mircea_popescu: asciilifeform in my model the crc was also random.
asciilifeform: which is rather high
mircea_popescu: if you're asking "what is the probability of a 4000 bit string being randomly generated so it matches an arbitrary crc32", the answer is you know, 1 in infinity.
mircea_popescu: crc checks that the string is the same now as it was when crc was originalyl computed
PeterL: not trying to catch changes, trying to catch random string accidentally passing the check
mircea_popescu: PeterL if your string is 250 chars, there is 0 probability that an up to 32 bit setcion being altered in any way will not be caught up
PeterL: also, my question re crc32 yesterday, I meant to say: given a (random) string of 250 chars, what is the proability that (random four byte string) will pass the crc32 test? which I think is just 1/256^4
asciilifeform: nextprime(h(another rngoladd on disk + pw))
mircea_popescu: once implemented, "theft" dropped like 90%. which is more than any usgstani effort has, or ever will do.
mircea_popescu was a major, and in fact for a year or so the only proponent of encrypted wallets for btc.
asciilifeform: privkeys are plaintext ( you can cipher them via some other cmdline util, or even another piped p, but no nonsense re 'bitcoin-style' enter-aes-pw etc )
PeterL: at the moment there is no securing of data. that would be something to add before battlefield use.
mircea_popescu: PeterL is there any security contemplated for the data, such as i dunno, encrypt the lists of peers / keys / history etc ? or simply a case of "fuck you secure your machine" ?
mircea_popescu: if the machine is on and i'm long dead, am i online cuz it pings ?
PeterL: the idea would be to ping everybody, and have an option for wther or not you respond to pings
mircea_popescu: there's no real concept of "online" i can form in my mind. for instance, am i online when i'm not online ? i do read the logs... in what sense am i not online ?
PeterL: but then I was thinking maybe we wouldn't want that anyway
mircea_popescu: yes, but it ruins the security of the scheme, as i don't expect you will be sending pings to ips associated with bogus keys ?
PeterL: the idea being that you could keep track of who is getting your messages
PeterL: actually, I was going to put in a ping but then didn't get around to it yet
mircea_popescu: true. the obvious advantage of patching is that it makes it easier for readers of code to review deltas. but then again, rebasing makes it easier for writer, less shit to maintain. balancing act.
PeterL: hrm, when you get it it prints the time recieved and who from, then prints the message that was sent "time, who, message"
mircea_popescu: PeterL you really don't give a shit. whatever the message is, you truncate it to 220 or what was it and send.
mircea_popescu: wtf, ever got a card in the mail, "this card was received at 3:55 pm" penciled in by sender ?
PeterL: well, I guess I should put in something, I guess your nick can't be longer than the message size or there would be no room for any message
mircea_popescu: PeterL also there's specifically no allowance for "time" to be transferred. receiving station timestamps with its own time.
mircea_popescu: asciilifeform anyway, afair the threshold for ultrasound biodetectable effects (in rats) was 180db or so.
PeterL: I just put in the crc32 as a checksum
mircea_popescu: ~only known use for item comes from the 90s, have nympho take a seat on overturned woofer.
PeterL: Hi everybody, here is my gossipd with the changes suggested yesterday http://p.bvulpes.com/pastes/pf24N/?raw=true
asciilifeform: ( did the expected amt , lol, of good )
mircea_popescu: asciilifeform recall back when the various uss self-destroyers got equipped with "LRAD" for great bezzles ? 90s fad.
asciilifeform: moar like the microwave blaster
mircea_popescu: all this wunderwaffen is just like the railgun, if you recall that discussion.
mircea_popescu: and because other problems with it.
asciilifeform: mircea_popescu: the 7hz thing works, but quite useless because... not directional
mircea_popescu: anyway, the kenyan's legacy is one of the lulziest lulzfests in lulzhistory. so, he came to power on a mandate to close down gitmo, which he didn't do, and to roll back bush era power grabs which he didn't do. instead of doing what he promised he decided to do other things!
mircea_popescu: asciilifeform this works better in theory than in practice.
asciilifeform: practicaljoakes with sound aint about joules, they're about resonances in body
mircea_popescu: asciilifeform yes ? though it was israeli iirc, and worked irl abou as well as the recently reported stink bombs.
asciilifeform: mircea_popescu: recall the french 7hz riot controller ?
mircea_popescu: shinohai maybe russian hackers did it. they messed with cuba's sound.dll
mircea_popescu: maybe they got cancer from listening to ustardian daytime tv.
shinohai just assumed the "acoustical attack" was having American pop music piped through the PA system ....
mircea_popescu: meanwhile the entire capacity of cuba's electricity network is what, 8 MW or so ?
mircea_popescu: not to mention, of course, that everyone in the area can also hear it, there's nothing mysterious about it. yes there are ways to carry sound over inaudible ultrasound as a modulation, but guess what ? that takes even more energy! a lot more, in fact.
mircea_popescu: of course, the acoustic energy saturation dampens with distance (by the cube) and with obstacles. the jet needs something to the tune of 100 MW to take off, and all this buys you at close range and in open air is bleeding from the ears, not magical symptoms such as bruises, concussions or other mysteries.
mircea_popescu: for comparison, a 100 gram tennisball capable of giving a pretty girl a nasty bruise would be going sa 100 km/h and thereby hit for .1 * (100/3.6)^2/2 ~= 40 J over its 0.001 cubic metre space, ie about 40 times more than the jet's "acoustic attack". a 8-gram 9mm round perfectly capable of making a whole new hole hits for 0.008 * 300 ^ 2 / 2 = 360 J over its 20 * 2*4.5*pi = 5.65 * 10^-7 volume, ie about 650`000 times the jet's
mircea_popescu: for the record : a decibel is the log10 of the ratio between a measured sound energy density and 10^-12 J/m^3. consequently the energy of sound at 150 decibels (such as the sonic blast of a jet taking off at 25m, capable of rupturing eardrums) corresponds to an energy density of 10 ^ (150/10) * 10 ^ -12 = 1000 J/m^3.
mircea_popescu: "acoustic attacks", really. because why, we don't know how to calculate the energy carried by a wave of specified frequency, or anything whatsoever about flow in fluids, and so on.
a111: Logged on 2017-07-24 17:53 mircea_popescu: "Oakley is among a growing number of educators who view intermediate algebra as an obstacle to students obtaining their credentials particularly in fields that require no higher level math skills." << teh confusion of ideas ffs.
mircea_popescu: meanwhile, amusingly enough, soros' long standing tax evasion conviction or any mention of his decades on the lam have somehow entirely disappeared from all usg's wikipedias. NEVER OCCURED!!!
mircea_popescu: https://www.occrp.org/en/spooksandspin/how-macedonias-scandal-plagued-nationalists-lobbied-americas-right-and-pulled-them-into-an-anti-soros-crusade/ rather typical offering.\
mircea_popescu: possibly the largest end product of the whole mechanical orange revolutions effort of rice's dept of state.
mircea_popescu: mostly used to launder "leaks" in the vein of "russian hackers" would have obtained had the leaks pointed the other way.
a111: Logged on 2017-08-09 22:47 mircea_popescu: in other lulz : obviously there's a "foundation" and a "code of conduct" (the usgistani nonsense copy/pasted) and a freenode chan, why not. ~600 accounts logged in (specifically : http://p.bvulpes.com/pastes/yDU6G/?raw=true ) , ZERO anyone has to say at all whatsoever. most are related to matrix.org, which is a pile of nonsensical lulz which you're more than welcome to try and make sense of by yourself. in any case, it's an "
mircea_popescu: oh and speaking of http://btcbase.org/log/2017-08-09#1696188 and faux ngos : the "organized crime and corruption reporting project", owned by a maryland state dept offshoot, is this "github for retarded euro-orks willing to journalism for free in furtherance of us "anti-corruption" anti-sovereignity agenda'.
a111: Logged on 2017-07-21 00:02 phf: by the time i started figuring out the socioeconomic part of the question it was a year too late (they started tightening the screws some time before putin came to power, which was not so much the beginning but the announcement of the done deal. i remember '99 the situation of a lot of people changed drastically.)
mircea_popescu: (nemtsov, recently assassinated, was, of course, the guy putin beat for to http://btcbase.org/log/2017-07-21#1687959, yeltsin's chosen successor. ah what a great party it'd have been, for teh pantsuits. clinton forever, herdemocracy herp derp... then gore lost to bush, nemtsov lost to putin, nyc lost to gravity, sads sads sads.)
mircea_popescu: in other unintentional lulz / comedy self-crits, https://upload.wikimedia.org/wikipedia/commons/a/a1/Pn-picketing-1998-sept-people.jpg
mircea_popescu: in other lulz : usg.wikipedia agitprop has an open ended article on propaganda truths : https://en.wikipedia.org/wiki/Russian_financial_crisis_%282014%E2%80%932017%29
mircea_popescu: asciilifeform amusingly, that actually translates "incompetent" in english, which is the right word. "without the ability of entering contracts".
asciilifeform: old norse called them 'nithlings'
asciilifeform: there's a word for such :
asciilifeform: these people shit on contracts, promises, etc whenever it suits'em
mircea_popescu: "i'll just dump these remains in your back yard, throw them out whenever you're sick of them" is not what a lease says.
mircea_popescu: asciilifeform mno. church can ordain whatever the fuck it pleases ; but a lease is not at-will wtf is the point even.
mircea_popescu: in other lulz, some dude drove over a half dozen french whatever they are, soldiers-polizei.
mircea_popescu thinks "well... what if you had a group instead, and you could... o fuck me, discrete logarithms. guess what, another basis for cryptosystems".
mircea_popescu: no wtf there. the wtf is more in the line of "check him out, he wants to use a computer without the if key"
mircea_popescu: well, at least it was painless to check the code, all of 30 seconda
asciilifeform: ( so sometimes 'not used', but the discarding takes provably same time as nondiscarding )
asciilifeform: the output is muxed via constanttimemuxer
asciilifeform: we do 4 motherfucking squares, and 4 subtracts
asciilifeform: (it subtracts EVERY time, then muxes )
mircea_popescu: well, you do the whole polynomioal thing right ? if exponent is 1101 you do 3 out of 4 squares
asciilifeform: this weekend i'ma see just how sad is key genning with the saddest but proper algo , quoted earlier.
asciilifeform: makes the rest of ffa an exercise in complete pointlessness, to use anything of the kind.
asciilifeform: therefore rubbish.
mircea_popescu: asciilifeform but you don't have to use the crap parts. the idea itself is sound, further reduces any montgomery reduction.,
asciilifeform: mircea_popescu: this is the sliding window in gpg2.
mircea_popescu: basically, you precompute conveniently chosen powers of 2, and then you get rid of most of the product larger than
asciilifeform: also uses the same idiotic sliding window thing that makes gpg2 radiate seekritbranchingly for kilometres
asciilifeform: we want the opposite
asciilifeform: ain't looking for the rsa pill here. but for nonretarded variant of montgomery's algo
mircea_popescu: i am now very suspicious you can't ever have a good solution, in the sense that if you find it... you'll have found a fine reason not to need it anymore.
mircea_popescu: i know that face glaring back at me. it is the face of unyielding fucking doom.
mircea_popescu: heh. the graph of a ^ x mod b looks eheheheheeexactly like the riemann functions / unit covering shenanigans.
asciilifeform: there is not an equiv of karatsuba for it
asciilifeform: division is the single most expensive arithmetic op.
asciilifeform: the sad and slow constantspacetime solution , is the same exponentiation-by-squaring ffa has now, http://wotpaste.cascadianhacker.com/pastes/BVxyN/?raw=true , but after FZ_Square(B, B, C_Sqr); we FZ_Mod(B, M B) every time.
asciilifeform: it was the most effective optimization i knew, and the one i rejected first and most incurably.
asciilifeform: incidentally various heathen bignumtrons use carry-save form. it is one of the reasons why they are 10,000s of lines, and mine is ~1k.
mircea_popescu: there is carry
asciilifeform: there is carry.
mircea_popescu: you can add the words in any order you wish and you can keep whichever intermediates you feel like
asciilifeform: we cannot do this. because the simplicity of ffa comes from using strictly ordinary machineword arithmetic.
asciilifeform: by ignoring the carry, and reconstituting later
mircea_popescu: i am telling you, his thing is ripe for rewritting in a more apt notation. he is misrepresenting it because thinking in therms of fucking logic gates
asciilifeform: ( the infallible litmus for ffability : 'can this be UNROLLED TO DEATH?' if not -- no go )
asciilifeform: now if you were to try to rsa by exping first and THEN mod, the universe could not hold your intermediates
asciilifeform: otherwise whole thing is a massive waste.
asciilifeform: it is the only acceptable form for ptron.
asciilifeform: where control flow is SAME regardless of what the exponentiation args are.
mircea_popescu: no but you write it as a full matrix, you get the undo for free
asciilifeform: you can , but still have the 'guessing and undo' thing
asciilifeform: ( rather than word arithm )
asciilifeform: or, more formally, no way to prove the absence of arbitary number of classes of 'easy case'
asciilifeform: has same problem as every other nphard
mircea_popescu: i think we even spoke of it back in the day
asciilifeform: knuth has one with 'addition chains', but it requires the exponent to be welded into place for all time
asciilifeform: anyway this is the easy bit. hard bit apparently is the final crown, coughing up a sane modexp
mircea_popescu: i am all for keepiong the unrolled version at the ready ; but i really see no problem with having and using the unrolled loops version. you read it once, over a weekend or a week, and you use it ten billion times over fifty years.
mircea_popescu: anyway, re the unrolls : it's really not that bad, because of the patterns. it's only "unreadable" because alien because too much time spent reading code written by idiots.
mircea_popescu: anyway. i think the point re : fathers are worthless , siblings are severely retarded is well vindicated
mircea_popescu: honestly i don't believe the somewhat more cl is such a problem.
asciilifeform: srsly this entire exercise has been a brainmelting tour of the sheer unfathomable worthlessness of 'the litarature', 'the cryptography komyoonity', et al
asciilifeform: ( nobody seems to have produced a branch-free montgomery-reduction algo. or any other division-free modexp. )
asciilifeform: and then we can play.
asciilifeform: aite, nao all asciilifeform needs is a constantspacetime MODULAR exp algo that can be expressed with the mux primitive
asciilifeform: ( i'ma keep the general case, for nao, because it is always very easy to turn it into the above later. but not vice-versa. )
asciilifeform: the unrolled-8word thing is 1 ) less general 2) harder to read with naked eye but 3 ) easier to prove correct
asciilifeform: there's still a dilemma tho :
mod6: yeah, worth the hunting trip
asciilifeform: itched to find, what if another 2x vrooom is possible.
asciilifeform: HOWEVER the actual result is : ~13% cut in execution time.
asciilifeform: so theoretically x86 branch predictor oughta be very very happy;
asciilifeform: it is loop- (and any other jump) - free
asciilifeform: for simplicity, tested the case that actually happens in practice: on a 64bit box, any ffa width over 512 bits gives a strictly 8-wide comba mult ocurrence
a111: Logged on 2017-08-08 23:51 asciilifeform: it thereby follows that i could unroll comba into explicit cases from 1 to 8 words
mod6: <+erlehmann> something involving a goedelized perl script that builds all build rules that don't build themselves. drugs were probably involved. << dafaq is this dude on about?
mircea_popescu: and finally re crc : given a string S of any length, the probability of a string S' where less than 32 bits have been altered in a "burst" passiong crc32 is 0. if you go over 32 bit long bursts the probability is ~ proportional to the burst length / 32.
a111: Logged on 2017-08-09 15:58 mircea_popescu: anyway, let it be said that there's nothing wrong with oaep as far as we know, but for the sake of argument a mpfhf based padding scheme would conceivably work like this : 1. given message m, of length l, generate r = random bits, of length l' up to l but not less than 256 bits. 2. compose m' = r + m + c (in that order), where c is l - l` (and its bitness is always same as the bitness of len(m')-256). 3. compose Pm = R + S +
mircea_popescu: reversing mpfhf is required for the padding scheme originally described, whereby you simply mpfhf the plaintext message and then encrypt the S + R, see http://btcbase.org/log/2017-08-09#1695856
mircea_popescu: reversing MPFHF is not required for the above quoted version, as the fhf is used there as a hash function not as a padder. (and alf's objection is valid, not a very good option, a settable size output sponge would be much better).
jhvh1: mircea_popescu: The operation succeeded.
mircea_popescu: !~later tell peterl the hash-xor thing is oadp, which is a provedly strong padding scheme for rsa.
PeterL: Is there a way to calculate the probabilty that a random string of 256 bytes will pass a csc check?
PeterL: and wouldn't you also need to know S if you are going to reverse the MPFHF from a given R?
a111: Logged on 2017-08-09 22:09 mircea_popescu: to encrypt : take plaintext message M, no longer than 250 bytes, and zero-pad it to 250 bytes. take pile of random bits R 250 bytes long. calculate X = M xor R. calculate Y = R xor MPFHF(X) set for R.len = 250 bytes. RSA the 500 byte pile of X || Y. done. to decrypt : de-RSA the 500 byte pile. cut it in two halves. calculate R = Y xor X. calculate M as X xor R. done.
PeterL: http://btcbase.org/log/2017-08-09#1696147 << I don't think we need to do a hash on the data, it is already xored with the random string
a111: Logged on 2017-08-09 17:10 PeterL: I will check in later once I am back at my computer with my key to verify this conversation has been with the real PeterL
a111: Logged on 2017-07-18 18:23 mircea_popescu: asciilifeform understand this bit of GT : the knowledge of all the things you don't know thereby constructs a sybil of you.
pa1atine: http://btcbase.org/log/2017-07-18#1686026 <this one was the one that got me occupied the last couple days
pa1atine: just back reading all the stuff
trinque: sorry, we're past our quip quota for the day. what else you got?
a111: Logged on 2017-08-09 23:00 mircea_popescu: the herd is lazy, the aparatchicks are scared, and the intelligent are lost in the soup, interacting with cattle and criminals as if they were people.
mircea_popescu: the herd is lazy, the aparatchicks are scared, and the intelligent are lost in the soup, interacting with cattle and criminals as if they were people.
asciilifeform: srsly wtf, oughta have been written in 1993 at the latest
mircea_popescu: but yes, i agree that in principle something-like-keccak could be made to spit arbitrary len digests ; and perhaps also in fixed space. the latter will require actual impl to settle.
asciilifeform: the 'reference' is sad
asciilifeform: the algo strictly
mircea_popescu: are we talking the keccak reference code here ?
a111: Logged on 2017-08-09 22:14 mircea_popescu: but afaik keccak isn't that fix-space-able either.
mircea_popescu: but isn't it great that all mgm needs to do is to put on a coupla hats and suddenly the turnips think themselves human fucking beings ?
mircea_popescu: independent" "free" bla bla made by amdocs employees. which YES, is that thing made by the israeli golden pages, and YES is that thing involved in the espionage scandals. and so on.
mircea_popescu: in other lulz : obviously there's a "foundation" and a "code of conduct" (the usgistani nonsense copy/pasted) and a freenode chan, why not. ~600 accounts logged in (specifically : http://p.bvulpes.com/pastes/yDU6G/?raw=true ) , ZERO anyone has to say at all whatsoever. most are related to matrix.org, which is a pile of nonsensical lulz which you're more than welcome to try and make sense of by yourself. in any case, it's an "
mircea_popescu: hanging out with any other troop of stoners would be a better use of your time, in the sense of variety.
mircea_popescu: nobody knows what the fuck "sha 2017" is. nobody cares. even the people paid to fucking care stopped giving a shit in the 90s, as that nsa goon at "crypto conferences" piece amply attests.
mircea_popescu: "tell that to some guy a little younger than you, who just fell off the turnip truck. there is no publicity value in my talk being at your conference. what, if you sell 2000 of them it'll be a miracle. and what, what are people going to say, uuuuuu i like how that erlehmann talks, i wonder if he's got a blog or anything".
erlehmann: no, they rejected my entry
mircea_popescu: did they pay you to do a talk.
erlehmann: mircea_popescu i wanted to give a talk about non-existence dependencies at SHA 2017 and it was rejected with “provide a 5min lightning talk on problem instead”. problem: 5min are enough to understand the problem, not why you are having it or what follows from it.
mircea_popescu: but afaik keccak isn't that fix-space-able either.
mircea_popescu: asciilifeform i guess when he comes back from the mpfhf reverser ima make him do a keccak impl that ACTUALLY does the any-output thing. afaik they're all 32/64byte
erlehmann: 4. yes the effect matters. we can patch make, though
erlehmann: 3. yes, this is not detectable, but the effect is negligible
asciilifeform: or any other sponge
mircea_popescu: asciilifeform most importantly, do we ACTUALLY want to do something pgp-retarded like say R.len = 200 bytes, repeat the last 50 for a 250 byte total then use the repeat to make sure you decrypted correctly ?
erlehmann: because the reaction of most people to it is
erlehmann: mainly i realized why my talk to the conference was rejected
erlehmann: mircea_popescu one person hallucinated having seen the elusive djb redo c code that ultimately did not exist. another person was a release manager and made sure the problem does not exist. a third person wrote a cmake thingy longer than my own redo implementation. a freebsd developer confirmed the problem exists.
mircea_popescu: erlehmann did anything further come of it ?
mircea_popescu: to encrypt : take plaintext message M, no longer than 250 bytes, and zero-pad it to 250 bytes. take pile of random bits R 250 bytes long. calculate X = M xor R. calculate Y = R xor MPFHF(X) set for R.len = 250 bytes. RSA the 500 byte pile of X || Y. done. to decrypt : de-RSA the 500 byte pile. cut it in two halves. calculate R = Y xor X. calculate M as X xor R. done.
erlehmann: indeed, one part of the solution is to return to earth
a111: Logged on 2014-11-26 01:11 asciilifeform: 'Id like to see one expression coined by the poker writer Matt Matros become common parlance, since it applies far more widely than only to poker. An alien problem means some problem that might be fun, interesting and educational to analyze, and it would be really important to know the solution if you ever found yourself in that situation, but the point is that you shouldn't even be having that problem in the first pl
erlehmann: something involving a goedelized perl script that builds all build rules that don't build themselves. drugs were probably involved.
erlehmann: the solution turned out to be a non-solution btw
erlehmann: asciilifeform correct. the talk begins with me mentioning non-existence dependencies and ends with the recipient either having a solution (one guy), being aware of the problem already (i counted two) or being unaware of it but being aware that their software is a lie.
mircea_popescu: erlehmann it's a pile of patches. how the compiler optimizes the rebuilding is irrelevant ; if you change one file it can rebuild the whole thing or not ; but v still only changes the one file and still doesn't have the problem.
asciilifeform: erlehmann: the building-clean thing is sanity. we had this thread. if your program is 'too big to always build clean', IT IS TOO BIG
asciilifeform: erlehmann: the problem you describe is absent in v
erlehmann: asciilifeform C header files are only one instance of such non-existence dependencies where existing of a thingy invalidates the assumptions that went into building another thingy.
asciilifeform: erlehmann: the problem however is not where you seem to put it
erlehmann: asciilifeform that is one possible answer to the think. the thing that starts the triggering is usually a combination of said devs using make and realizing that this is, indeed, a problem.
asciilifeform: they correspond to a vgraph with contradictory inputs.
erlehmann: if A or B start to exist, the target also needs to be rebuilt. that is a non-existence dependency.
erlehmann: if C changes, the target needs to be rebuilt. that is a dependency.
asciilifeform: flush the toilet.
asciilifeform: clean the fucking chalkboard
asciilifeform: didn't we do the STOP FUCKING PARTIALMAKING thread ?
erlehmann: 2. look on while almost all of them develop the exactiy same train of thoughts (including fixing make, which is impossible for this kind of program)
asciilifeform: you can do more or less whatever variations on whichever theme, you feel like, all it costs is a few extra chars in pubkey
asciilifeform: ( yet another reason for pmach )
asciilifeform: incidentally you get best attributes of both if you harness them as i described, via otpxor
mircea_popescu: but in my own mind the "well alf is making P" pretty much was "he's walking to path to both cs and rsa impls to the furthest node"
mircea_popescu: afaik pretty much the only candidate besides rsa itself.
mircea_popescu: i thought there's consensus re offering c-s in teh tmsr cryptotron
mircea_popescu: the statement is that if pss is used atop rsa, then baring poor implementation a forgery is going to cost more than what reversing rsa costs.
asciilifeform: ''When RSA is the underlying primitive, something even more is known: that the ability to forge with resources R in an attack which does not exploit some structural characteristic of the MGF implies the ability to invert RSA on random strings using computational resources only slightly greater than R.''
asciilifeform: replete with magicnumbers, 'random oracle' assumptions, 'perfect hash', and other maculae
mircea_popescu: iirc there is a proof it is as secure as rsa.
asciilifeform: mircea_popescu: i looked at the pss thing, seems like simply yet another obfuscatorily-complex nsaological artifact
a111: Logged on 2016-05-21 23:31 shinohai: https://steemit.com/girlsgonesteem-nsfw/@steempower/welcome-to-girls-gone-steem#comments <<< the logo even looks like a turd. "steem"
mircea_popescu: but, it given, it's no wonder all cars migrating to being the same engine in different plastifications.
mircea_popescu: it's incomprehensible to me, how this "i moved from a forum to a ... forum" thing works in the public's mind.
BingoBoingo: Not really made a blog. Started making posts on platform that it seems some other folks made.
a111: Logged on 2017-08-01 23:43 mircea_popescu: i suspect steemit is a sort of how did they call that alt-disqus/alt-github "let us steal your content" thing ?
mircea_popescu: BingoBoingo by following qntra link, i fell upon http://trilema.com/2014/the-woes-of-altcoin-or-why-there-is-no-such-thing-as-cryptocurrencies/#comment-117679 which i suppose explains http://btcbase.org/log/2017-08-01#1692327
mircea_popescu: (believe it or not, the 18 byte lulz is actually specificed as such, https://archive.is/QYKu5#selection-3121.6-3121.789 ; worth a read, has null IV and all sorta gems)
a111: Logged on 2017-08-09 18:37 mircea_popescu: xor the bytes ?
mircea_popescu: (ftr, the way pgp does it is that it repeats two bytes of a more or less random block of 16 bytes, and then checks if they came out the same. this is in fact WORSE than http://btcbase.org/log/2017-08-09#1696023 but then again contemporary applied cryptography is a very low effort, low quality field).
mircea_popescu: http://grouper.ieee.org/groups/1363/P1363a/contributions/pss-submission.pdf for the day of the pdfs.
mircea_popescu: and incidentally, pss should prolly be in the final tmsr-rsatron huh.
mircea_popescu: (the rsa forgery comment was re sig ^ e mod n || sig mod n always verifies as validly signed.)
mircea_popescu: so you want to take a message m, add that many random bits to it, and then add twice that many bits as a hash of the pile, thereby using 25% of the space for the plaintext ?
asciilifeform: ( if message dun match the prescribed structure -> forgery )
asciilifeform: whole point of the M+H(M) or no-go combo is to prevent forgery.
mircea_popescu: trying to stuff a mac or something in there will make the bondogle regret the days of the aes/rsa combo.
mircea_popescu: asciilifeform yes, well, everything has problems. but there's a difference between using a crc as hash and using a crc as checksum ; and using say sawed-barrel keccak (take first or last x bytes, whatever) isn't all that good because it's really not designed for fragment behaviour like that, nor was such studied
PeterL: asciilifeform: ^ what would be the downside of using crc for this?
asciilifeform: ( if anyone recalls my sageprobe crack ? that was as simple as it was because the thing used crc as hash... )
mircea_popescu: and with this, PeterL finds himself exposed to galois fields, polynomial division, and the rest of the "easy to implement and straightforward" jewels.
asciilifeform: lol that's probably the worst conceivable
mircea_popescu: xor the bytes ?
PeterL: I do find it annoying that long messages get split, but I guess it is not the end of the world or anything
mircea_popescu: the rng consumption will be significant though.
mircea_popescu: so your gossiptron only accepts lines of up to 256 chars in length, then you lzw that and pad etc. not the end of the world.
mircea_popescu: you mean messages of half the size.
mircea_popescu: but even if you send them "together", there's no guarantee they stay unfragmented. not at that size.
PeterL: if they did not come together in one packet, then you would have to hold onto packets and try to match them up with their partner
mircea_popescu: yes, but we're examining why and whether you have to.
mircea_popescu: ok, so then you also send 2, udp sized packets ?