuctor voiced for 30 minutes.
deedbot: fromphuctor_ voiced for 30 minutes.
deedbot: gabriel_laddel voiced for 30 minutes.
mircea_popescu: yeah but trb really doesn't load worth the mention. especially if caught up.
deedbot: fromphuctor voiced for 30 minutes.
deedbot: fromphuctor_ voiced for 30 minutes.
mircea_popescu: i suppose within a few hours it makes the front page (again) and then it gets replaced with an "official science" replacement...
deedbot: fromphuctor voiced for 30 minutes.
mircea_popescu: asciilifeform incidentally, according to amazon, trilema is biggest in japan.
fromphuctor: What does it mean whe the public exponent is not prime?
fromphuctor: It's a public key encryption scheme, right?
mircea_popescu: there's a difference between "what it is" and "how it works".
deedbot: fromphuctor_ voiced for 30 minutes.
gabriel_laddel: mircea_popescu: sometimes not really having a job is a bit of a chore.
fromphuctor: How are these prime numbers chosen? I understand it is very hard to find prime numbers.
deedbot: fromphuctor__ voiced for 30 minutes.
deedbot: fromphuctor__ voiced for 30 minutes.
gabriel_laddel: Anyways, I'm a bit busy atm, have not been able to get the full masamune replication working, which is irritating. but I do have customers waiting on me, which is exciting.
mircea_popescu: fromphuctor it's not that hard to find prime numbers. in general, rsa keys should be seeded from a good entropy source.
mircea_popescu: (note that e is almost everywhere 65537, which is both prime and cheap.)
mircea_popescu: in fact... 65537 makes SUCH a good e, not using it is triple-eyebrow raising.
fromphuctor: Okay. So the size of the prime number does not matter that much for the security of the cipher as the entrophy source.
fromphuctor: Wouldn't a bigger prime exponent be more difficult for an adversary to crack?
mircea_popescu: the size of e is not particularly relevant ; it not being 65537 is very suspicious. it being non-prime is even more suspicious.
fromphuctor: Okay. So apparently a lot of people messed up their cryptography, and had non-prime exponents (or very small primes) for some weird reason.
deedbot: fromphuctor_ voiced for 30 minutes.
mircea_popescu: fromphuctor that is last week's news. this week's news is that ACTUAL KEYS were cracked.
deedbot: GyrosGeier voiced for 30 minutes.
GyrosGeier: I'm trying to submit my key, but keep getting an error
fromphuctor: Why were these keys so easy to crack? Were they due to faulty implementations of the cryptosystem?
GyrosGeier: is there any restriction on what keys are accepted?
GyrosGeier: Error: Was that really a GPG public key? Try again.
mircea_popescu: GyrosGeier dpaste what you're trying to stick in, maybe.
fromphuctor: So my SSH keys are probably not compromised, assuming my cryptography software wasn't broken by the government.
mircea_popescu: fromphuctor you can export them and check yourself. then no need to assume anything.
GyrosGeier: that is --export-options export-minimal --export --armor
mircea_popescu: GyrosGeier you'll have to try again later, once this is caught up with.
fromphuctor: My SSH keys came when I used the ssh-keygen command. How do I export them?
GyrosGeier: that makes filtering the packet stream easier
mircea_popescu: i guess we'll have to write a tool for this eventually, willy-nilly.
fromphuctor: Apologies. I'm not that good at cryptography.
fromphuctor: Thank you very much for your efforts and help. I sincerely appreciate it.
deedbot: fromphuctor voiced for 30 minutes.
deedbot: fromphuctor_ voiced for 30 minutes.
GyrosGeier: we'll see if anything falls over with no uids and signatures :)
mircea_popescu: asciilifeform server is actually doing pretty good, considering.
mircea_popescu: yeah, fingerprints more important than names per se. though there's some orgs that got clearly raped.
deedbot: fromphuctor voiced for 30 minutes.
GyrosGeier: indeed, but these shouldn't have signatures from me
GyrosGeier: is there some effort to notify people?
GyrosGeier: I've found one from the same org as myself, with a key they use, which is signed by me, so that is clearly theirs
deedbot: gabriel_laddel may not $up r00s
gabriel_laddel: They merged with paypal eventually though, so yes, close.
deedbot: punkman may not $up fromphuctor
deedbot: r00s voiced for 30 minutes.
mircea_popescu: GyrosGeier> is there some effort to notify people? << not really, feel free to notify whoever.
gabriel_laddel: And if so, are you familiar with the optimization techniques "optimal braindamage" or "optimal brain surgery"?
punkman: I sent a coupla mails after previous phuctoring, nobody wrote back
gabriel_laddel: ^ "Notes Essays-Peter Thiel’s CS183: Startup-Stanford, Spring 2012"
gabriel_laddel: Eventually these were compiled into the book Zero to One.
punkman: At the meeting with the BBC, Mr Wright digitally signed messages using cryptographic keys created during the early days of Bitcoin's development. The keys are inextricably linked to blocks of bitcoins known to have been created or "mined" by Satoshi Nakamoto.
punkman: Be assured, just as you have worked, I have not been idle during these many years. Since those early days, after distancing myself from the public persona that was Satoshi, I have poured every measure of myself into research. I have been silent, but I have not been absent. I have been engaged with an exceptional group and look forward to sharing our remarkable work when they are ready.
punkman: "Mr Wright does not want to make public the proof for block 1, arguing that block 9 contains the only bitcoin address that is clearly linked to Mr Nakamoto (because he sent money to Hal Finney). Repeating the procedure for other blocks, he says, would not add more certainty. He also says he can’t send any bitcoin because they are now owned by a trust. "
adlai: danielpbarron: thx
adlai: jurov: correct, as always
adlai: mod6: your hairshirt orgmode reimplementation
adlai reminds everybody that the real reason he /does/n't keep secrets is because there were none, to begin with.
adlai: either 60 "random" words have nothing to do with my life, or my basal ganglia are still swimming in lsd.
deedbot: roxfan voiced for 30 minutes.
deedbot: JusticeRage voiced for 30 minutes.
roxfan: i want to submit a key to phuctor but i have only raw N and E, not GPG format
roxfan: any idea how to make one?
roxfan: i was hoping there's an easier way...
☟︎ deedbot: dfgg voiced for 30 minutes.
deedbot: fromphuctor voiced for 30 minutes.
deedbot: fromphuctor_ voiced for 30 minutes.
deedbot: hexa- voiced for 30 minutes.
deedbot: pabs3 voiced for 30 minutes.
deedbot: piratsimon voiced for 30 minutes.
deedbot: spoonzy_ voiced for 30 minutes.
deedbot: sbp voiced for 30 minutes.
deedbot: tribut voiced for 30 minutes.
mircea_popescu: punkman> At the meeting with the BBC, Mr Wright digitally signed messages using cryptographic keys created during << i dun recall the derpy "sign with key" thing was ever regarded by tmsr.
mircea_popescu: leaving aside this whole "at a meeting with hitler's propaganda minister, we saw it, swear!" angle.
roxfan: could the site be modified to accept raw numbers?
JusticeRage: Thanks for giving me voice. Did you get my MP about the debug mode?
piratsimon: just came along because phuctor said so. ;)
pabs3: are you planning on revoking the keys you have factored?
mircea_popescu: piratsimon would you be so kind as to post the software you used to make that key ?
piratsimon: that was really loooooooooong time ago.
mircea_popescu: maybe we actually manage to figure out who did what to whom here, it's suspicious as all hell.
mircea_popescu: can there be a numeric value for this "loooooooooong time ago." ?
piratsimon: well at least i have to investigate the version. it was gpg for windows.
JusticeRage: mircea_popescu : didn't understand your answer
mircea_popescu: JusticeRage i didn't understand your question. people call me mp at times.
JusticeRage: I just came to mention that the Phuctor Flask app is running in debug mode
JusticeRage: That's a security issue and you should probably disable that :)
piratsimon: mircea, have u successfull attacked a private key you dont own and did you successfull decrypt some strong encrypted file wighout possess of the private key?
mircea_popescu: JusticeRage asciilifeform was bitching about it ignoring his settings earlier. he'll get on it once back.
deedbot: fromphuctor__ voiced for 30 minutes.
mircea_popescu: piratsimon no ; but given what we know about these keys it's a trivial exercise.
piratsimon: thats quite interesting. interested in testing it? im gonna encrypt something and you try to decrypt not knowing the phrase nor possessing the private key? ;)
piratsimon: you dont have to but im just curious. ;)
punkman: piratsimon: post it on pastebin, maybe someone will give it a try
mircea_popescu: asciilifeform you'll have to add verbiage explaining to the goodfolk that rsa keys specifically and uniquely are at issue ; somehow it's not obvious dsa/ecc/elgamaletc dun work.
mircea_popescu: looks like it's done by the same "i fucking love science" ustard crew.
mircea_popescu: "He was Vice President of CSCSS (Centre for Strategic Cyberspace and Security Science) with a focus on collaborating government bodies in securing cyber systems. Wright has trained government and corporate departments in SCADA Security, Cyber Warfare and Cyber Defence."
mircea_popescu: "He was Vice President of CSCSS (Centre for Strategic Cyberspace and Security Science) with a focus on collaborating government bodies in securing cyber systems. Wright has trained government and corporate departments in SCADA Security, Cyber Warfare and Cyber Defence."
mircea_popescu: lulzy "that key is not available" failscript, also. MUCH SECURITY!
mircea_popescu: hopefully it protected the aussie something or the other just as well!
mircea_popescu: anyway. domain reg'd feb 16th, first post april 26th. teh boyz poured their sweat blood an' tears as the expression goes. too bad it won't work.
☟︎ deedbot: piratsimon voiced for 30 minutes.
mircea_popescu: is there some sort of reward associated or just sportstmanship challenge ?
mircea_popescu: alrighty. in the meanwhile, you understand how rsa works ?
piratsimon: punkman suggested i should give an example via pastebin.
piratsimon: yes i do. but i bet you are right now deeper in the topic than me. ;)
piratsimon: im just curious how long it does really take to break it. you know, theory is one thing, doin it another. :D
shinohai: Is it just me or are logs not synced?
mircea_popescu: it would appear you don't actually understand how rsa works ?
deedbot: tribut voiced for 30 minutes.
piratsimon: thats why i was curious what key you did factorize? because - yes - it was my name and a really old email address of me. but actually not my key. not even my revoked one.
tribut: mircea_popescu: thanks
piratsimon: no tribut, didnt, did not had that url util now. let me read it fast.
mircea_popescu: piratsimon you could ask that then, neh ? the pile of keys being worked on come from a dump of sks servers.
piratsimon: sry mircea. that was a classic misunderstanding. we both did assume something. ;)
piratsimon: anyhow, wont bother you any longer. ;) have a nice day. we got finally sunshine. bb
piratsimon: and my apologies for that itsybitsy misunderstanding. :D
mircea_popescu: you have to realise however that if eve is trying to eavesdrop on alice's communications to you,
mircea_popescu: the most effectual approach is to put a broken key of yours up on sks, and wait for alice to mistake it for yours.
mircea_popescu: particularly effective if you don't even know alice ; and no you wouldn't know you missed anything.
mircea_popescu: the specific sort of broken keys listed there (ie, with mirrored low 32bit modulus) is obviously an' very much designed just for this purpose.
deedbot: fromphuctor voiced for 30 minutes.
deedbot: egorsmkv voiced for 30 minutes.
egorsmkv: hello, who administrate server?
mircea_popescu: aha thanks. was already reported. asciilifeform will get to it once he's back.
egorsmkv: service very good, thanks for it
deedbot: fromphuctor voiced for 30 minutes.
mircea_popescu: egorsmkv in fairness most merit goes to bernstein, with his work we do in 20 minutes what used to take ~10 years on the first estimation.
deedbot: fromphuctor__ voiced for 30 minutes.
deedbot: fromphuctor____ voiced for 30 minutes.
deedbot: fromphuctor__ voiced for 30 minutes.
deedbot: fromphuctor_____ voiced for 30 minutes.
deedbot: _Blazed voiced for 30 minutes.
jurov: "FYI, @gavinandresen's commit access just got removed - Core team members are concerned that he may have been hacked."
danielpbarron: apparently the signature on wright's thing was lifted from an old transaction
punkman: danielpbarron: the redditards fail at reading, so thought the "worked example" in blogpost would be the secret signature presented to BBC et al
deedbot: iceblox voiced for 30 minutes.
deedbot: Valfor voiced for 30 minutes.
Valfor: oh, timed voice - interesting
Valfor: I saw the list of broken GPG keys on the phuctor website
Valfor: Saw the contact mention this irc chan
Valfor: and so came here, as I was intrigued
iceblox: Hello there, I found my key to be in the sadmods and followed the contact link :)
iceblox: Using gpg --gen-key, but about 13 years ago
iceblox: I have no idea what version, operating system was NetBSD 1.6 for sure
danielpbarron: is your key actually broken or is it just a weird exponent?
iceblox: public exponent is not prime
iceblox: Oh, sure... BA8A75F1 simon@hitzemann.org
jurov: iceblox: try to export the pubkey from your local copy and add to phuctor
jurov: to check for any corruption
iceblox: okay, I submitted my export for being checked... Let me try to find out what gpg version I used back then. At least it should be possible
iceblox: Ok, according to the archives it should have been GnuPG-1.2.3
☟︎ iceblox: compiled with --enable-tiger and --with-static-rnd=auto
iceblox: Interesting, my newly submitted pubkey has 3 fingerprints less, but the bad public exponents are still part of it
deedbot: fromphuctor_ voiced for 30 minutes.
jurov: eh, frompuctor's lingering along and never says anything
iceblox: same, I only exported it from my machine instead of the one that was already on the website
deedbot: fromphuctor__ voiced for 30 minutes.
deedbot: egorsmkv voiced for 30 minutes.
jurov: piratsimon asks me for voice too
deedbot: jurov may not $up piratsimon
mircea_popescu: * asciilifeform takes off hat. << note that they were brewing it since two months ago, finally went live days after phuctor ; finally went on social media rampage hours after phuctor.
deedbot: piratsimon voiced for 30 minutes.
mircea_popescu: plenty of freshly minted coincidences at coincidence bank.
a111: Logged on 2016-05-02 12:43 iceblox: Ok, according to the archives it should have been GnuPG-1.2.3
mircea_popescu: asciilifeform ftr the .ru write-up is about 100x better than the anglo versions. wikipedia almost entirely to blame.
☟︎ mircea_popescu: ;;later tell egorsmkv consider registering your pgp key with deedbot ; i'll rate you and you'll beable to self-voice
mircea_popescu: bwhhahahaha these are epic. Лаврентий Августович Плюшкин, Герхард фон Пырохсповыдлом
mircea_popescu: asciilifeform re guy on reddit : he seems to be having the exact same key ?
☟︎ mircea_popescu: apparently there's some sort of apple shenanigans at work here. you reclal, apple, the dedicated-to-privacy company that recently wouldn't do something or the other to some phone or somesuch, i forget.
mircea_popescu: in other news of vague interest, i burned ~13GB on trilema today alone, of which at least half to be attributed to phuctor discussions (mostly not in english). it's been a while since any event actually visibly dented trilema stats. too lazy to check on phuctor, but i imagine it's headed into terrabytes, what with its endless single pages and whatnot.
mircea_popescu: almost all of these seem to be in some way connected to either winblows or crapple.
☟︎ deedbot: Twix voiced for 30 minutes.
jurov: if it requires self-signature, then testing ssh keys is out
☟︎☟︎ a111: Logged on 2016-05-02 10:40 roxfan: i was hoping there's an easier way...
mircea_popescu: jurov i see "gpg: armor header: Version: PGPy v0.4.0 gpg: packet(6) too short"
mircea_popescu: BingoBoingo actually it's being built as we speak. jurov 's thing above is mere steps away from general purpose.
jurov: huh i see .. tested only with pgpdump, not actually importing it
BingoBoingo: Right, It's being done the actual way as opposed to the query shithub for an existing script way.
mircea_popescu: actually there is no script. which in itself is glaringly scandalous.
mircea_popescu: jurov possibly needs some padding. pgp keys are a festival of arbitrary and nonsensical fixed widths and whatnot.
jurov: yea the py library i'm trying aptly reflects that
deedbot: hax404 voiced for 30 minutes.
deedbot: Echoplex voiced for 30 minutes.
a111: Logged on 2016-05-02 14:24 jurov: if it requires self-signature, then testing ssh keys is out
a111: Logged on 2016-05-02 13:11 mircea_popescu: asciilifeform ftr the .ru write-up is about 100x better than the anglo versions. wikipedia almost entirely to blame.
jurov: mkay, will analyze the pubkey
deedbot: nadav voiced for 30 minutes.
deedbot: schlaftier voiced for 30 minutes.
phf: so odd, connection is otherwise stable, i have ssh open to it, but bot simply pinging out
deedbot: fromphuctor_ voiced for 30 minutes.
a111: Logged on 2016-05-02 04:40 asciilifeform: i will be disappointed if the new replacement for the phuctor story is not jp-toilet related.
deedbot: fromphuctor__ voiced for 30 minutes.
phf: well, it did, but i have a backup always, so unless there's a complete breakdown, logs are retained. i need to add an autoreconnector, but as is usually the case with that sort of things, i'm limited on time
mircea_popescu: every last valuable line of me going $up fromphuctor and all.
deedbot: Shredder121 voiced for 30 minutes.
Shredder121: I'm on mobile, so you got to me faster than I could /nick
mircea_popescu: asciilifeform one of the things the web has done is trained clickers.
mircea_popescu: lol that hanno boeck assclown got called out. curious what happens nao.
a111: Logged on 2016-05-02 13:17 mircea_popescu: asciilifeform re guy on reddit : he seems to be having the exact same key ?
deedbot: sbp_ voiced for 30 minutes.
a111: Logged on 2016-05-02 13:28 mircea_popescu: almost all of these seem to be in some way connected to either winblows or crapple.
mircea_popescu: asciilifeform yeah i meant the other ones. the "naively broken" ones,
mircea_popescu: which seem mostly to be a case of "take p, q random numbers, skip on testing for primality."
mircea_popescu: if you think about it : for any random number, the odds of being divisible by 3 are 1 in 3. and by 7, 1 in 7. and the sum of this converges etc.
Apocalyptic: 17:19 <+mircea_popescu> which seem mostly to be a case of "take p, q random numbers, skip on testing for primality." // having a fully factored modulus would help to confirm this
mircea_popescu: Apocalyptic i recall you were running miller-raqbin last year ?
mircea_popescu: if you care to hack a py script, i think it could be bolted onto phuctor.
Apocalyptic: asciilifeform: presence of small primes would happen either way, however if your modulus N has k bits and the biggest prime factor has k/2 bits, you could easily conclude that it wasn't generated the way mircea proposes
Apocalyptic: mircea_popescu: I factored a 32-bit mirrored one yeah, currently i'm trying to factor a non-mirrored small one
mircea_popescu: Apocalyptic you got a blog or anything ? where you gonna post ?
Apocalyptic: i'm gonna post in-channel I guess, same as earlier
mircea_popescu: asciilifeform more like, you know, run m-r on the cracked moduli
BingoBoingo: asciilifeform: sorry no japanese toilets for you, just Hoaxtoshi. Drove to get cigarettes, Nooyz made it to radio.
mircea_popescu: schmucks. "oh i work for big deal pr firm" "suck my cock".
mircea_popescu: asciilifeform i think a little bit of the whole spam strategy is at work. they WANT the smart folks to lose interest early.
BingoBoingo: <mircea_popescu> wtf, radio ? seriously ? << Yes in the generic CBS radio feed KMOX runs on the hour
davout: for some reason this hoaxtoshi stuff seems very interesting to journos
mircea_popescu: in other non-news, omfg all the famished camhos posing as online dommes. they are the masters of your wallet dontchakno.
mircea_popescu: davout finally something about bitcoin with no maffs in it. they've been waiting patiently a long long time.
BingoBoingo: <davout> for some reason this hoaxtoshi stuff seems very interesting to journos << Heartbleed and the bash vulnerability made radio
davout: BingoBoingo: your radio seems cooler than mine!
BingoBoingo: davout: If the weather's just right you can prolly pick up KMOX's 10,000 watts... maybe
davout: moon bounce is a thing apparently
mircea_popescu: how much bw did it burn this month ? got a stat anywhere ?
mircea_popescu: btw, ever had a chance to turn off whatever dev environment ? ppls were pointing out.
mircea_popescu: honestly, nonpaged is better. guy gets whole thing in one go, prolly results in less overall bw as less futzing and wastage.
deedbot: tophunctor____ voiced for 30 minutes.
mircea_popescu: "pgp was broken ayear ago i recall defcon talk"... it's kinda shocking in the despairing sense of the term, exactly what sort of monster a specialised society creates.
mircea_popescu: "i know how to make widgets. i also think the loch ness monster found the cvadrature of the ellipsis."
gribble: Error: "up" is not a valid command.
deedbot: xorrbit voiced for 30 minutes.
Apocalyptic: asciilifeform: re earlier thread I was considering either random p and q then multiplied, or whole modulus is random. Obviously the latter could not occur since the software couldn't compute phi(N), hence doing anything usefull with it.
Apocalyptic: so yeah no k/2-bit prime to be expected in modulus
Apocalyptic: There might be, the resulting thing is a degree of magnitude less usable though
mircea_popescu: Apocalyptic i just interpreted your argument to mean k/4
mircea_popescu: asciilifeform ftr, there are VERY MANY people refusing to top secret for very many good reasons.
mircea_popescu: one is that they pay fails to compensate the risks (trivially verified : find insurer who will indemnify you for any and all responsabilities in exchange of fraction of extra salary)
Apocalyptic: mircea_popescu: why k/4 ? my argument was if the whole modulus is random, then we can expect a k/2-bit prime factor, if modulus is random p times random q, then we can't unless p or q is actually prime (assuming p and q same size), which is quite unlikely if truly random
mircea_popescu: as with all failing empires in history a) the better commentary happens among people who do not have the empire's language as native language ; b) the hassle of obtaining official seal of whatever exceeds the benefits.
mircea_popescu: Apocalyptic p and q randomly generated can still produce a prime factor somewhere in there, perhaps as large as 1/4 of the length of the key.
mircea_popescu: ie even with p, q obtained straight from /urandom, you can still see a 1024 bit prime or somesuch
mircea_popescu: i don't recall right off how you calc the probability, but it is indeed tiny.
Apocalyptic: yeah but why the 4 specifically ? for all you know you can have a k/3 prime as well
mircea_popescu: hey, whadda ya want from me, when trying to rescue statements that are trivially broken i use heuristics!
Apocalyptic: the important thing is k/2 prime enables to distinguish between the 2, a k/4 prime doesn't, as it would occur in both cases
deedbot: cyco voiced for 30 minutes.
cyco: one of my old keys got phuctored
deedbot: cyco1 voiced for 30 minutes.
cyco1: it'll take some time to find the key in my backups
cyco1: i'll come back when i've found it
mircea_popescu: consider also registering your current key with deedbot
mircea_popescu: i'll rate you and you'll beable to self voice in the future
deedbot: steffen voiced for 30 minutes.
gribble: Current Blocks: 409899 | Current Difficulty: 1.7865925777252728E11 | Next Difficulty At Block: 411263 | Next Difficulty In: 1364 blocks | Next Difficulty In About: 1 week, 2 days, 8 hours, 13 minutes, and 9 seconds | Next Difficulty Estimate: None | Estimated Percent Change: None
gribble: Bitstamp BTCUSD last: 441.0, vol: 5354.45823665 | BTC-E BTCUSD last: 443.2, vol: 4879.32364 | Bitfinex BTCUSD last: 441.37, vol: 26801.5056244 | BTCChina BTCUSD last: 443.169345, vol: 20804.50170000 | Kraken BTCUSD last: 443.915, vol: 1075.02228224 | Bitcoin-Central BTCUSD last: 446.4716, vol: 69.1292423 | Volume-weighted last average: 442.174813814
deedbot: hdbuck voiced for 30 minutes.
BingoBoingo: In other news the US Navy is now allowing neck tattoos
steffen: interesting stuff, added my public key to check it out ;)
phf: so i did a simple exercise, since there were some claims that "none of the keys import", of grabbing phuctored data. the 223 moduli represent 156 keys, importing which results in 133 "no valid user IDs" and 23 successful imports listed here
http://paste.lisp.org/display/315214 jurov: then i noticed you use yet longer fingerprints
jurov: so even the 40char one is short?
phf: need a top-secret job where can discuss things in a public log, tmsr style
phf: i've interviewed for reverser jobs in 2004 or so when i was still doing "infosec", and my interviews all ended same way because i'm not a citizen
phf: "в день индийский слон съедает 100 кг сена, 50 кг моркови, 30 кг капусты, 40 кг хлеба и т.д" - неужели правда, что этот слон столько съедает? - съесть он может и съел бы, да кто ему даст...
mircea_popescu: anyway, yet another thing bitcoin corrupts irretrievably. "wtf this secret job has no public log ? a fie upon you!"
jurov: wtf you're on? i never tried to approach phuctor with sort fingerprint
jurov: i always used 40-char one, just wrong url
jurov: *with short fingerprint
jurov: and noticed /gpgkey/ uses much longer hexporn and was confused
jurov: that one is sha512 or something?
deedbot: gabriel_laddel voiced for 30 minutes.
mircea_popescu: jurov the reason for teh hexporn is that there have been diddled keys!
deedbot: anotheryou voiced for 30 minutes.
jurov: and i'm asking, what does /gpgkey/0xhexporn stand for?
mircea_popescu: ie how he derives it from the keys ? nfi. i always assumed it's arbitrary index from db
deedbot: plp voiced for 30 minutes.
deedbot: distemper voiced for 30 minutes.
jurov: it's amazing that fingerprint is not even suitable for that use.
deedbot: fromphuctor__ voiced for 30 minutes.
anotheryou: sorry, just ment to lurk :) don't mind me. Maybe most don't need the up.
anotheryou: trying to make sense and reading a bit before asciing stupid questions :)
anotheryou: So many german pirate-party members on the list. How where the tested keys selected? I assume you had to start somewhere...
mircea_popescu: (the keys are not processed one at a time. this used to be the case, but not anymore. now, all done simultaneously)
anotheryou: So my uninformed conclusion would be that something went especially wrong in germany or the pirates cryptoparties got a lot of people using pgp in the first place.
anotheryou: third party means it was sort of an impersonation?
mircea_popescu: it'd be fun if we could diagnose, eg, fukushima by quality of keys from place and time.
mircea_popescu: but no, it's entirely out of the question any sort of natural event is at work here. usg.nsa been diddling not merely angela merkel's phone,
mircea_popescu: but all communications of all germans at all levels possible.
deedbot: steffen voiced for 30 minutes.
steffen: being a german myself, yes, and that's where I thought pgp added a nice sense of privacy to interested parties no matter the government
steffen: now my next question would be which software was used to generate the flawed keys and if those were software packages with malicious intent
mircea_popescu: steffen you gotta make sure your pgp is actual protocol-strength rsa not merely promise-strength rsa tho.
mircea_popescu: many rsa implementations, especially for the closed source walled gardens, are miserable indeed.
steffen: I lack the skill to verify my software package
steffen: i can only be so paranoid.
mircea_popescu: steffen we've been trying to get people with exposed keys to post the software they used.
mircea_popescu: steffen the golden standard re such verifications in tmsr is V.
steffen: at least so far I can see that my key is not malformed. I'll certainly check that result page periodically in the future.
steffen: a lot of germans that I know use gpg4win
steffen: which incidentally is also a software package vetted by the BSI (german ministry for informational security or something like that)
mircea_popescu: yeah ; a lot of eulora players also. seems to be the most accessible for "people in general"
deedbot: fromphuctor__ voiced for 30 minutes.
fromphuctor__: you could collect many millions keys from SSH server using the ssh-keyscan utility included in OpenSSH
mircea_popescu: iiuc jurov already has a more or less complete package of github keys, working to turn them into proper format.
mircea_popescu: the rub there is, currently, the conversion not the acquisition
mircea_popescu: asciilifeform awww, herpy bock got humiliated in public ?
mircea_popescu: fromphuctor__ yes but phuctor currently eats rfc 4880 format, owing to its history as a pgp key checker.
mircea_popescu: if you have a conversion script anywhere plox feel free to publish.
mircea_popescu: asciilifeform but he has a point ; once we get conversion going running a ssh-keyscan werker is good idea.
☟︎ jurov: ssh-keyscan and the github trove are completely independent things (former scans for server keys, latter are users' keys)
deedbot: fromphuctor___ voiced for 30 minutes.
fromphuctor___: thanks... would the phuctor checker work with non PGP keys, if i correctly converted an RSA key to the required format?
mircea_popescu: helps build your identity, and you'll be able to self-voice.
fromphuctor___: i need to figure out how to convert plain key to that base64/der stuff
fromphuctor___: will the submit page tell me my key is malformed if i made a mistake?
mircea_popescu: you're asking me who you talked to ? what am i, the omniphone ?
mircea_popescu: asciilifeform it won't last, server's pretty well supplied.
deedbot: andrej235 voiced for 30 minutes.
mircea_popescu: PGencode.js particularily interesting i thought as it really takes base64 pubkey and puts it through rsa.js
mircea_popescu: so isn't this pretty much 99% of bignum->rsa in pgp format ?
mircea_popescu: i put it on my pgp page on trilema,. forgot all abpout it, now stumbled on it all over again
mircea_popescu: but yes, pretty nifty as you can use it to send a [sorta] encrypted message entirely via web
deedbot: plp voiced for 30 minutes.
mircea_popescu: of course he appeared ? we got all sorts of workable ideas for phuctor!
deedbot: Valfor voiced for 30 minutes.
deedbot: fromphuctor__ voiced for 30 minutes.
phf: since today is a looking at stats day, btcbase is at modest 3500 hits right now, which has been the average since about april 6th, but note that the day is not over and system has been down for almost 8 hours. the number of hits brought by referer has spiked though to ~~500, and looking at graph roughly correlates to trilema posts. not surprisingly the top referer is trilema at ~~1000, followed by qntra at ~~600 and phuctor at ~~80.
phf: (the last three values are totals)
phf: the-phuctoring is second top ref from trilema, losing out by a large margin to top ref ill-pay-for-your-tits
deedbot: fromphuctor__ voiced for 30 minutes.
deedbot: bolts voiced for 30 minutes.