log
asciilifeform: wait till we do 10mil...
mircea_popescu: this doesn't recurse does it ?
asciilifeform: whatddayamean
mircea_popescu: prime could appear multiple times./
mircea_popescu: $up crayon
deedbot: crayon voiced for 30 minutes.
asciilifeform: doesn't explicitly recurse, no
asciilifeform: but if it appears multiple times, it will show up 1nce.
asciilifeform: and determining remaining timez, exercise for reader.
mircea_popescu: and now it doesn't ping for me.
asciilifeform: it pings, and i have shell open there
asciilifeform: but no www.
asciilifeform: interestingly.
asciilifeform: there it goes.
mircea_popescu: ah now it came
mircea_popescu: aha.
mircea_popescu: Known Shared Factors: 284648957608675 1118385754444484075 << yeah i guess once a modulus starts showing these, readily reduced by intertested reader.
asciilifeform: the wholeFUCKINGreason we are seeing folx with random ints as rsa mods
asciilifeform: is that it is not so difficult to factor these.
asciilifeform: hence somebody 'helped' so kindly, a number of folks, to generate'em.
asciilifeform: https://archive.is/pLVrl << snapshot of current state, ftr.
asciilifeform: ^ use by anybody who sees blackhole etc
asciilifeform: handy to compare with http://btcbase.org/log/2016-05-01#1460471☝︎
a111: Logged on 2016-05-01 23:37 asciilifeform: https://archive.is/EJM9s << ftr. moment just before the shot. 210 phucked mods.
asciilifeform: the next exercise prolly ought to be:
asciilifeform: to search for the idiocy where a diddled or simpleminded pgptron wants to generate an n-bit key, and so it craps out a n/2-bit prime and then gets next prime after it and multiplies.
mircea_popescu: overengineered.
asciilifeform: nah
asciilifeform: this exists.
asciilifeform: known, in the wild.
mircea_popescu: o.O
asciilifeform: factorable in ~constant time.
mircea_popescu: still, low priority-sh
asciilifeform: i think this is where we got that ti key.
asciilifeform: and remember folx, this Definitely Never Happened!111 (TM) (R)
asciilifeform: any of it.
mircea_popescu: dun dun dun.
asciilifeform: witness the silence from the 'kompyoooter insekoooority' komyooniti.
asciilifeform: 'nobody uses pgp.'
asciilifeform: 'and if they did, nobody broke a key'
asciilifeform: 'and if someone broke, it didn't really happen'
asciilifeform: 'and this here german chick did it in 2010'
mircea_popescu: eh fuck em. what community.
mircea_popescu: there's millions of them buzzing and the miracle of the first secure computer has yet to be seen.
asciilifeform: self-licking icecream cone.
asciilifeform: this 'community.'
asciilifeform: https://www.reddit.com/r/programming/comments/4hcvvi/200_pgp_keys_and_counting_publicly_broken << fwiw.
asciilifeform: betcha it'll vanish within the hour.
asciilifeform: mircea_popescu: lulzy, a good bit of traffic, but rating permanently welded at '1'
asciilifeform: or hm, i have nfi.
asciilifeform: kinda lulzy, it was on frontpage for a few min, looks like, then manually (!) lowered into latrine
asciilifeform: (700+)
asciilifeform: $up Birdman
deedbot: Birdman voiced for 30 minutes.
Birdman: Hello, im just here to read
asciilifeform: where'd ya come from, Birdman ?
Birdman: Fellow eulorian, was around b-a sometimes too
asciilifeform: ah. have fun
mircea_popescu: alf is cute when excited :)
asciilifeform: lel
asciilifeform: mostly a snoar so far.
asciilifeform: "GET /humans.txt HTTP/1.1" << l0l
deedbot: [Qntra] No Such lAbs Phuctoring Harder Than Ever - http://qntra.net/2016/05/no-such-labs-phuctoring-harder-than-ever/
BingoBoingo: ;;ticker --market all
gribble: Bitstamp BTCUSD last: 451.39, vol: 1220.84749747 | BTC-E BTCUSD last: 448.293, vol: 2216.06661 | Bitfinex BTCUSD last: 451.47, vol: 4174.91672794 | CampBX BTCUSD last: 454.97, vol: 0.15 | BTCChina BTCUSD last: 454.253625, vol: 16098.60880000 | Kraken BTCUSD last: 451.95, vol: 308.9699291 | Bitcoin-Central BTCUSD last: 451.4452, vol: 7.0300301 | Volume-weighted last average: (1 more message)
BingoBoingo: ;;more
gribble: 453.044215707
asciilifeform: http://chat.stackoverflow.com/rooms/10/loungec << lel, phuctor
mircea_popescu: check that out, stackoverflow got this datamining of users down to a fine art huh.
mircea_popescu: http://chat.stackoverflow.com/rooms/info/10/loungec etc
mircea_popescu: it's not even irc, what is it, some sort of java thing ?
asciilifeform: nfi
asciilifeform: some lamerism.
asciilifeform: getting reddit folk at 2-3/sec.
asciilifeform: fatlottagood they do.
asciilifeform: a few submitted keyz, so not wholly waste of bw.
mircea_popescu: at this rate you'll end up a traffic analytics expert :D
asciilifeform: lelxpert
mircea_popescu: hey, one of the best natural cocksuckers i ever encountered was a that-expert.
mircea_popescu: i think her mommy had her with a constrictor snake and she had a square bone in her neck.
asciilifeform: seo?!
mircea_popescu: nononono, traffic ANALYTICS!!1
mircea_popescu: very different expertise.
asciilifeform: l0l!
BingoBoingo: Opposite expertises
ben_vulpes: square?
BingoBoingo: DiaperCube(TM)(R)
BingoBoingo: ;;bc,stats
gribble: Current Blocks: 409824 | Current Difficulty: 1.7865925777252728E11 | Next Difficulty At Block: 411263 | Next Difficulty In: 1439 blocks | Next Difficulty In About: 1 week, 2 days, 2 hours, 34 minutes, and 56 seconds | Next Difficulty Estimate: None | Estimated Percent Change: None
BingoBoingo: $phuctor.stats
mircea_popescu: lel
mircea_popescu: $up fromphuctor
mircea_popescu: $up fromphuctor_
mircea_popescu: and alf was complaining...
deedbot: fromphuctor voiced for 30 minutes.
deedbot: fromphuctor_ voiced for 30 minutes.
mircea_popescu: trinque btw, why is deedbot so slo ?
mircea_popescu: $up ez_
deedbot: ez_ voiced for 30 minutes.
mircea_popescu: this is kinda lulzy.
mircea_popescu: $up fromphuctor
deedbot: fromphuctor voiced for 30 minutes.
mircea_popescu: asciilifeform http://dpaste.com/1DN0TTM ftr.
asciilifeform: mircea_popescu: lel
asciilifeform: www still up tho.
mircea_popescu: aha. prolly a setting in python neh ?
asciilifeform: what's interesting is that this barf is ~disabled~
asciilifeform: turns out setting - ignored.
mircea_popescu: modern software.
asciilifeform: burnitall(tm)(r)
mircea_popescu: $up fromphuctor_
deedbot: fromphuctor_ voiced for 30 minutes.
asciilifeform: turns out it's on hnews now.
asciilifeform: hence the mega-torrent-of-flies
mircea_popescu: i guess they showed us, huh.
asciilifeform: 5-10/sec.
asciilifeform: $up gabriel_laddel
mircea_popescu: anyway. can you get it back to normalcy ?
deedbot: gabriel_laddel voiced for 30 minutes.
asciilifeform: mircea_popescu: it is up!
mircea_popescu: a cool
asciilifeform: grunting at a MB/s or so, yes
mircea_popescu: server should be ok up to 100/s sort of levels.
asciilifeform: recall it is also trb.
mircea_popescu: at least in teh-ory.
mircea_popescu: yeah but trb really doesn't load worth the mention. especially if caught up.
asciilifeform: or if helping other folk up
mircea_popescu: lel
mircea_popescu: don't you wonder why is this so scary btw ?
mircea_popescu: $up fromphuctor
deedbot: fromphuctor voiced for 30 minutes.
asciilifeform: mircea_popescu: waiwut
asciilifeform: which
mircea_popescu: irc!
asciilifeform: ah yeah
asciilifeform: first few thou didn't even bother clicking
mircea_popescu: almost like it has terrorism scent all over it.
asciilifeform: apparently!
BingoBoingo: lol https://archive.is/NlKL3
mircea_popescu: $up fromphuctor_
deedbot: fromphuctor_ voiced for 30 minutes.
asciilifeform: BingoBoingo: ahahahaha cosmicrayz again
BingoBoingo: what else?
mircea_popescu: teh schedule proceeds unabated!
mircea_popescu: i suppose within a few hours it makes the front page (again) and then it gets replaced with an "official science" replacement...
asciilifeform: with 'why japanese toilets did not catch on in america!'
mircea_popescu: $up fromphuctor
deedbot: fromphuctor voiced for 30 minutes.
asciilifeform: i will be disappointed if the new replacement for the phuctor story is not jp-toilet related.
gabriel_laddel: lol. nice job with phuctor btw ascii. exciting times.
mircea_popescu: asciilifeform incidentally, according to amazon, trilema is biggest in japan.
asciilifeform: mircea_popescu: mega-unsurprise, iirc their entire economy consists of old men browsing pr0n
fromphuctor: What does it mean whe the public exponent is not prime?
mircea_popescu: what's pron got to do got to do got to do with it...
asciilifeform: fromphuctor: http://trilema.com/2016/the-recent-phuctor-finds-explained << elaborated here
mircea_popescu: fromphuctor do you know how rsa works ?
fromphuctor: It's a public key encryption scheme, right?
mircea_popescu: there's a difference between "what it is" and "how it works".
fromphuctor: I'm reading the linked post now.
mircea_popescu: gabriel_laddel how's life treatin ya anyway.
asciilifeform: $up fromphuctor_
deedbot: fromphuctor_ voiced for 30 minutes.
gabriel_laddel: mircea_popescu: sometimes not really having a job is a bit of a chore.
mircea_popescu: and sometimes having one is.
fromphuctor: How are these prime numbers chosen? I understand it is very hard to find prime numbers.
mircea_popescu: lol they'll run out of dashes.
mircea_popescu: $up fromphuctor__
deedbot: fromphuctor__ voiced for 30 minutes.
asciilifeform: $up fromphuctor__
deedbot: fromphuctor__ voiced for 30 minutes.
gabriel_laddel: Anyways, I'm a bit busy atm, have not been able to get the full masamune replication working, which is irritating. but I do have customers waiting on me, which is exciting.
mircea_popescu: fromphuctor it's not that hard to find prime numbers. in general, rsa keys should be seeded from a good entropy source.
mircea_popescu: (note that e is almost everywhere 65537, which is both prime and cheap.)
mircea_popescu: in fact... 65537 makes SUCH a good e, not using it is triple-eyebrow raising.
fromphuctor: Okay. So the size of the prime number does not matter that much for the security of the cipher as the entrophy source.
fromphuctor: Wouldn't a bigger prime exponent be more difficult for an adversary to crack?
mircea_popescu: the size of e is not particularly relevant ; it not being 65537 is very suspicious. it being non-prime is even more suspicious.
mircea_popescu: nope.
fromphuctor: Okay. So apparently a lot of people messed up their cryptography, and had non-prime exponents (or very small primes) for some weird reason.
asciilifeform: $up fromphuctor_
deedbot: fromphuctor_ voiced for 30 minutes.
mircea_popescu: fromphuctor that is last week's news. this week's news is that ACTUAL KEYS were cracked.
asciilifeform: the texas instruments key, for instance.
fromphuctor: Oh. That's really bad, isn't it?
asciilifeform: fromphuctor: for them.
mircea_popescu: for whoever relied on that key, it is.
mircea_popescu: $up GyrosGeier
deedbot: GyrosGeier voiced for 30 minutes.
GyrosGeier: hi
mircea_popescu: hola.
GyrosGeier: I'm trying to submit my key, but keep getting an error
fromphuctor: Why were these keys so easy to crack? Were they due to faulty implementations of the cryptosystem?
asciilifeform: GyrosGeier: what kind of error ?
GyrosGeier: is there any restriction on what keys are accepted?
asciilifeform: GyrosGeier: RSA only
mircea_popescu: fromphuctor most likely subverted pgp implementation.
GyrosGeier: Error: Was that really a GPG public key? Try again.
asciilifeform: GyrosGeier: you probably have a DSA or ECDSA key.
mircea_popescu: GyrosGeier dpaste what you're trying to stick in, maybe.
GyrosGeier: RSA 4096, with three RSA 2048 subkeys
asciilifeform: GyrosGeier: pastebin the key plz
fromphuctor: So my SSH keys are probably not compromised, assuming my cryptography software wasn't broken by the government.
GyrosGeier: http://paste.debian.net/653652/
fromphuctor: Would that be a good assumption to make?
mircea_popescu: fromphuctor you can export them and check yourself. then no need to assume anything.
GyrosGeier: that is --export-options export-minimal --export --armor
fromphuctor: How do I do that?
asciilifeform: GyrosGeier: you have utf8 rubbish in that key
asciilifeform: GyrosGeier: the box is not set up to handle this yet. sadly.
mircea_popescu: i thought that was fixed last time ?!
asciilifeform: mircea_popescu: nope, pythonism
mircea_popescu: oh.
asciilifeform: aha.
GyrosGeier: ah, so I need to strip out those UIDs
mircea_popescu: GyrosGeier you'll have to try again later, once this is caught up with.
fromphuctor: My SSH keys came when I used the ssh-keygen command. How do I export them?
mircea_popescu: or wipe the uids if you know how / can.
asciilifeform: GyrosGeier: it will be handled in near future.
asciilifeform: these are being piled up.
GyrosGeier: do you actually need an UID in there?
mircea_popescu: nope.
asciilifeform: GyrosGeier: nope. optional.
GyrosGeier: that makes filtering the packet stream easier
asciilifeform: fromphuctor: it is nontrivial to convert ssh key to pgp key format.
mircea_popescu: i guess we'll have to write a tool for this eventually, willy-nilly.
mircea_popescu: people will just keep asking.
asciilifeform: yeah.
asciilifeform: apparently!
fromphuctor: Apologies. I'm not that good at cryptography.
fromphuctor: Thank you very much for your efforts and help. I sincerely appreciate it.
mircea_popescu: fromphuctor either you go read up on http://btcbase.org/log/2016-04-27#1458766 and do the conversion / publish the tool, or else wait for someone to do it.☝︎
fromphuctor: Thank you. Have a good day.
asciilifeform: $up fromphuctor
deedbot: fromphuctor voiced for 30 minutes.
mircea_popescu: lol check out submarine beds.
asciilifeform: quite.
GyrosGeier: hm
GyrosGeier: seems to have worked
asciilifeform: GyrosGeier: congrats
asciilifeform: $up fromphuctor_
deedbot: fromphuctor_ voiced for 30 minutes.
GyrosGeier: we'll see if anything falls over with no uids and signatures :)
asciilifeform: ;;later tell phf logz are down ?
gribble: The operation succeeded.
mircea_popescu: http://phuctor.nosuchlabs.com/gpgfp/4D4F615E7EC1DDE8E664C3B10877BE0E1CDC1142 << replace with your own fp.
mircea_popescu: asciilifeform server is actually doing pretty good, considering.
GyrosGeier: whoa
GyrosGeier: lots of famous names in there
asciilifeform: mircea_popescu: i massaged the hell out of it
mircea_popescu: nice job.
asciilifeform: GyrosGeier: the caveat is that anyone can create a key with whatever name string in it.
GyrosGeier: good point
asciilifeform: e.g., osama@whitehouse.ru
mircea_popescu: yeah, fingerprints more important than names per se. though there's some orgs that got clearly raped.
GyrosGeier checks signatures
asciilifeform: GyrosGeier: some of the keys (marked 'mirrored' under 'notes') were part of an organized flimflam campaign by an unknown (likely nsa) party exploiting the fact that old versions of pgp used the bottom 32 bits of a modulus as the fingerprint.
asciilifeform: they took legit keys and turned the moduli into repeating lengths of the bottom 32bit of the old mod.
asciilifeform: and uploaded to sks net.
asciilifeform: $up fromphuctor
deedbot: fromphuctor voiced for 30 minutes.
GyrosGeier: indeed, but these shouldn't have signatures from me
asciilifeform: GyrosGeier: those will have signatures but gpg will correctly reject them as invalid.
asciilifeform: (if you find one where it does ~not~, please say!)
asciilifeform bbl.
GyrosGeier: is there some effort to notify people?
GyrosGeier: I've found one from the same org as myself, with a key they use, which is signed by me, so that is clearly theirs
GyrosGeier: nm, found it
GyrosGeier will check back later, good night
gabriel_laddel: $up r00s
deedbot: gabriel_laddel may not $up r00s
gabriel_laddel: Oh, and X.com was elon musk, not thiel. http://btcbase.org/log/2016-04-29#1459342☝︎
gabriel_laddel: They merged with paypal eventually though, so yes, close.
punkman: $up fromphuctor
deedbot: punkman may not $up fromphuctor
mircea_popescu: gabriel_laddel right you are.
mircea_popescu: $up r00s
deedbot: r00s voiced for 30 minutes.
gabriel_laddel: Is anyone here deep into neural nets / ml?
mircea_popescu: GyrosGeier> is there some effort to notify people? << not really, feel free to notify whoever.
gabriel_laddel: And if so, are you familiar with the optimization techniques "optimal braindamage" or "optimal brain surgery"?
punkman: I sent a coupla mails after previous phuctoring, nobody wrote back
gabriel_laddel: (circa 1995 ish)
mircea_popescu: punkman same, iirc.
mircea_popescu: asciilifeform https://www.reddit.com/r/programming/comments/4hcvvi/200_pgp_keys_and_counting_publicly_broken/ << a look, you're famous nao.
gabriel_laddel: http://blakemasters.com/peter-thiels-cs183-startup
gabriel_laddel: ^ "Notes Essays-Peter Thiel’s CS183: Startup-Stanford, Spring 2012"
gabriel_laddel: Eventually these were compiled into the book Zero to One.
gabriel_laddel: I enjoyed them ~2-3 years ago
punkman: http://www.bbc.com/news/technology-36168863
punkman: At the meeting with the BBC, Mr Wright digitally signed messages using cryptographic keys created during the early days of Bitcoin's development. The keys are inextricably linked to blocks of bitcoins known to have been created or "mined" by Satoshi Nakamoto.
punkman: http://www.drcraigwright.net/jean-paul-sartre-signing-significance/
punkman: Be assured, just as you have worked, I have not been idle during these many years. Since those early days, after distancing myself from the public persona that was Satoshi, I have poured every measure of myself into research. I have been silent, but I have not been absent. I have been engaged with an exceptional group and look forward to sharing our remarkable work when they are ready.
punkman: Satoshi is dead.
punkman: altcoin incoming!!1
punkman: "Mr Wright does not want to make public the proof for block 1, arguing that block 9 contains the only bitcoin address that is clearly linked to Mr Nakamoto (because he sent money to Hal Finney). Repeating the procedure for other blocks, he says, would not add more certainty. He also says he can’t send any bitcoin because they are now owned by a trust. "
adlai: danielpbarron: thx
adlai: jurov: correct, as always
adlai: mod6: your hairshirt orgmode reimplementation
adlai reminds everybody that the real reason he /does/n't keep secrets is because there were none, to begin with.
adlai: either 60 "random" words have nothing to do with my life, or my basal ganglia are still swimming in lsd.
mircea_popescu: $up roxfan
deedbot: roxfan voiced for 30 minutes.
mircea_popescu: $up JusticeRage
deedbot: JusticeRage voiced for 30 minutes.
roxfan: thx
mircea_popescu: aha.
mircea_popescu: what's a rox
roxfan: i want to submit a key to phuctor but i have only raw N and E, not GPG format
roxfan: any idea how to make one?
mircea_popescu: so make it gpg format.
roxfan: yes, how?
mircea_popescu: it's rfc4880
mircea_popescu: https://tools.ietf.org/html/rfc4880
mircea_popescu: once you write the thing, post it somewhere also.
roxfan: i was hoping there's an easier way...
mircea_popescu: $up dfgg
deedbot: dfgg voiced for 30 minutes.
mircea_popescu: $up fromphuctor
deedbot: fromphuctor voiced for 30 minutes.
mircea_popescu: $up fromphuctor_
deedbot: fromphuctor_ voiced for 30 minutes.
mircea_popescu: $up hexa-
deedbot: hexa- voiced for 30 minutes.
mircea_popescu: $up pabs3
deedbot: pabs3 voiced for 30 minutes.
mircea_popescu: $up piratsimon
deedbot: piratsimon voiced for 30 minutes.
mircea_popescu: $up spoonzy_
deedbot: spoonzy_ voiced for 30 minutes.
mircea_popescu: $up sbp
deedbot: sbp voiced for 30 minutes.
mircea_popescu: $up tribut
deedbot: tribut voiced for 30 minutes.
mircea_popescu: lettuce have a partay!
mircea_popescu: phf did logbot die ?
mircea_popescu: punkman> At the meeting with the BBC, Mr Wright digitally signed messages using cryptographic keys created during << i dun recall the derpy "sign with key" thing was ever regarded by tmsr.
mircea_popescu: leaving aside this whole "at a meeting with hitler's propaganda minister, we saw it, swear!" angle.
mircea_popescu: roxfan not that i know so far.
roxfan: could the site be modified to accept raw numbers?
mircea_popescu: sure. write the modification and submit it.
piratsimon: Hi folks.
JusticeRage: Thanks for giving me voice. Did you get my MP about the debug mode?
piratsimon: tyvm for the v
piratsimon: just came along because phuctor said so. ;)
piratsimon: and now? ^^
pabs3: are you planning on revoking the keys you have factored?
mircea_popescu: gola piratsimon
mircea_popescu: pabs3 notrealy.
mircea_popescu: $up fromphuctor___
mircea_popescu: JusticeRage did i get myself ?! hm ?
mircea_popescu: piratsimon would you be so kind as to post the software you used to make that key ?
piratsimon: that was really loooooooooong time ago.
mircea_popescu: maybe we actually manage to figure out who did what to whom here, it's suspicious as all hell.
piratsimon: guess i have to investigate that.
mircea_popescu: can there be a numeric value for this "loooooooooong time ago." ?
piratsimon: well at least i have to investigate the version. it was gpg for windows.
JusticeRage: mircea_popescu : didn't understand your answer
mircea_popescu: JusticeRage i didn't understand your question. people call me mp at times.
punkman: https://twitter.com/petertoddbtc/status/727078284345917441 heh
JusticeRage: I just came to mention that the Phuctor Flask app is running in debug mode
mircea_popescu: oh, still ?!
JusticeRage: That's a security issue and you should probably disable that :)
JusticeRage: At least it was the case a few hours ago
JusticeRage: I stumbled upon a stacktrace by accident
piratsimon: mircea, have u successfull attacked a private key you dont own and did you successfull decrypt some strong encrypted file wighout possess of the private key?
mircea_popescu: JusticeRage asciilifeform was bitching about it ignoring his settings earlier. he'll get on it once back.
mircea_popescu: $up fromphuctor__
deedbot: fromphuctor__ voiced for 30 minutes.
mircea_popescu: piratsimon no ; but given what we know about these keys it's a trivial exercise.
mircea_popescu: JusticeRage thanks for reporting.
JusticeRage: No problem!
piratsimon: thats quite interesting. interested in testing it? im gonna encrypt something and you try to decrypt not knowing the phrase nor possessing the private key? ;)
piratsimon: you dont have to but im just curious. ;)
punkman: piratsimon: post it on pastebin, maybe someone will give it a try
mircea_popescu: punkman it was unavoidable. dead men walking.
mircea_popescu: piratsimon sure, by all means post something.
piratsimon: deal. ;) gimme some minutes. ;)
mircea_popescu: asciilifeform you'll have to add verbiage explaining to the goodfolk that rsa keys specifically and uniquely are at issue ; somehow it's not obvious dsa/ecc/elgamaletc dun work.
mircea_popescu: lmao this drcraigwright.net thingee.
mircea_popescu: looks like it's done by the same "i fucking love science" ustard crew.
mircea_popescu: "He was Vice President of CSCSS (Centre for Strategic Cyberspace and Security Science) with a focus on collaborating government bodies in securing cyber systems. Wright has trained government and corporate departments in SCADA Security, Cyber Warfare and Cyber Defence."
mircea_popescu: pity not also marine.
mircea_popescu: "He was Vice President of CSCSS (Centre for Strategic Cyberspace and Security Science) with a focus on collaborating government bodies in securing cyber systems. Wright has trained government and corporate departments in SCADA Security, Cyber Warfare and Cyber Defence."
mircea_popescu: lulzy "that key is not available" failscript, also. MUCH SECURITY!
mircea_popescu: hopefully it protected the aussie something or the other just as well!
mircea_popescu: anyway. domain reg'd feb 16th, first post april 26th. teh boyz poured their sweat blood an' tears as the expression goes. too bad it won't work.
mircea_popescu: but, entertaining while it lasts.
mircea_popescu: $up piratsimon
deedbot: piratsimon voiced for 30 minutes.
piratsimon: tyvm
piratsimon: ;)
piratsimon: challenge: http://pastebin.com/t4xqzfyx im really curious how long it does take. you may contact me via mail@simonlange.eu if you mind. ;)
mircea_popescu: is there some sort of reward associated or just sportstmanship challenge ?
piratsimon: just sportsmanship and curiosity. ;)
mircea_popescu: alrighty. in the meanwhile, you understand how rsa works ?
piratsimon: punkman suggested i should give an example via pastebin.
piratsimon: so voilá there it is. :D
piratsimon: yes i do. but i bet you are right now deeper in the topic than me. ;)
mircea_popescu: aite.
piratsimon: im just curious how long it does really take to break it. you know, theory is one thing, doin it another. :D
mircea_popescu: generally, it takes someone to care enough.
shinohai: Is it just me or are logs not synced?
shinohai: and good morning #trilema
mircea_popescu: piratsimon you used a different key. http://phuctor.nosuchlabs.com/gpgkey/FC96CBFBF66B4E8996A0960C8B95EC5D1CD4B1A860719C7AEA00B3E06E41CE1B << these two are weak.
mircea_popescu: you used gpg: public key is E5FF86FA
mircea_popescu: it would appear you don't actually understand how rsa works ?
piratsimon: well, my key is http://pgp.mit.edu/pks/lookup?op=get&search=0xB09FBD06BDD503BE
mircea_popescu: that's not in there either.
mircea_popescu: $up tribut
deedbot: tribut voiced for 30 minutes.
piratsimon: thats why i was curious what key you did factorize? because - yes - it was my name and a really old email address of me. but actually not my key. not even my revoked one.
tribut: piratsimon: did you read https://news.ycombinator.com/item?id=11609909 ?
tribut: mircea_popescu: thanks
piratsimon: no tribut, didnt, did not had that url util now. let me read it fast.
mircea_popescu: piratsimon you could ask that then, neh ? the pile of keys being worked on come from a dump of sks servers.
piratsimon: sry mircea. that was a classic misunderstanding. we both did assume something. ;)
mircea_popescu: for my benefit, list said assumptions explicitly.
piratsimon: ;)
piratsimon: anyhow, wont bother you any longer. ;) have a nice day. we got finally sunshine. bb
piratsimon: and my apologies for that itsybitsy misunderstanding. :D
mircea_popescu: no big deal.
mircea_popescu: you have to realise however that if eve is trying to eavesdrop on alice's communications to you,
mircea_popescu: the most effectual approach is to put a broken key of yours up on sks, and wait for alice to mistake it for yours.
mircea_popescu: particularly effective if you don't even know alice ; and no you wouldn't know you missed anything.
mircea_popescu: the specific sort of broken keys listed there (ie, with mirrored low 32bit modulus) is obviously an' very much designed just for this purpose.
mircea_popescu: $up fromphuctor
deedbot: fromphuctor voiced for 30 minutes.
mircea_popescu: $up egorsmkv
deedbot: egorsmkv voiced for 30 minutes.
egorsmkv: hello, who administrate server?
egorsmkv: http://phuctor.nosuchlabs.com/
mircea_popescu: yes. next question ?
egorsmkv: disable DEBUG mode on server
egorsmkv: traceback https://gist.github.com/2d8091496aa7fbea1ccb4334df2fc115
mircea_popescu: aha thanks. was already reported. asciilifeform will get to it once he's back.
egorsmkv: service very good, thanks for it
mircea_popescu: *thumbsup*
mircea_popescu: $up fromphuctor
deedbot: fromphuctor voiced for 30 minutes.
mircea_popescu: egorsmkv in fairness most merit goes to bernstein, with his work we do in 20 minutes what used to take ~10 years on the first estimation.
mircea_popescu: $up fromphuctor__
deedbot: fromphuctor__ voiced for 30 minutes.
mircea_popescu: $up fromphuctor____
deedbot: fromphuctor____ voiced for 30 minutes.
mircea_popescu: lol.
mircea_popescu: $up fromphuctor__
deedbot: fromphuctor__ voiced for 30 minutes.
mircea_popescu: $up fromphuctor_____
deedbot: fromphuctor_____ voiced for 30 minutes.
mircea_popescu: $up _Blazed
deedbot: _Blazed voiced for 30 minutes.
jurov: https://news.ycombinator.com/item?id=11610101
jurov: "FYI, @gavinandresen's commit access just got removed - Core team members are concerned that he may have been hacked."
jurov: oops the ycombinator url is wrong, the excerpt is from https://twitter.com/petertoddbtc/status/727078284345917441
danielpbarron: apparently the signature on wright's thing was lifted from an old transaction
punkman: danielpbarron: the redditards fail at reading, so thought the "worked example" in blogpost would be the secret signature presented to BBC et al
danielpbarron: $up iceblox
deedbot: iceblox voiced for 30 minutes.
danielpbarron: $up Valfor
deedbot: Valfor voiced for 30 minutes.
Valfor: Cheers :)
Valfor: oh, timed voice - interesting
Valfor: :)
danielpbarron: yes use it well, what brings you here?
Valfor: I saw the list of broken GPG keys on the phuctor website
Valfor: Saw the contact mention this irc chan
Valfor: and so came here, as I was intrigued
iceblox: Hello there, I found my key to be in the sadmods and followed the contact link :)
danielpbarron: oo interesting. how did you make that key?
iceblox: Using gpg --gen-key, but about 13 years ago
danielpbarron: what version, on what operating system?
iceblox: I have no idea what version, operating system was NetBSD 1.6 for sure
iceblox: maybe 1.6.1
danielpbarron: is your key actually broken or is it just a weird exponent?
iceblox: public exponent is not prime
danielpbarron: you mind sharing which key is yours?
asciilifeform: mircea_popescu: fixed barf
iceblox: Oh, sure... BA8A75F1 simon@hitzemann.org
asciilifeform: secret signature presented to BBC et al << l0l!!!!
asciilifeform: s33333333333333333333kr1t pgp sig !
asciilifeform: not for filthy plebes to see !
asciilifeform: trust yer masterz.
asciilifeform: brilliant.
asciilifeform takes off hat.
asciilifeform: iceblox: if you are sure that the key is yours, actually yours, (there is a number of keys on sks maliciously corrupted in a way that they appear to have the legit fingerprint when viewed in certain pgp clients)
asciilifeform: iceblox: then try please to determine the client you used
asciilifeform: best of all, if you can find a copy of the source.
jurov: iceblox: try to export the pubkey from your local copy and add to phuctor
jurov: to check for any corruption
asciilifeform: ;;later tell mircea_popescu https://news.ycombinator.com/item?id=11609226 << lulzy
gribble: The operation succeeded.
iceblox: okay, I submitted my export for being checked... Let me try to find out what gpg version I used back then. At least it should be possible
iceblox: Ok, according to the archives it should have been GnuPG-1.2.3
asciilifeform: thanks iceblox
iceblox: compiled with --enable-tiger and --with-static-rnd=auto
asciilifeform: ;;later tell mircea_popescu https://www.opennet.ru/opennews/art.shtml?num=44356 << moar lulz
gribble: The operation succeeded.
iceblox: Interesting, my newly submitted pubkey has 3 fingerprints less, but the bad public exponents are still part of it
asciilifeform: iceblox: newly-submitted key was generated with what ?
iceblox: --export --armor
asciilifeform: $up fromphuctor_
deedbot: fromphuctor_ voiced for 30 minutes.
asciilifeform: iceblox: yes, but what version of gpg ?
jurov: eh, frompuctor's lingering along and never says anything
iceblox: same, I only exported it from my machine instead of the one that was already on the website
asciilifeform: iceblox: sks has the interesting 'feature' that it refuses to delete obsolete keys
asciilifeform: $up fromphuctor__
deedbot: fromphuctor__ voiced for 30 minutes.
asciilifeform: $up egorsmkv
deedbot: egorsmkv voiced for 30 minutes.
egorsmkv: So, lol http://phuctor.nosuchlabs.com/gpgkey/5490FA3620BD20F3AA05A1F4459275595754CB646DF7BCE8A3A96C6862ADF80E
egorsmkv: https://cryptome.org/2015/11/satoshi-nakamoto-public-key.htm
jurov: it's DSA, not RSA
asciilifeform: welcome back a111 , we missed you so !
mircea_popescu: for srs.
jurov: piratsimon asks me for voice too
jurov: $up piratsimon
deedbot: jurov may not $up piratsimon
shinohai: lame
asciilifeform: $up piratsimon
mircea_popescu: * asciilifeform takes off hat. << note that they were brewing it since two months ago, finally went live days after phuctor ; finally went on social media rampage hours after phuctor.
deedbot: piratsimon voiced for 30 minutes.
mircea_popescu: plenty of freshly minted coincidences at coincidence bank.
asciilifeform: aha.
asciilifeform: the pulled one from 'crypto' category at the coincidence library, aha.
asciilifeform: https://www.reddit.com/r/programming/comments/4hcvvi/200_pgp_keys_and_counting_publicly_broken/d2paizt << l0l, poor fella actually stepped on one of the nsa mines
asciilifeform: (last comment)
mircea_popescu: http://btcbase.org/log/2016-05-02#1461004 << the most useful thing would be an exact, verbatim copy of the software in question.☝︎
a111: Logged on 2016-05-02 12:43 iceblox: Ok, according to the archives it should have been GnuPG-1.2.3
mircea_popescu: asciilifeform ftr the .ru write-up is about 100x better than the anglo versions. wikipedia almost entirely to blame.
mircea_popescu: ;;later tell egorsmkv consider registering your pgp key with deedbot ; i'll rate you and you'll beable to self-voice
gribble: The operation succeeded.
mircea_popescu: ФуНиКолай - очевидно же << ahahahaha
mircea_popescu: bwhhahahaha these are epic. Лаврентий Августович Плюшкин, Герхард фон Пырохсповыдлом
mircea_popescu: asciilifeform re guy on reddit : he seems to be having the exact same key ?
mircea_popescu: apparently there's some sort of apple shenanigans at work here. you reclal, apple, the dedicated-to-privacy company that recently wouldn't do something or the other to some phone or somesuch, i forget.
mircea_popescu: in other news of vague interest, i burned ~13GB on trilema today alone, of which at least half to be attributed to phuctor discussions (mostly not in english). it's been a while since any event actually visibly dented trilema stats. too lazy to check on phuctor, but i imagine it's headed into terrabytes, what with its endless single pages and whatnot.
deedbot: [Recent Phuctorings.] Phuctored: 565455 divides RSA Moduli belonging to 'The Source <source@491362F1.info>; Lucian Solaris <LucianSolaris@gmail.com>; 7C492C5B491362F1 <491362F1@hackinfotech.org>; ' - http://phuctor.nosuchlabs.com/gpgkey/561245D928FF0843F5F346549A73B46C6836E3B2BE309DC7F6CCAFCF7F17795C
mircea_popescu: https://productforums.google.com/forum/#!topic/gmail/crI-mecCLe0 << windows user.
mircea_popescu: almost all of these seem to be in some way connected to either winblows or crapple.
mircea_popescu: $up Twix
deedbot: Twix voiced for 30 minutes.
Twix: hi
Twix: :>
mircea_popescu: ello.
mircea_popescu: http://blog.fefe.de/ << also pretty impressive. "proudly made without shit" line at the end ftw.
jurov: asciilifeform: phuctor rejects this, any idea why? http://dpaste.com/2SKZM9A.txt
jurov: if it requires self-signature, then testing ssh keys is out
mircea_popescu: ah ssh keys aren't self-signed are they
jurov: nope
BingoBoingo: http://btcbase.org/log/2016-05-02#1460826 << Many people tried to find an easier softer way, but they could not. With all the earnestness at their command...☝︎
a111: Logged on 2016-05-02 10:40 roxfan: i was hoping there's an easier way...
mircea_popescu: jurov i see "gpg: armor header: Version: PGPy v0.4.0 gpg: packet(6) too short"
mircea_popescu: BingoBoingo actually it's being built as we speak. jurov 's thing above is mere steps away from general purpose.
jurov: huh i see .. tested only with pgpdump, not actually importing it
BingoBoingo: Right, It's being done the actual way as opposed to the query shithub for an existing script way.
mircea_popescu: actually there is no script. which in itself is glaringly scandalous.
mircea_popescu: jurov possibly needs some padding. pgp keys are a festival of arbitrary and nonsensical fixed widths and whatnot.
jurov: yea the py library i'm trying aptly reflects that
mircea_popescu: $up hax404
deedbot: hax404 voiced for 30 minutes.
mircea_popescu: $up Echoplex
deedbot: Echoplex voiced for 30 minutes.
mircea_popescu: poor a111 getting hammered pretty good and solid.
BingoBoingo: Related https://archive.is/GcpxP
deedbot: [Trilema] Just call me Annah. - http://trilema.com/2016/just-call-me-annah/
mircea_popescu: maybe they should make special fatty hydrogen engine.
mircea_popescu: need oxygen tank anyway amirite.
asciilifeform: http://btcbase.org/log/2016-05-02#1461059 << it does not !☝︎
a111: Logged on 2016-05-02 14:24 jurov: if it requires self-signature, then testing ssh keys is out
asciilifeform: will happily eat anything containing 1 or more rsa modulus.
asciilifeform: in rfc2440/4880 format.
asciilifeform: http://btcbase.org/log/2016-05-02#1461041 << noshit.jpg☝︎
a111: Logged on 2016-05-02 13:11 mircea_popescu: asciilifeform ftr the .ru write-up is about 100x better than the anglo versions. wikipedia almost entirely to blame.
jurov: mkay, will analyze the pubkey
asciilifeform: $up nadav
deedbot: nadav voiced for 30 minutes.
mircea_popescu: $up schlaftier
deedbot: schlaftier voiced for 30 minutes.
phf: so odd, connection is otherwise stable, i have ssh open to it, but bot simply pinging out
mircea_popescu: phf did it lose most od the day's log ?
phf: no
asciilifeform: $up fromphuctor_
deedbot: fromphuctor_ voiced for 30 minutes.
mircea_popescu: http://btcbase.org/log/2016-05-02#1460660 << it turns out, it's yet another leah goodman story. kinda weaksauced.☝︎
a111: Logged on 2016-05-02 04:40 asciilifeform: i will be disappointed if the new replacement for the phuctor story is not jp-toilet related.
asciilifeform: at least i was hoping for leah on a jp toilet
asciilifeform: but we get simple rubbish.
asciilifeform: $up fromphuctor__
deedbot: fromphuctor__ voiced for 30 minutes.
phf: well, it did, but i have a backup always, so unless there's a complete breakdown, logs are retained. i need to add an autoreconnector, but as is usually the case with that sort of things, i'm limited on time
mircea_popescu: phf i looked, everything seems to be there
mircea_popescu: every last valuable line of me going $up fromphuctor and all.
mircea_popescu: $up Shredder121
asciilifeform: lel
deedbot: Shredder121 voiced for 30 minutes.
asciilifeform: srsly why these folk never speak.
Shredder121: Sorry
Shredder121: I'm on mobile, so you got to me faster than I could /nick
mircea_popescu: asciilifeform one of the things the web has done is trained clickers.
mircea_popescu: people click, it's a webpage, what.
asciilifeform: evidently.
mircea_popescu: see what's here, see what's there, live of www.tv
asciilifeform: ugh
mircea_popescu: not even anything wrong with it per se.
asciilifeform: https://www.reddit.com/r/programming/comments/4hcvvi/200_pgp_keys_and_counting_publicly_broken << surprisingly uncensored yet.
asciilifeform: though apparenly reddit has problems staying up
asciilifeform: (reddit per se)
mircea_popescu: lol that hanno boeck assclown got called out. curious what happens nao.
asciilifeform: where
asciilifeform: http://btcbase.org/log/2016-05-02#1461046 << seems like the schmuck sat down on one of the helpfully prepared stakes - wrote 'apple' a bug report, which was duly read at ft meade on account of his using 'apple' key as appears on phuctor☝︎
a111: Logged on 2016-05-02 13:17 mircea_popescu: asciilifeform re guy on reddit : he seems to be having the exact same key ?
asciilifeform: $up sbp_
deedbot: sbp_ voiced for 30 minutes.
mircea_popescu: https://news.ycombinator.com/item?id=11611785
asciilifeform: http://btcbase.org/log/2016-05-02#1461051 << the ~100+ wholly shamatronic keys could've been made anywhere☝︎
a111: Logged on 2016-05-02 13:28 mircea_popescu: almost all of these seem to be in some way connected to either winblows or crapple.
mircea_popescu: asciilifeform yeah i meant the other ones. the "naively broken" ones,
mircea_popescu: which seem mostly to be a case of "take p, q random numbers, skip on testing for primality."
asciilifeform: mircea_popescu: my conclusion 1y ago was that the enemy is pretty good at factoring wholly-random-int rsamods.
asciilifeform: (it isn't so hard.)
mircea_popescu: yeah.
mircea_popescu: if you think about it : for any random number, the odds of being divisible by 3 are 1 in 3. and by 7, 1 in 7. and the sum of this converges etc.
Apocalyptic: 17:19 <+mircea_popescu> which seem mostly to be a case of "take p, q random numbers, skip on testing for primality." // having a fully factored modulus would help to confirm this
asciilifeform: my other hypothesis is that this was 'warmup' and current diddled pgptrons use somewhat more subtle magick
asciilifeform: Apocalyptic: the presence of small primes more or less clinches it
mircea_popescu: Apocalyptic i recall you were running miller-raqbin last year ?
mircea_popescu: if you care to hack a py script, i think it could be bolted onto phuctor.
Apocalyptic: asciilifeform: presence of small primes would happen either way, however if your modulus N has k bits and the biggest prime factor has k/2 bits, you could easily conclude that it wasn't generated the way mircea proposes
mircea_popescu: well within some sort of probability.
Apocalyptic: mircea_popescu: I factored a 32-bit mirrored one yeah, currently i'm trying to factor a non-mirrored small one
asciilifeform: Apocalyptic: so far very little is known for certain. but the presence of multiple tiny primes is heavily suggestive of random int.
mircea_popescu: cool deal.
Apocalyptic: asciilifeform: indeed
mircea_popescu: Apocalyptic you got a blog or anything ? where you gonna post ?
Apocalyptic: i'm gonna post in-channel I guess, same as earlier
asciilifeform: i've been considering adding a user-contributed factors box
deedbot: [Qntra] Hoaxtoshi Coninues Swindling Media - http://qntra.net/2016/05/hoaxtoshi-coninues-swindling-media/
asciilifeform: (it'd be trivial)
mircea_popescu: asciilifeform more like, you know, run m-r on the cracked moduli
mircea_popescu: also trivial. not like it doesn't have the juice.
mircea_popescu: and the results could be fed into the hopper in turn.
asciilifeform: after the current wave of derp cools, i'll fiddle with it
mircea_popescu: yeh.
BingoBoingo: asciilifeform: sorry no japanese toilets for you, just Hoaxtoshi. Drove to get cigarettes, Nooyz made it to radio.
asciilifeform: leloshi
mircea_popescu: lol!
mircea_popescu: wtf, radio ? seriously ?
asciilifeform: it is strange that same sc4mz0r was recycled
asciilifeform: they could not turn up another ?
mircea_popescu: schmucks. "oh i work for big deal pr firm" "suck my cock".
asciilifeform: i'vethunk there'd be no shortage of them
mircea_popescu: asciilifeform i think a little bit of the whole spam strategy is at work. they WANT the smart folks to lose interest early.
BingoBoingo: <mircea_popescu> wtf, radio ? seriously ? << Yes in the generic CBS radio feed KMOX runs on the hour
asciilifeform: mircea_popescu: that makes a certain amount of sense.
asciilifeform: >>> http://www.loper-os.org/?p=1468 <<< obligatory
davout: for some reason this hoaxtoshi stuff seems very interesting to journos
mircea_popescu: in other non-news, omfg all the famished camhos posing as online dommes. they are the masters of your wallet dontchakno.
mircea_popescu: derpiest shit ever.
mircea_popescu: davout finally something about bitcoin with no maffs in it. they've been waiting patiently a long long time.
BingoBoingo: <davout> for some reason this hoaxtoshi stuff seems very interesting to journos << Heartbleed and the bash vulnerability made radio
mircea_popescu: asciilifeform aaand 500
asciilifeform: waiwut
asciilifeform: 500 of wat
mircea_popescu: 500 of error code.
davout: BingoBoingo: your radio seems cooler than mine!
BingoBoingo: davout: If the weather's just right you can prolly pick up KMOX's 10,000 watts... maybe
BingoBoingo: http://oglaf.com/twostars/
asciilifeform: mircea_popescu: it is up
davout: moon bounce is a thing apparently
asciilifeform: just strained
mircea_popescu: kk
mircea_popescu: how much bw did it burn this month ? got a stat anywhere ?
asciilifeform: not readily
asciilifeform: nic sent >1TB since last power cycle
asciilifeform: (112 days ago.)
mircea_popescu: aha.
asciilifeform: but this includes, e.g., trb.
mircea_popescu: not horrible.
asciilifeform: there is nothing heavy on the site
mircea_popescu: the braindamage page is like 1mb
asciilifeform: ~5.
asciilifeform: i prolly oughta have massaged it further, e.g., pages
mircea_popescu: btw, ever had a chance to turn off whatever dev environment ? ppls were pointing out.
asciilifeform: aha.
asciilifeform: it had to be reset correctly so the fix took.
asciilifeform: but done.
asciilifeform: i am still disappointed with the shitstack.
mircea_popescu: honestly, nonpaged is better. guy gets whole thing in one go, prolly results in less overall bw as less futzing and wastage.
asciilifeform: yeah greppable
asciilifeform: sorta why i did it this way to begin with.
mircea_popescu: curl it once an be done
asciilifeform: aha.
mircea_popescu: ya. right calL.
asciilifeform: speaking of...
asciilifeform: curl -s http://phuctor.nosuchlabs.com/sadmods | grep -c -i " 1 is not prime"
asciilifeform: 8
asciilifeform: ^^^ ! ^^^
mircea_popescu: one exponent is best exponent.
asciilifeform: the journawhores dun seem to notice that one.
asciilifeform: lel i'm surrounded by a number of folx here at slaveshit reading reddit etc
mircea_popescu: are you workplace famous now ?
asciilifeform: hopefullynot
asciilifeform: though funnily enough i mentioned phuctor when i was hired there, as a 'litmus test'
asciilifeform: (of them, that is)
asciilifeform: sorta like throwing a rabbit out of airlock to see if atmosphere on new planet is breathable
mircea_popescu: $up tophunctor____
deedbot: tophunctor____ voiced for 30 minutes.
asciilifeform: mircea_popescu: https://www.reddit.com/r/sysadmin/comments/4hhd9p/psa_you_may_want_to_check_your_pgp_keys_and_keys/d2pplmj << lelz
asciilifeform: 'move along citizens!'
mircea_popescu: lol reddit one behind the curve ?
asciilifeform: paid muppet, prolly
asciilifeform: (this'd be a dupe thread)
mircea_popescu: "pgp was broken ayear ago i recall defcon talk"... it's kinda shocking in the despairing sense of the term, exactly what sort of monster a specialised society creates.
mircea_popescu: "i know how to make widgets. i also think the loch ness monster found the cvadrature of the ellipsis."
asciilifeform: BingoBoingo: http://qntra.net/2016/05/hoaxtoshi-coninues-swindling-media/#comment-56080
asciilifeform: mircea_popescu: i dun think there is 'thought' involved in the usual sense
asciilifeform: this here'd be orwell's 'duckspeak'.
BingoBoingo: !up xorrbit
gribble: Error: "up" is not a valid command.
BingoBoingo: $up xorrbit
deedbot: xorrbit voiced for 30 minutes.
Apocalyptic: asciilifeform: re earlier thread I was considering either random p and q then multiplied, or whole modulus is random. Obviously the latter could not occur since the software couldn't compute phi(N), hence doing anything usefull with it.
Apocalyptic: so yeah no k/2-bit prime to be expected in modulus
asciilifeform: Apocalyptic: there are reasons why someone might generate wholly unusable modulus and post to sks.
Apocalyptic: There might be, the resulting thing is a degree of magnitude less usable though
asciilifeform: there appear to be at least two types of phucked moduli
Apocalyptic: including the 32-bit mirrored ones ?
asciilifeform: and it stands to reason that they were born in separate places for distinct reasons.
asciilifeform: aha.
Apocalyptic: so far I also see the two categories
asciilifeform: the 32-bit mirrored ones are a fairly transparent ploy
asciilifeform: mircea_popescu: lel, yet another firm wasted hours of my time only to barf when told that i refuse to 'top secret'
mircea_popescu: http://qntra.net/2016/05/hoaxtoshi-coninues-swindling-media/#comment-56083 for great lulztice.
mircea_popescu: Apocalyptic i just interpreted your argument to mean k/4
mircea_popescu: asciilifeform ftr, there are VERY MANY people refusing to top secret for very many good reasons.
mircea_popescu: one is that they pay fails to compensate the risks (trivially verified : find insurer who will indemnify you for any and all responsabilities in exchange of fraction of extra salary)
asciilifeform: mircea_popescu: fact is, i'm approaching ~unemployable
Apocalyptic: mircea_popescu: why k/4 ? my argument was if the whole modulus is random, then we can expect a k/2-bit prime factor, if modulus is random p times random q, then we can't unless p or q is actually prime (assuming p and q same size), which is quite unlikely if truly random
mircea_popescu: as with all failing empires in history a) the better commentary happens among people who do not have the empire's language as native language ; b) the hassle of obtaining official seal of whatever exceeds the benefits.
mircea_popescu: Apocalyptic p and q randomly generated can still produce a prime factor somewhere in there, perhaps as large as 1/4 of the length of the key.
mircea_popescu: ie even with p, q obtained straight from /urandom, you can still see a 1024 bit prime or somesuch
mircea_popescu: i don't recall right off how you calc the probability, but it is indeed tiny.
Apocalyptic: yeah but why the 4 specifically ? for all you know you can have a k/3 prime as well
mircea_popescu: hey, whadda ya want from me, when trying to rescue statements that are trivially broken i use heuristics!
asciilifeform: mircea_popescu: prime number theorm
Apocalyptic: the important thing is k/2 prime enables to distinguish between the 2, a k/4 prime doesn't, as it would occur in both cases
asciilifeform: hadamard
mircea_popescu: Apocalyptic i guess so.
BingoBoingo: http://qntra.net/2016/05/hoaxtoshi-coninues-swindling-media/#comment-56085
mircea_popescu: $up cyco
deedbot: cyco voiced for 30 minutes.
cyco: hey
cyco: one of my old keys got phuctored
asciilifeform: cyco: which ?
cyco: http://phuctor.nosuchlabs.com/gpgkey/41CE4AD52DCCD849DEFF2F8EF2F59A5563DEF92184DA02E60743A44F38C9BDE4
asciilifeform: cyco: and before getting alarmed, download the key and compare to yours
cyco: ok i'll do that
asciilifeform: it may be a spurious version, someone has been making them for years.
asciilifeform: and this key appears to be one of them.
mircea_popescu: $up cyco1
deedbot: cyco1 voiced for 30 minutes.
cyco1: thanks :)
cyco1: it'll take some time to find the key in my backups
cyco1: i'll come back when i've found it
mircea_popescu: consider also registering your current key with deedbot
mircea_popescu: i'll rate you and you'll beable to self voice in the future
BingoBoingo: https://archive.is/b5odj https://archive.is/BpZyj https://archive.is/do0Pg And bonus lulz from GAW pumpers still around https://archive.is/lrzQs
mircea_popescu: are they influencing and community-whatever-ing ?
BingoBoingo: of course
mircea_popescu: $up steffen
mircea_popescu: good for them then.
deedbot: steffen voiced for 30 minutes.
BingoBoingo: ;;bc,stats
gribble: Current Blocks: 409899 | Current Difficulty: 1.7865925777252728E11 | Next Difficulty At Block: 411263 | Next Difficulty In: 1364 blocks | Next Difficulty In About: 1 week, 2 days, 8 hours, 13 minutes, and 9 seconds | Next Difficulty Estimate: None | Estimated Percent Change: None
BingoBoingo: ;;ticker --market all
gribble: Bitstamp BTCUSD last: 441.0, vol: 5354.45823665 | BTC-E BTCUSD last: 443.2, vol: 4879.32364 | Bitfinex BTCUSD last: 441.37, vol: 26801.5056244 | BTCChina BTCUSD last: 443.169345, vol: 20804.50170000 | Kraken BTCUSD last: 443.915, vol: 1075.02228224 | Bitcoin-Central BTCUSD last: 446.4716, vol: 69.1292423 | Volume-weighted last average: 442.174813814
BingoBoingo: $up hdbuck
deedbot: hdbuck voiced for 30 minutes.
BingoBoingo: In other news the US Navy is now allowing neck tattoos
mircea_popescu: "don't ink, don't yell" ?
deedbot: [Recent Phuctorings.] Phuctored: 83780493 divides RSA Moduli belonging to 'James Bottomley <jejb@kernel.org>; James Bottomley <JBottomley@Odin.com>; James Bottomley <JBottomley@Parallels.com>; James Bottomley <James.Bottomley@HansenPartnership.com>; ' - http://phuctor.nosuchlabs.com/gpgkey/23B2173C2FF1A9C43007D526720EA2B9EC1CB4AC21503429ACFBA1DA022517B3
mircea_popescu: always nice to see kernel.org in there.
mircea_popescu: i guess im gonna message him
steffen: interesting stuff, added my public key to check it out ;)
mircea_popescu: cool.
phf: so i did a simple exercise, since there were some claims that "none of the keys import", of grabbing phuctored data. the 223 moduli represent 156 keys, importing which results in 133 "no valid user IDs" and 23 successful imports listed here http://paste.lisp.org/display/315214
jurov: asciilifeform: i tried to check my own keys but http://phuctor.nosuchlabs.com/gpgkey/BBB0A99950037551F533850A677ABD62D0AEE7D7 gives me a broomstick
jurov: then i noticed you use yet longer fingerprints
asciilifeform: phf: not only this, but i strongly suspect that winblowz pgp eats them all...
jurov: oh this is correct: http://phuctor.nosuchlabs.com/gpgfp/BBB0A99950037551F533850A677ABD62D0AEE7D7
asciilifeform: jurov: why would i use short fp for anything!
jurov: so even the 40char one is short?
asciilifeform: the one above is correct.
asciilifeform foiled in yet another escape attempt from butugychag.
ben_vulpes: poor baby
asciilifeform: lel
phf: need a top-secret job where can discuss things in a public log, tmsr style
asciilifeform: phf: pretty much all of my conversations ended the same way
asciilifeform: (where i refuse to take holy orders, and they stop calling)
phf: i've interviewed for reverser jobs in 2004 or so when i was still doing "infosec", and my interviews all ended same way because i'm not a citizen
mircea_popescu: nice work phf .
asciilifeform: i'm a citizen, but no good at lying.
mircea_popescu: jurov he has to because obv keys can be diddled.
mircea_popescu: we've seen different keys of same fingerprints etc.
phf: "в день индийский слон съедает 100 кг сена, 50 кг моркови, 30 кг капусты, 40 кг хлеба и т.д" - неужели правда, что этот слон столько съедает? - съесть он может и съел бы, да кто ему даст...
mircea_popescu: lol
mircea_popescu: anyway, yet another thing bitcoin corrupts irretrievably. "wtf this secret job has no public log ? a fie upon you!"
mircea_popescu: asciilifeform http://trilema.com/wp-content/uploads/2016/05/dscf-1957.jpg << face ?
jurov: wtf you're on? i never tried to approach phuctor with sort fingerprint
jurov: i always used 40-char one, just wrong url
jurov: *with short fingerprint
jurov: and noticed /gpgkey/ uses much longer hexporn and was confused
jurov: that one is sha512 or something?
asciilifeform: mircea_popescu: almost face!
asciilifeform: neato.
asciilifeform: съесть он может и съел бы, да кто ему даст << win.
asciilifeform: ^ my entire life.
asciilifeform: $up gabriel_laddel
deedbot: gabriel_laddel voiced for 30 minutes.
mircea_popescu: jurov the reason for teh hexporn is that there have been diddled keys!
jurov: yes!
mircea_popescu: right.
mircea_popescu: $up anotheryou
deedbot: anotheryou voiced for 30 minutes.
jurov: and i'm asking, what does /gpgkey/0xhexporn stand for?
mircea_popescu: ie how he derives it from the keys ? nfi. i always assumed it's arbitrary index from db
asciilifeform: jurov: it is a hash of the moduli
asciilifeform: arbitrary!
asciilifeform: plox do not attempt to use for anything other than indexing on phuctor.
asciilifeform: NOT same as fp !
asciilifeform: those are separate !
mircea_popescu: $up plp
deedbot: plp voiced for 30 minutes.
jurov: ok, ty
asciilifeform: and correspond to legit fp
asciilifeform: jurov: i needed a way to uniquely identify ~keys~ rather than ~moduli~
asciilifeform: so that i could hash a key and determine if we have it already
asciilifeform: without a megatonne of db grind
asciilifeform: thinkaboutit.
mircea_popescu: $up distemper
deedbot: distemper voiced for 30 minutes.
jurov: it's amazing that fingerprint is not even suitable for that use.
mircea_popescu: quite the accomplishment yeah.
asciilifeform: jurov: not only, but fp identified MODULI
asciilifeform: (even if it worked perfectly with 0 collisions, which, guess what.)
asciilifeform: $up fromphuctor__
deedbot: fromphuctor__ voiced for 30 minutes.
asciilifeform: so many silenceisgolden folx
mircea_popescu: your dash-mojo is not powerful enough!
asciilifeform: such quiet
anotheryou: sorry, just ment to lurk :) don't mind me. Maybe most don't need the up.
anotheryou: trying to make sense and reading a bit before asciing stupid questions :)
mircea_popescu: yeh.
asciilifeform: commendable.
mircea_popescu: i kinda gave up autovoicing the default nick folken.
asciilifeform: at this point i can see it.
mircea_popescu: he has a point, too. can just be here for the feeds.
anotheryou: So many german pirate-party members on the list. How where the tested keys selected? I assume you had to start somewhere...
mircea_popescu: nah, no selection. it's the whole sks dump
asciilifeform: anotheryou: https://sks-keyservers.net
mircea_popescu: (the keys are not processed one at a time. this used to be the case, but not anymore. now, all done simultaneously)
anotheryou: So my uninformed conclusion would be that something went especially wrong in germany or the pirates cryptoparties got a lot of people using pgp in the first place.
asciilifeform: anotheryou: most of the german keys are of the 'mirrored' type
asciilifeform: and quite likely were crafted by a third party.
anotheryou: third party means it was sort of an impersonation?
asciilifeform: aha.
asciilifeform: they appear to have the genuine key's fingerprint in certain pgp clients.
anotheryou: I see.
anotheryou: thanks for all the work :)
mircea_popescu: it'd be fun if we could diagnose, eg, fukushima by quality of keys from place and time.
asciilifeform: as with digital cameras, l0l!
mircea_popescu: aha.
asciilifeform: would be ++lulzy if we had the neutronograph
asciilifeform: (neutron background pretty much everywhere on planet3 is same, with the exception of fukkupppies)
jurov: neutrinoscope!
mircea_popescu: but no, it's entirely out of the question any sort of natural event is at work here. usg.nsa been diddling not merely angela merkel's phone,
mircea_popescu: but all communications of all germans at all levels possible.
asciilifeform: the germans have been taking it nice and hard in the arse for half century +.
asciilifeform: and so quietly, too.
mircea_popescu: while supplies last.
asciilifeform: $up steffen
deedbot: steffen voiced for 30 minutes.
steffen: being a german myself, yes, and that's where I thought pgp added a nice sense of privacy to interested parties no matter the government
asciilifeform: mircea_popescu: pgp really took off in de, it seems
asciilifeform: so that was where the ferret cannon was aimed.
steffen: now my next question would be which software was used to generate the flawed keys and if those were software packages with malicious intent
mircea_popescu: steffen you gotta make sure your pgp is actual protocol-strength rsa not merely promise-strength rsa tho.
mircea_popescu: many rsa implementations, especially for the closed source walled gardens, are miserable indeed.
steffen: I lack the skill to verify my software package
steffen: i can only be so paranoid.
mircea_popescu: steffen we've been trying to get people with exposed keys to post the software they used.
mircea_popescu: steffen the golden standard re such verifications in tmsr is V.
steffen: at least so far I can see that my key is not malformed. I'll certainly check that result page periodically in the future.
mircea_popescu: works.
steffen: a lot of germans that I know use gpg4win
steffen: which incidentally is also a software package vetted by the BSI (german ministry for informational security or something like that)
mircea_popescu: yeah ; a lot of eulora players also. seems to be the most accessible for "people in general"
asciilifeform: steffen: any ministry recommending a ms-winblowz package ipso facto answers to washington.
mircea_popescu: you recommend ida :)
mircea_popescu: $up fromphuctor__
deedbot: fromphuctor__ voiced for 30 minutes.
fromphuctor__: i have an idea for phuctor
mircea_popescu: shoot.
fromphuctor__: you could collect many millions keys from SSH server using the ssh-keyscan utility included in OpenSSH
fromphuctor__: it is very fast
mircea_popescu: iiuc jurov already has a more or less complete package of github keys, working to turn them into proper format.
asciilifeform: mega-unsurprise, https://news.ycombinator.com/item?id=11609094 << buried.
mircea_popescu: the rub there is, currently, the conversion not the acquisition
mircea_popescu: asciilifeform awww, herpy bock got humiliated in public ?
fromphuctor__: ssh-keyscan provide digits
asciilifeform: mircea_popescu: aha
asciilifeform: after which, zap
mircea_popescu: fromphuctor__ yes but phuctor currently eats rfc 4880 format, owing to its history as a pgp key checker.
asciilifeform: what the hell happened to the last time folks collected ssh pubkeys and bernsteined'em
asciilifeform: i tried to find out, found ~0
mircea_popescu: if you have a conversion script anywhere plox feel free to publish.
mircea_popescu: asciilifeform "published studies".
asciilifeform: mircea_popescu: yeah, heninger et al. but iirc there were others
mircea_popescu: of course, others. "published".
ben_vulpes: no code, not published.
ben_vulpes: not in wot, not published.
asciilifeform: sorta lulzy, how much mileage one can get by taking all the shit these muppets claim to have done, and actually ~doing~ it
mircea_popescu: asciilifeform but he has a point ; once we get conversion going running a ssh-keyscan werker is good idea.
asciilifeform: aha
mircea_popescu: asciilifeform quite so, yep.
mircea_popescu: reminds me of being in school.
fromphuctor__: bye bye
jurov: ssh-keyscan and the github trove are completely independent things (former scans for server keys, latter are users' keys)
mircea_popescu: jurov yeah meanwhile it percolated through my head.
mircea_popescu: this is rounding out nicely actually!
fromphuctor__: it would be interested testing router keys
mircea_popescu: it even has a -t rsa1!
mircea_popescu: which really halps.
mircea_popescu: $up fromphuctor___
deedbot: fromphuctor___ voiced for 30 minutes.
fromphuctor__: https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Authentication_Keys#Downloading_keys
fromphuctor___: thanks... would the phuctor checker work with non PGP keys, if i correctly converted an RSA key to the required format?
mircea_popescu: absolutely.
mircea_popescu: as long as it's a rsa key, it will work.
fromphuctor___: sounds like i'll be busy then!
mircea_popescu: keep us posted
mircea_popescu: also, consider registering your key with deedbot
mircea_popescu: helps build your identity, and you'll be able to self-voice.
fromphuctor___: i need to figure out how to convert plain key to that base64/der stuff
fromphuctor___: ok
mircea_popescu: it's also in the logs, but, https://tools.ietf.org/html/rfc4880
fromphuctor___: will the submit page tell me my key is malformed if i made a mistake?
mircea_popescu: yes.
fromphuctor___: cool
asciilifeform: mircea_popescu: https://www.reddit.com/r/sysadmin/comments/4hhd9p/psa_you_may_want_to_check_your_pgp_keys_and_keys/d2pqq41 << lel
asciilifeform: was there really..?
asciilifeform: i can't wait to listen to the tape of 'my' talk.
asciilifeform: at shitcon.
asciilifeform: or wherever.
mircea_popescu: no idea ?
mircea_popescu: you're asking me who you talked to ? what am i, the omniphone ?
asciilifeform: well i did not in actuality give any such lecture
asciilifeform: in real life.
asciilifeform: but perhaps someone gave 'for'.
asciilifeform: y'know, a henninger.
mircea_popescu: eh reddit ; who even has teh energy.
asciilifeform: mircea_popescu: l0l looks like moar ddos.
mircea_popescu: asciilifeform it won't last, server's pretty well supplied.
mircea_popescu: let 'em try.
mircea_popescu: incidentally, i just remembered : http://www.hanewin.net/encrypt/PGpubkey.htm << this of any use ?
asciilifeform: pretty basic rfc4880 parser thing aha
mircea_popescu: asciilifeform but it also has a convertor to mpi/b64
mircea_popescu: $up andrej235
deedbot: andrej235 voiced for 30 minutes.
asciilifeform: for folks trying to understand the format, it is worth a read
mircea_popescu: PGencode.js particularily interesting i thought as it really takes base64 pubkey and puts it through rsa.js
mircea_popescu: so isn't this pretty much 99% of bignum->rsa in pgp format ?
asciilifeform: aha
asciilifeform: agonizing to read on account of shitlang
asciilifeform: and the million kludges it needs to do basic things
asciilifeform: (e.g., ordinary integers)
mircea_popescu: http://www.hanewin.net/encrypt/PGencode.js << the comments peculiarily amusing.
mircea_popescu: "windows clock moves in 18.2 ms jumps"
asciilifeform: 'We need an unpredictable session key of 128 bits ( = 2^128 possible keys).' << lel
mircea_popescu: still. it has a key parser that works.
asciilifeform: aha
asciilifeform: i actually came across it before, when cataloguing known pgptrons
asciilifeform: (hunting for 'magical' ones)
mircea_popescu: i put it on my pgp page on trilema,. forgot all abpout it, now stumbled on it all over again
mircea_popescu: blogs rule.
mircea_popescu: but yes, pretty nifty as you can use it to send a [sorta] encrypted message entirely via web
asciilifeform: just like keybase!1111111
asciilifeform: ;;later tell jurov observed any spike in trb site traffic ? (it is linked from nosuchlabs.com)
gribble: The operation succeeded.
asciilifeform: so... looks like the reddit thing is done, huh.
asciilifeform: like writing on beach sand.
asciilifeform: farts in the wind.
asciilifeform: $up plp
deedbot: plp voiced for 30 minutes.
mircea_popescu: you sound almopst like you're expecting something.
asciilifeform: mircea_popescu: there is always the 1 reader in a million who says something applicable.
asciilifeform: mega-unsurprise that he did not appear, sure.
asciilifeform: mircea_popescu: picture if you threw a match into latrine and it roared with fire like jet engine.
asciilifeform: yes, it is quite clear that latrine will not be flying anywhere.
asciilifeform: but still impressive.
mircea_popescu: of course he appeared ? we got all sorts of workable ideas for phuctor!
asciilifeform: i don't recall any new ones
mircea_popescu: well "new", nothing's ever new.
asciilifeform: lel, megatonnes of traffic on my www also
asciilifeform: largely from mircea_popescu's links
asciilifeform: $up Valfor
deedbot: Valfor voiced for 30 minutes.
asciilifeform: $up fromphuctor__
deedbot: fromphuctor__ voiced for 30 minutes.
phf: since today is a looking at stats day, btcbase is at modest 3500 hits right now, which has been the average since about april 6th, but note that the day is not over and system has been down for almost 8 hours. the number of hits brought by referer has spiked though to ~~500, and looking at graph roughly correlates to trilema posts. not surprisingly the top referer is trilema at ~~1000, followed by qntra at ~~600 and phuctor at ~~80.
phf: (the last three values are totals)
phf: the-phuctoring is second top ref from trilema, losing out by a large margin to top ref ill-pay-for-your-tits
mircea_popescu: o.O check out the tits!
asciilifeform: $up fromphuctor__
deedbot: fromphuctor__ voiced for 30 minutes.
deedbot: [Trilema] The mathematics of scamming - http://trilema.com/2016/the-mathematics-of-scamming/
mircea_popescu: $up bolts
deedbot: bolts voiced for 30 minutes.
asciilifeform: mircea_popescu: 10000000th prime is...
asciilifeform: 179424691
asciilifeform: gentlement please welcome the all-new 8ball.
asciilifeform: deploying now.
asciilifeform: ;;later tell mircea_popescu from beloved l0lcow, https://twitter.com/hanno/status/727179938017759232
gribble: The operation succeeded.
asciilifeform: https://twitter.com/hanno/status/727049579389157376 << and
asciilifeform: 'if it's a bug it's most likely in the keyservers. if you look at those keys they usually have a lot of bytes replaced by ff values'
asciilifeform: ^ gold
asciilifeform: https://github.com/hannob/pgpmoduli << and he's got the obligatory 'we did it first, move along!' thing going. 7h ago.
asciilifeform: incidentally, didn't the derp already have a 'we did ALL the keyz' post LAST may ?
asciilifeform: so how come he has to hastily do it (with henninger's proggy no less, see his shithub) ~now~ ?
asciilifeform: noteventrying.jpg
asciilifeform: (and where are his posts on any other subject ?)