asciilifeform: well if done with nextprime() then yes worst
mircea_popescu: i can'\t come up with a worse one on the spot.
mircea_popescu: in fact imo the "prime hash" is a textbook example of "worst hash ever".
apeloyee: some primes have many composites before them and thus are more likely
asciilifeform: and how the hell does it compare to 'add the digits' -- there you get $base possible outputs
mircea_popescu: that you'll get some values more likely than others.
mircea_popescu: "add the digits" is a better hash.
mircea_popescu: we're still not clear on "The needs this wrench helps". so far very much blender-toilet. "maybe someone somewhere needs to make turd batidos"
asciilifeform: you get a handful of primes this way, before the arithmetic becomes unwieldy
mircea_popescu: ie, the 5th prime down.
mircea_popescu: nevertheless, the correct solution to this "quickly, prime this many bits long" is a n, k tuple which contains n as the bitsize and k as the "oddness". if you want the n - 396 k = 5 prime you get 2^396- 1229
asciilifeform: ( nothing to stop you from imposing other types of hash in between, incidentally . as i did in the pubexp example )
mircea_popescu: well then stfu and read alf's haranguing re hashes.
asciilifeform: i don't want ~an~ n-bit prime, i want THE n-bit prime corresponding to arbitrary n-bit input I.
mircea_popescu: if you want an n bit prime calculate 2^n and substract the correct small integer.
mircea_popescu: EITHER encrypted OR signed.
mircea_popescu: apeloyee there is no such thing in tmsr rsa.
asciilifeform: reminds asciilifeform of his brother's 'from old flat, you brought mouse spores !!'
mircea_popescu: there are some primitives you don't wanrt to keep around,
asciilifeform: apeloyee: sorta why i suggested making pub-exp nextprime(keccak(commentstring)). satisfies the basic req of e being 1) long 2) nonstandardized
asciilifeform would rather pick up in person, when he finally gets around to visiting mircea_popesculandia
asciilifeform: the sad thing is that ( at least until we get, e.g., the shortwave net, going ) there are some boxes of fixed size, that in practice gotta be sat down into if at all possible
apeloyee: the amount of computation that you must do ,<< the same as for any packet: 1 mod-exp and check padding. >> and bits you must buffer, to do friend-or-foe, is considerably larger. << twice as much. might be acceptable, depending on circumstances.
mircea_popescu: in other domestic tranquility news, just finished stuffing a mason jar with baked peppers. they have some FABULOUS kapja peppers here.
asciilifeform: the 'everyone has same e' thing was slipped in under clinton , when his nsa invested in 'acre of asics' with e=3|e=65537 presumption baked in
jurov: a111: strings are sequences, not lists. cons/car/cdr does not apply, there's different set of functions for these
mircea_popescu: so your model is, i have your pubkey, and encounter an item signed by that N, with a specific e that's included in the signed text ?
a111: Logged on 2017-11-08 23:10 asciilifeform: returning to the exponent thing, seems that mircea_popescu is right, nothing particularly interesting can be done by distributing a pub with e' . ( other than 'believe me , his e is 3' and then messages ~to that pub~ are breakable if padding is broken. but that' sit . )
asciilifeform: mircea_popescu: apeloyee was extending the http://btcbase.org/log/2017-11-08#1734664 argument, as i understand
mircea_popescu: but a signature signed by a pubexp i didn't have PRIOR to the receiving of the signature is definitionally worthless.
apeloyee: can attach your pubexp in plaintext, to the signature
asciilifeform: the amount of computation that you must do, and bits you must buffer, to do friend-or-foe, is considerably larger.
apeloyee: u can use these to verify that purported pub-exp is validly signed
apeloyee: well, that means the enemy can drown you even if we kave pub.exps, by simply flooding
asciilifeform: in either case, in practice enemy can drown you
asciilifeform: apeloyee: by same argument, '1 bit of the modulus is sufficient to init conversation, after it we'll agree on next bit' etc
apeloyee: http://btcbase.org/log/2017-11-14#1737542 << that's just DoS. but, if you have computational capacity, you check the padding. may also require that it's signed with my key, with the pubexp attached if you don't know it. Thus, the modulus is in principle sufficient to _initiate_ the converstaion
phf: for example your Symbol_EqualP should just be a pointer comparison, rather than string comparison. (the whole point of a ~symbol~ over a string is that it's interned, i.e. same sequence of characters always map to the identical Symbol object)
a111: Logged on 2017-11-14 11:25 spyked: http://btcbase.org/log/2017-11-13#1737264 <-- strings are (lisp) lists-of-characters. which, as it is, unfortunately makes parsing and evaluating builtin functions (e.g. cons, car, cdr) a pain in the ass. can be structured cleanly though. also, this makes it not a simple matter of find+replace in shithub scheme.adb.
phf: http://btcbase.org/log/2017-11-14#1737529 << that doesn't sound right, read and eval are distinct phases, by the time you get to eval you shouldn't be operating with strings when but instead with interned symbols (i.e. things that can be eq'd in lisp and pointer equivalent on c machine level)
mircea_popescu: mmm 2005. no, there was some 1970s item
BingoBoingo: In other news, apparently Tower 4 of the world trade center is not actually inside the world trade center free zone.
a111: Logged on 2017-11-14 15:30 asciilifeform: there was a '90s american film where there is a scene, where an airplane lands in africa and in fast motion gets stripped for parts, like elephant carcass by hyenas
a111: Logged on 2017-11-14 16:54 BingoBoingo: mircea_popescu: I asked him for the "how do we get a corporation fast" answer. His answer is off the shelf. This isn't the first time I've heard "bank reference" being bandied aboutwith respect to opening a corporate account.
davout: http://btcbase.org/log/2017-11-14#1737789 <<< needed the same when opening a bank account in .mu, reference letter didn't need any particular judgement about whether i'd be able to meet a financial committment, but just something along the lines of "had bizns with this gentleman for X years, didn't leave with unpaid debts, isn't a fucking gypsy"
mircea_popescu: "oh the numbers are wrong". yeah, im sure they are. and the tractors invented, and the working the fields with oxen and horses and wives pre 1940 calumny, perhaps. hurr.
mircea_popescu: and he has the numbers : right here, where we happen to be, i ~know the name of the local lord~, and his numbers : 600 to 2209, he says. and what is teh retort ?
mircea_popescu: dude has the audacity to ask for "a ballet on the topic of having finished the kolohoz-isation". you know ? at least asks the right fucking questions, even if nobody in audience has the mettle to make answer.
mircea_popescu: the 1965 and 1968 items absent, but pars pro toto this shall have to do.
mircea_popescu: im totally finding this, motherfucker, im sure i saved copies on trilema somehwere PRECISELY for this conversation
asciilifeform: when asciilifeform wanted to read lysenko in the original , he had to visit the rarest-rarities reading room in american national lib of medicine
mircea_popescu: i read piles of ceausescu transcripts, they're all exactly nowhere. 1968 meeting with the writer's union ? really, NOT EVEN THAT ? 1965 may 19th "who wants a seat in helicopter" one ? nope ?
asciilifeform: i found last yr, somewhat surprisingly, that the works of stalin are not sitting in plain txt anywhere
mircea_popescu: dude it's incredible how fucking useless the internet is.
mircea_popescu: see, this is the problem : selection and education are different.
mircea_popescu: not according to the ant.
mircea_popescu: asciilifeform cuz that's what the mediocre intellect has decided upon.
asciilifeform: mebbe this shows that asciilifeform is same sort of peasant as the shoemaker, but finding it hard to see why not counts. having pantsuit hoisted on a public stake would even moar count imho
mircea_popescu: it has to be "mrs pantsuit, where's your having won the presidency nao ?" at the lowest.
asciilifeform: i was thinking of the 'i hereby order mr.pantsuit caught and fed some radium' instances.
mircea_popescu: asciilifeform nope. the problem with the mediocre pretending to "intellectuals" is they've agreed to only hurt physcologically.
mircea_popescu: it's true, he doesn't. NEITHER DO YOU. without that latter part...
mircea_popescu: so the notion endured, "oh, mp doesn't understand maffs".
mircea_popescu: and to most mediocre people, gave this impression of utter idiocy, because regularily contradicted their "reasonable expectations". except didn't have the mp refinement of making it painful for them later.
mircea_popescu: except he didn't comprehend there's a homework to do.
mircea_popescu: but to be unable to say who you're thanking at oscar ceremony... kinda blonde moment. you KNEW they were gonna ask.
asciilifeform: ( or even consider the famous last balcony scene )
asciilifeform: yea visible from the surviving material readily
mircea_popescu: dood also had serious emotivity probloems -- extremely shy, etcetera. epicycle is perhaps that encounter with the czechoslovak "labour people" when they ask him a (simple, let's be friends) question (context is that he's the hero, against soviet invasion, etc) and he totally can't answer.
asciilifeform: mircea_popescu: d00d did know ru tho. so could have, in theory, read the german thinkers, neh
mircea_popescu: this, in a fellow entirely unsuspectable of having ever HEARD of husserl, let alone read anything in german, is a feat somewhat comparable to the 256 byte 99% lisp interpreter.
mircea_popescu: of particular interest to you might be causescu's self-concept, especially items such as "a critica" (to critique). i dunno how many of his own words you've read, but the man had a very interesting (on the grounds of its incredible low level form that maintained reasonable function) husserl approach to post-hegelian dialectics.
mircea_popescu: asciilifeform he had a point, at that. 20 to the ruble im sure.
asciilifeform: and never quite stopped rubbing it in . 'hey that loaf of bread you ate in timis ? we had these, and cost 3 kopeiki' etc
mircea_popescu: so then, elder brother saying "half of it made no sense" very != archeologist saying "i don't understand how half of this shit even worked"
asciilifeform: asciilifeform's elder brother did however witness 'golden age' .
mircea_popescu: this is not similar, i was there for ceausescu not for iliescu lol
asciilifeform: well similarly asciilifeform was there for gorby
mircea_popescu: i was there, dun need archeologists.
mircea_popescu: socialist-nationalism still socialism. make it capitalist nationalism we're in business. specifically - the portuguese business, rape everyone
asciilifeform nao even has that selfsame hat. walks in to visit family, they immediately : 'brezhnev!'
asciilifeform: the hat man's, that is
asciilifeform: hey i'm all for the regime right nao!111
mircea_popescu: anyway, if he HAD a continuator, like the chinese managed to continue xiaoping, i have little doubt i'd be all for the regime, decked in the usual "youngest general in the signals" regalia and we'd be holding this convo across the berlin wall.
mircea_popescu: the problem is he had no successor.
mircea_popescu: but, no, ceausescu didn't get overthrown because "the people". who the fuck seriously thinks "the people" even matter, jesus.
mircea_popescu: and then in spite of "political control" ie "containment policy" romania operated it's OWN gulf concessions with its own machinery and shipped the oil on its own boats made in its own factories.
mircea_popescu: and then in SPITE of "tech control", romania was building its own computers. not good, no. yet. but it's own machine gun factory WAS better than us anything, after a 20-30 years of "not good, no".
asciilifeform: so 'had problems'. with the murder weapon being 'uprising'
mircea_popescu: asciilifeform anyway, it's not simply " paying off his national debt". it's like this : dood went deeply into debt post nixon visit, on the strength of us jewish promises (ie, tech transfer) and to the degree of their own established "deep enough to have no way out". they obviously did not deliver, but then he DID dig himself out, paid whole debt in little over decade. ie, not only that he paid it, but that he paid it "imposs
asciilifeform: sorta why ethernet is a net, not a point-to-point port
BingoBoingo: Also room to cross connect in the future.
asciilifeform: multiplying jacks is what the switch is for
BingoBoingo: Well, this router is the beefier Octeon box.
asciilifeform: what are you making, BingoBoingo , the exit router ?
asciilifeform: BingoBoingo: i dun have anything against the 'octeon' per se ironwise. just be sure to build own os for it.
BingoBoingo: asciilifeform: re: http://btcbase.org/log/2017-11-14#1737472 which of the three items were you discussing when you mentioned "boobytrapped", any suggested remedies or alternatives?
BingoBoingo: mircea_popescu: I asked him for the "how do we get a corporation fast" answer. His answer is off the shelf. This isn't the first time I've heard "bank reference" being bandied aboutwith respect to opening a corporate account.
mircea_popescu: "the people have had enough with not being able to buy consumer goods ; and if they were able to buy consumer goods they'd have wanted to "form oppinions" in the manner of ustards, and in the vein of "school exams too hard ; work too long hours ; idealised self not actualised by regime ; let other people take our industry, we'll do service "industry" ; want to live today on money we might make tomorrow IF and only if we don't
asciilifeform: thebeoble have always 'had enuff'
mircea_popescu: asciilifeform the people true and squarely had enough. this is the fundamental problem with being saddled with a people in the first place -- what they want isn't ever what';s needed.
mircea_popescu: this is spurious in your case, tell them you'll pay cash upfront.
mircea_popescu: BingoBoingo generally the lowest rank of the letters of credit. the bank makes a non binding judgement as to customer;s ability to meet a specirfied financial obligation.
asciilifeform: http://btcbase.org/log/2017-11-14#1737762 << the nazi-hunters, it would seem , disagreed with this. 100 y.o. d00d could still, hypothetically, know where he buried the gold etc
asciilifeform: re the shoemaker, asciilifeform still can't fully shake the traditional ru version , where man was plugged for paying off his national debt, rather than 'the beoble Finally Had Enuff!' usgolade nonsense.
asciilifeform: ( at least the american one )
a111: Logged on 2017-11-14 15:58 mircea_popescu: (amusingly, the unsupportable and otherwise batshit insane ugc in http://trilema.com/2011/procesul-ceausescu/ is ~100% unsourced copy/pastes from the dude's "red horizons" booklet)
asciilifeform: http://btcbase.org/log/2017-11-14#1737763 << this is unashamedly printed on the jacket of the present-day edition, even
a111: Logged on 2017-11-14 15:54 mircea_popescu: and you know, pacepa was no less than ro resident in rfg. he fucking led the east presence there for at least most of 64.
mircea_popescu: (to ruin many "westerners" hopes and delusions of self relevancy : http://btcbase.org/log/2017-11-14#1737754 means that no, paris '68 is NOT necessarily more than the original later copied by obama-socialism under heading of "orange revolutions". "oh, you mean pacepa's paris v2.0 ? I SEE!.")
mircea_popescu: (amusingly, one of the dudes that somehow "failed to identify" pacepa went on to kill a coupla french spies in sudan)
mircea_popescu: kinda the blue state blueprint, in general. first subvert justice system then lie about rule of law then so following.
mircea_popescu: and in other lulz : usg focused on infiltrating and corrupting ro justice system first ; as a result in 1999 they came up with a "rehabilitation" supreme court decision. ro govt refused to recognize it, which resulted in a lot of usg agitprop material as to how "romania not yet rule of law".
mircea_popescu: (amusingly, the unsupportable and otherwise batshit insane ugc in http://trilema.com/2011/procesul-ceausescu/ is ~100% unsourced copy/pastes from the dude's "red horizons" booklet)
mircea_popescu: i dunno... at some point in the 80s the whole eastern front (arafat, gaddafi, ceausescu) had multi-mn bounties on his head. if he survived that...
asciilifeform: i'd expect he dun take the trains tho.
mircea_popescu: then he got promoted in 66 (ceausescu came to teh secretariatship in 65).
mircea_popescu: and you know, pacepa was no less than ro resident in rfg. he fucking led the east presence there for at least most of 64.
asciilifeform: ah lol the ro eltsin
mircea_popescu: asciilifeform amusingly, ion iliescu went through similar period. "dissident" etc. except for the pics where he's playing retarded games with ceausescu & co.
asciilifeform: or take the 'it was really the demented witch' narrative. invites the q, why did nobody have for her any poison ? really, none of the flunkies ?
asciilifeform: ( re ro crackpottery, asciilifeform is 2/3 through pacepa's tome , and marvels over the d00d's complete omission of how ~he himself~ came to be loyal servant of 'worst ever cruellest evil emperor' )
asciilifeform: considering the venerable ancient ukrs.
mircea_popescu: are you aware there's a substantial ro mystico-scientism putting the etruscans as romanian derivative ? and no, it's not "ceausescu madness", ro sufragette cca 1920, exact equiv of that russian fat old woman.
mircea_popescu: of course they do! the saving grace is that you don't speak orc, to see the pretense.
mircea_popescu: asciilifeform there's been films of elephant etc same.
mircea_popescu: copy/paste wikipedia exams are a matter of necessity if you're going to bother all shepherds and whatnot daylabourers to join your "college"
asciilifeform: there was a '90s american film where there is a scene, where an airplane lands in africa and in fast motion gets stripped for parts, like elephant carcass by hyenas
mircea_popescu: the necessary corelate of "no kid left behind" and "creativity!!11", after all. where's all the world's mediocrities to come up with shit ?
asciilifeform: veritable feast for the vultures, it's been lately
mircea_popescu: (then again this dun say much -- phuctor, "undoable" until it was done, according to the idle wankers / "academics" publishing around it pretending to not know where they got their dataz.)
mircea_popescu: the meet in the middle etc thing i saw was far from instantaneous. maybe better technologies do exist, but anwyay
asciilifeform: ( recall the primalitytest thread )
mircea_popescu: also, polynomial time isn't THAT great. depends a little on the polynomial involved :D
mircea_popescu: how useful something is is of no consequence in the classification of things. it still gets a label.
mircea_popescu: let teh enemy fight with the army it has!
mircea_popescu: http://btcbase.org/log/2017-11-14#1737600 << oh, i see now what you were talking about. right5 you are, yes, i was focused on the edges not the middle.
a111: Logged on 2014-05-10 20:40 mircea_popescu: fluffypony that's right, this is the channel of the minority of people into bitcoin that aren't also pedos.
mircea_popescu: there's prolly some stuff on trilema too but too lazy to dig moar. shoulds suffice i guess.
a111: Logged on 2015-02-24 21:00 mircea_popescu: the gays got their way with marriage prior to the freeze, but that's it. pedos aren't getting theirs.
a111: Logged on 2015-03-06 01:01 mircea_popescu: the very notion that the us has any sort of purpose, not even conscious or expressible, but any sort whatsoever is ridiculous on its face. it has all the purpose of a shambling headless zombie. which is why they're stuck trying to invent nonsense, "women and gayz! anti pedo!!" etc.
a111: Logged on 2015-04-30 15:40 mircea_popescu: incidentally, the original (mostly politically driven) explanation for violence against homosexuals - some sort of "homophobia" suffers a lot seeing how ALL SORTS of other sexual behaviours elicit the same violent response. such as transsexualism, or pedophilia.
a111: Logged on 2017-02-21 22:18 mircea_popescu: hence all the discussions re "fags got their weddings, pedos are next".
a111: Logged on 2017-05-03 19:26 mircea_popescu: Framedragger "have you tried not wanting to fuck guys???" whadda ya know, next they'll "cure" pedos. because they're so totally unlike gays and everything.
a111: Logged on 2017-05-07 05:09 mircea_popescu: BingoBoingo i'm preparing popcorn for when they finally unearth the pedophilia issue. so far swimming in the brackish water of imaginary problems that are only problems ot the problemizers.
a111: Logged on 2017-06-30 23:00 mircea_popescu: much saner to put all gays in jail because "they offend baby jezuz" than to put all pedos in jail because "they harm little kids"
asciilifeform: re 30k, it's moar than enuff for own motherfucking microscope
a111: Logged on 2017-11-14 01:09 asciilifeform: the way i'd implement the whole shebang, is simply to reject both primes if the highest bit of pq is not 1 .
mircea_popescu: http://btcbase.org/log/2017-11-14#1737387 << this is alternatively a perfectly acceptable approach ; expensive as all fuck though. prolly should be the standard for homemade keys.
asciilifeform: i can't picture it appreciating to the point where i can spare 30k worth of it
asciilifeform: because the talent pool aint any bigger
asciilifeform: aha and the 40 remaining % gets to charge same or moar
asciilifeform: it's a surgery, d00d strips carefully the layers , takes pics
mircea_popescu: it will sadden you to find surgery is highly roboticized, in the sense of ~60% of surgeon man-hours put in by 1967 surgeons are now done by machine.
asciilifeform: the microscope per se is 1940s tech.
mircea_popescu: (there's a reason imperials have that problem -- it's called "technological progress".)
mircea_popescu: this is the fundamental, and perhaps only result to date of cryptology.
mircea_popescu: this is the problem with "complexify the code machine" tendency. somehow it appears intuitively evident that having a portion of the code INSIDE the machine is "a more complex, therefore a more secure system". it is not. 100% of the key belongs in the key.
asciilifeform: in sadder noose, cheapest bolix ivory microscopy quote, chinese, that covers all the layers ( metal and passivation ) is ~30,000 usd.
diana_coman: mircea_popescu, there is that
a111: Logged on 2017-11-04 14:22 mircea_popescu: consider the following point : the recent las vegas shooter had bought a room ; and had ferried a quarter ton of materiel up there ; and then the concert started, and he sat.
mircea_popescu: the fundamental imperial problem (see eg http://btcbase.org/log/2017-11-04#1732837 ) is that good imperial can never act for fear waiting may pay more.
mircea_popescu: http://btcbase.org/log/2017-11-14#1737538 << it's worse in that the per-unit-effort benefit it delivers is smaller than the benefit we would accrue by simply keeping the current system and increasing the bitsize.
mircea_popescu: though /me is consoled to see bright minds have the same intuitive inclination.
a111: Logged on 2017-11-14 11:33 apeloyee: diana_coman: if keeping the minimum of 2^2047 for primes, you can, for example, generate primes between 2^2047 and 2^2049, and start over if the modulus is unacceptable. not sure what minimum for p and q makes sense.
mircea_popescu: http://btcbase.org/log/2017-11-14#1737536 << this was part of the original speccing of "unequal length p, q" etc. that line of thought withered and died, see the whole thing in the log it's worth the read.
mircea_popescu: the problem here is structure, you have to have the "emitter" pretty well identified to make useful pattern measurements.
asciilifeform: but this is a thread for another time.
asciilifeform: reminds me, not long before the beginning of the time of dulap troubles, and the isp winter, asciilifeform was experimenting with statistical tests of the ~moduli~ a la dieharder
asciilifeform: or mircea_popescu was thinking of the particular one illustrated earlier
asciilifeform: the archetypical example is 'digits of pi'
mircea_popescu: nobody cares for as long as they're used for what they're intended to be used, such as reproducible scientific simulation.
asciilifeform: generally there are cheaper ways to make use of 'key' to chump rng
mircea_popescu: afaik "shadow brokers" didn't release this principal rsa exploitation tool of "teh equation group", but : imagine you have a machine a) working on your own special-purpose made prng ; and b) generating rsa keys all the time and on call.
mircea_popescu: "all you need to know is where the signature 1blocks come in the "rng", as they will be preserved by binary mult, can be seen in modulus."
mircea_popescu: kinda why faux rng calibration is done on 1blocks in the first place.
mircea_popescu: (on proper rng. on bs prng / kochgpg etc, they don't.)
mircea_popescu: there ~are~ extension attacks, but those typically require more than a dozen bits known.
asciilifeform: *the already
asciilifeform doesn't expect to see a pill against this, other than he already obvious engineering margin of using respectable number of bits of entropy for whole thing
mircea_popescu: of course, the odds of getting a FF FF q and a FF FF p are 1/2^32
asciilifeform: otherwise yes
mircea_popescu: the only way to have an N = 11111111.... is if both q and p are 1111111......
asciilifeform: problem only properly exists in the tail ('youngest') bit, where carry is 0
mircea_popescu: anyway, the same problem exists in the tail : if N is 000000001 at the end, i know BOTH p and q were 11111111 last 8 bit
diana_coman found herself using "octet" in code because of going nuts with bytes/bits otherwise
mircea_popescu: mathematical ordering.
asciilifeform: let's settle another matter -- which bit is 'first'
mircea_popescu: literally, what the machine bytes.
mircea_popescu: ftr, octet is the fucking right word for 8 bits. a byte should be 64 bits these days.
asciilifeform: the other thing, diana_coman , is that if enemy knows that you will never use a p or q below limit l -- he can start bruting from l
a111: Logged on 2017-11-14 11:05 apeloyee: if M is say, 1.999999 * 2^2047, then ~20 first bits of p and q are known
mircea_popescu: http://btcbase.org/log/2017-11-14#1737519 << let's keep this binary. are you saying that if the first 2 octets of N are 1 therefore the first 2 octets of BOTH p and q must also be 1 ?
asciilifeform: diana_coman: generally speaking, anything one could conceivably walk over, is unsafe - i.e. primes smaller than the number of femtoseconds in a millenium, if i had to give a heuristic
mircea_popescu: yes, you can expect that your modulus will lead 10 more often than 11. but this is in the book already.
davout: mircea_popescu: i remembered mostly the "pedos as afraid of women who'll identify them as beta cux"
a111: Logged on 2017-11-14 11:02 apeloyee: if the modulus is M, then p,q>M/2^2048 (because p,q<2^2048)
mircea_popescu: fortunately for everyone, the state of the needy is croaking before managing to complete its self-defined mission.
asciilifeform: understand, setting the top bit won't help you, i can just as easily say 'but what if the middle 2000 bits in my prime end up zeros!'
a111: Logged on 2017-11-14 10:05 davout: in other pedos http://archive.is/sTUZU#selection-7611.2-7611.137
mircea_popescu: http://btcbase.org/log/2017-11-14#1737511 << amply discussed here, "pedos the next gay-like oppressed community".
asciilifeform: diana_coman: calculate the probability of fatally small p or q.
asciilifeform: http://btcbase.org/log/2017-11-14#1737525 << this is therightthing. but note that not only is http://btcbase.org/log/2017-11-14#1737533 not a problem, but the behaviour is fundamental to ffa. in ada a structure is considered nondynamic if its size doesn't change at run time. not if 'magic number' size, like in overflowlang.
diana_coman: asciilifeform, I meant in the final pair; i.e. you get p=3 and q=2^4095+1 sort of thing; ofc throw both in a pair if product not right size; but if not enforcing any size condition at all on p and q then you can end up with any small prime too
asciilifeform: and diana_coman , there is no 'trouble if one is too small', you throw out ~both~ if the test fails
asciilifeform: imho ^ is The Right Thing, at least for folx who aren't generating keys in a burning hurry
a111: Logged on 2017-11-14 03:58 lobbes: http://btcbase.org/log/2017-11-13#1737253 << time will tell. Depends on how much the logs-to-date worth of archives end up being in drive space. Bandwidth also a factor. Many things left to be sussed out.
a111: Logged on 2017-11-14 01:09 asciilifeform: the way i'd implement the whole shebang, is simply to reject both primes if the highest bit of pq is not 1 .
a111: Logged on 2017-11-14 11:25 diana_coman: apeloyee, if I understand that correctly basically the only way to plug that leak would be to give up on diddling p and q, including setting size; which would mean just get random pairs of primes until their product fits the desired number of bits for the key; obv this lands into the trouble of having one of them too small
asciilifeform: i.e. until we have one another's mods ~and~ pubexps! we're not really rsaparties. with all that flows from this.
asciilifeform: i was answering apeloyee's odd 'but i can give you my pubexp later, over unauthenticated plaintext, anywhere' oddity.
mircea_popescu: asciilifeform there is no communication among unknown parties. someone somewhere gives you a key.
a111: Logged on 2017-11-14 11:09 apeloyee: http://btcbase.org/log/2017-11-08#1734517 << not quite. for encryption, if I get your modulus, and you actually want to read my messages, I can generate a public exponent between M/2 and (say) 3M/4, and attach it to the message in plaintext.
diana_coman: apeloyee, my first thought went that way but then on one hand this just makes the interval larger basically and on the other hand I have no idea how to even evaluate the compromise (i.e. how large interval is large enough anyway, leaving aside that the how big is big enough for p and q is not that terribly clear either -at least not to me); in other words I can see it as an improvement but I can't actually evaluate it clearly
apeloyee: diana_coman: if keeping the minimum of 2^2047 for primes, you can, for example, generate primes between 2^2047 and 2^2049, and start over if the modulus is unacceptable. not sure what minimum for p and q makes sense.
spyked: current lispm ads: http://p.bvulpes.com/pastes/8ROcg/?raw=true if teh real-life gods decide to leave my ass alone, I might publish the whole thing over the weekend.
a111: Logged on 2017-11-13 19:36 asciilifeform: and rewrite the parser per se in scheme ( have it be present as commented bytecode constant )
spyked: http://btcbase.org/log/2017-11-13#1737264 <-- strings are (lisp) lists-of-characters. which, as it is, unfortunately makes parsing and evaluating builtin functions (e.g. cons, car, cdr) a pain in the ass. can be structured cleanly though. also, this makes it not a simple matter of find+replace in shithub scheme.adb.
diana_coman: apeloyee, if I understand that correctly basically the only way to plug that leak would be to give up on diddling p and q, including setting size; which would mean just get random pairs of primes until their product fits the desired number of bits for the key; obv this lands into the trouble of having one of them too small
a111: Logged on 2017-11-13 19:36 asciilifeform: and get rid of the pointers.
a111: Logged on 2017-11-08 22:03 asciilifeform: not knowing the e has exactly same effect as not knowing half of the n.
apeloyee: http://btcbase.org/log/2017-11-08#1734517 << not quite. for encryption, if I get your modulus, and you actually want to read my messages, I can generate a public exponent between M/2 and (say) 3M/4, and attach it to the message in plaintext.
apeloyee: if M is say, 1.999999 * 2^2047, then ~20 first bits of p and q are known
apeloyee: fwiw I just realized that this ^ leaks a little via the modulus
diana_coman: and by "flips" I mean sets them to 1
diana_coman: http://btcbase.org/log/2017-11-14#1737414 <- confirmed; I do NOT use any nextprime or other "rng"-parts from gpg; current rsatron prototype simply grabs nbits from fg, flips the 2 top bits and 1 bottom bit as per previous discussion and then checks if result is prime; if prime then keep, otherwise discard and try again; no "add 2 until prime" or other such thing
deedbot: Provide a paste URL to the ascii-armored GPG public key or the full 40 character key fingerprint without spaces or dashes.
deedbot: Provide a paste URL to the ascii-armored GPG public key or the full 40 character key fingerprint without spaces or dashes.
BingoBoingo: One you probably need to read sooner is http://trilema.com/anonimity-or-the-urban-versus-rural-dispute
hubud: Hard to find a sane btc community these days
hubud: Oh yeah, there are some juicy juicy ones
BingoBoingo: Just wait till you get to the classics