Results 1 ... 250 found in all logged channels for 'koch' |
(asciilifeform) dulapbot: Logged on 2022-06-30 10:28:53 asciilifeform: meanwhile, in koch lulz.
(asciilifeform) asciilifeform: (koch's key gen is still imho rather shoddy even with fix for this bug tho.)
(asciilifeform) asciilifeform: ( on account of branch prediction mechanics in modern irons, ffa in fact faster than koch's bignum, for the latter's 'worst-cases' )
(asciilifeform) snsabot: Logged on 2020-02-05 17:24:20 asciilifeform: let's do for lulz some arithm. i have a linux-3.16.70.tar handy, and inside 47452 files. now, a modexp (2048bit!) on ye olde koch-rsa eats 0.639s on my machine. so that'd be ~8.42 hours. not counting the hashing (my timing example did not include hashing, had pre-baked operands).
(alethepedia) asciilifeform: it's a 'terrorist' product. rather like e.g. pgp prior to the betrayal of p. zimmerman and koch coming on stage
(asciilifeform) asciilifeform: apparently this shitware dun even implement the koch 1.4.10 featureset.
(asciilifeform) asciilifeform: the correct way to keygen is to pump straight from iron rng. Just Say No to kochism.
(asciilifeform) asciilifeform never patched his gpg, given as doesn't ever intend to generate keys on gpg again; and if were to -- doesn't think much of koch's published patch, keygen still uses whitenism
(asciilifeform) asciilifeform: verisimilitude: koch -- maintainer -- is a nsa stooge.
(asciilifeform) asciilifeform: and so happens that i've already posted world's simplest rsatron. which, also happens, beats koch's speedwise even w/out bvt's asmism patches.
(trilema) ossabot: (ossasepia) 2020-03-09 jfw: ah there was also Eucrypt, part of which was a liberation of gcrypt from Werner Koch & co. right?
(ossasepia) jfw: ah there was also Eucrypt, part of which was a liberation of gcrypt from Werner Koch & co. right?
(asciilifeform) asciilifeform: ( fwiw mine 2.3x faster than koch's, when long public exponent. but still ultimately too slow for many uses that'd be practical if were 'instant'.
(trilema) ossabot: Logged on 2020-02-04 01:39:30 mircea_popescu: there's a lenghty pile of disadvantages to the current mechanism we use, not least of these being that it actually imports koch-pgp. it also does suspect signature shenanigans of all sorts, which could potentially present security risks
(trilema) diana_coman: mircea_popescu: I'd very much like to finally move off koch-gpg and so ~anything in that direction is quite of interest to me; I'll gladly help re eucrypt too if/when needed, if that's a block for anyone.
(asciilifeform) asciilifeform: let's do for lulz some arithm. i have a linux-3.16.70.tar handy, and inside 47452 files. now, a modexp (2048bit!) on ye olde koch-rsa eats 0.639s on my machine. so that'd be ~8.42 hours. not counting the hashing (my timing example did not include hashing, had pre-baked operands).
(trilema) mircea_popescu: there's a lenghty pile of disadvantages to the current mechanism we use, not least of these being that it actually imports koch-pgp. it also does suspect signature shenanigans of all sorts, which could potentially present security risks
(asciilifeform) asciilifeform: classical branching-code impl.s of rsa (e.g. koch's) leak entire priv after coupla hundred privops (to anyone with sufficient 'ears' to listen correctly)
(asciilifeform) asciilifeform: ( even koch features. )
(asciilifeform) asciilifeform: but imho is strange that even nao some folx sha1 ( and koch gpg 2.x )
(asciilifeform) asciilifeform: koch's liquishit is at any rate looong 'past its sell-by date'.
(asciilifeform) asciilifeform: shinohai: for my part i've a draft of ffa-powered verifier for legacy gpg sigs (presently, only detached sigs, as used in vtrons) but also needs moar massage before posting ( and in particular, human-readable explanation of how sawed apart the format, the published docs were of ~0 help, had to vivisect the koch turd)
(trilema) mircea_popescu: so koch-gpg is, out of the box, worse than useless for archival : tar / zip / etc as they exist on unix-likes are fucked in the head enough such that if there's a byte error, either the remainder of the archive or the bytes past that one in the list are lost ; but this can be mitigated at least by having multiple copies. gpg however, multiple copies are equally useless, if none make it intact the contents is lost, because
(trilema) mircea_popescu: in other "lulz", in the sense that koch & co are so fucking evil it boggles the mind : gpg has an ascii armored mode, which however contains no error recovery.
(trilema) asciilifeform: diana_coman: whole story of how asciilifeform ended up with peh , if you recall, at one pt asciilifeform wanted to bake a battery-powered 'gpg replacement'. then went and saw what gpg actually consisted of, and found that not only koch liquishit, but broken on ~algo~ level
(trilema) asciilifeform: barrett is admittedly slightly tricky to 'load into head', but it's where we beat the living shit out of koch et al speedwise (for some reason they never bothered to bake a barrett, even tho method was known since '86
(trilema) asciilifeform: mp_en_viaje: knowing 0 aside from the product , i would say it is not correct to put wolf in the company of koch -- wolf actually did sumthing nontrivial and useful ( mapped out the ice40 matrix )
(trilema) asciilifeform: http://btcbase.org/log/2019-03-30#1906193 << interestingly, at 139.2 kloc , still 1 of the heaviest proggies in civilized use; vs, e.g., trb ( http://btcbase.org/log/2018-11-29#1876053 ) ; but lighter than koch gpg ( if minus autoconf, http://btcbase.org/log/2017-07-08#1680705 ) or linux kern.
(trilema) asciilifeform: koch et al shat out his 'fixed witnesses' thing, and folx ate it largely cuz rng poverty. which we dun suffer from.
(trilema) asciilifeform: whereas if you actually lift 32+ rng witnesses from a working rng (as in asciilifeform's demo, or diana_coman's proggy, and elsewhere where not koch.. ) actually converges (for so long as you actually have working rng)
(trilema) asciilifeform: will be lulzy if we end up finding that koch's 'whitener' actually optimizes for sad N
(trilema) asciilifeform: in koch for instance.
(trilema) asciilifeform: ( as used in kochisms )
(trilema) asciilifeform: mircea_popescu: funnily enuff, koch takes approx same time, and that's with him not using rng witnesses at all iirc...
(trilema) a111: Logged on 2019-02-17 16:05 asciilifeform: ( and when found that ~despite this~, http://www.loper-os.org/?p=2906 , was pant-shittingly hilarious, how koch still managed to be the tortoise in the race )
(trilema) asciilifeform: ( and when found that ~despite this~, http://www.loper-os.org/?p=2906 , was pant-shittingly hilarious, how koch still managed to be the tortoise in the race )
(trilema) asciilifeform: iirc diana_coman already did some time in that joint , when walked koch's thing
(trilema) asciilifeform: ( witnessed in e.g. koch )
(trilema) mircea_popescu: ie, yes, jenkins sings to carnegie hall, koch cryptograpies to the conference plastic carpet, some kids in egypt http://trilema.com/2011/bine-ati-venit-la-noi-in-tara/#selection-177.0-177.14 and so following.
(trilema) asciilifeform: koch et al, 'play in carnegie hall', like the infamous florence foster jenkins
(trilema) asciilifeform: ars longa & vita brevis, to touch ~errything~. i'm prepared to piss on koch, but i won't piss on gliderist who gets in nobody's way
(trilema) asciilifeform: pretty sure koch is 100% aware.
(trilema) mircea_popescu: koch application of fermat DIRECTLY maps on the above "random definition".
(trilema) asciilifeform: ( in that respect, koch is arguably 'professional', entirely bought an' paid for by microshit et al )
(trilema) asciilifeform: so possible that koch 'duct taped' m-r onto it.
(trilema) asciilifeform: good % of what's in koch's thing, cannot be explained in any other way.
(trilema) mircea_popescu: then koch expects to be hired because koch ~is~, whatever the hell he might be, polite, pedigreed, mit-degreed, "famous" in the smartphone sense etcetera.
(trilema) mircea_popescu: koch is implementing fermat because fermat ~is~ the test, not because fermat ~does~ something.
(trilema) a111: Logged on 2019-01-30 16:43 asciilifeform: ( as i understand, in koch world fermat test uses ~exactly same # of cycles as 1 shot of m-r )
(trilema) asciilifeform: arguably this one's even moar outrageous, koch manages to lose even tho he uses miniscule bases in his modexp (in m-r)
(trilema) asciilifeform: ( as i understand, in koch world fermat test uses ~exactly same # of cycles as 1 shot of m-r )
(trilema) asciilifeform: diana_coman: i recently reread your series re primes, and found http://ossasepia.com/2018/01/04/eucrypt-chapter-4-random-prime-number-generator/#selection-111.241-117.155 interesting -- koch fermats 1st, but this dun actually save any cpu under any circumstances. pretty lulzy.
(trilema) asciilifeform: BingoBoingo: to nitpick, s/in Barrett's Modular Reduction/in modular exponentiation/ , koch dun use barrett ( he uses montgomery, which dies on even numbers, lol )
(trilema) asciilifeform: will be interesting to test on '9000' koch-generated primes, and see if any... aint
(trilema) asciilifeform: koch , otoh, does other thing entirely, trims the bitness to be below N's
(trilema) asciilifeform: per the proof, it is seemingly harmless ( a carmichael number has 1/4 of the integers as 'liars' ) but what it does is to prevent simple manual test with small numbers , which is imho quite typically kochian
(trilema) asciilifeform inclined to reject koch's optimization ( which diana_coman retained ) where witness consists of rng(bitness_of_n - 2) , and actually make witness equal to rng(width) mod (n - 2) for full range
(trilema) asciilifeform: naturally each new X is pumped from FG, rather than kochian increment or any such thing
(trilema) asciilifeform: the folx who shat out apache & co., i suspect were at least as aggressively retarded as koch.
(trilema) asciilifeform: koch's turd, despite being implemented in c, with no bounds checks, actually loses to ch14 ffa , for inputs of same ~width~ -- despite fact that he doesn't constanttime and thereby gets to skip massive work
(trilema) asciilifeform: it 'works' in the same way as other 'nobus-maintenance' kludges (e.g. koch's 2016 patch) 'work' -- raise bar so that nobus
(trilema) asciilifeform: it is difficult to dispell even the most outrageous lulhypothesis re koch-gpg. sorta what makes it 'speshul', what, 40MB of ???.
(trilema) asciilifeform: ( not even to mention the fact that -- rare, for a kochism -- the problem dun even exist in stock gpg, which defaulted to 2 subkeys, 1 for sigs and 1 for encipherments )
(trilema) mircea_popescu: (the view that gpg aka koch-rsa leaks bits via signature isn't entirely dispelled even today)
(trilema) asciilifeform: btw didja know, mircea_popescu , that yarvin has an rsatron in there ? possibly will be remembered as the only rsatron gnarlier/buggier than kochs's, or even microshit's
(trilema) asciilifeform: ( yet aaanother thing that koch didn't give )
(trilema) asciilifeform: ( recall, diana_coman uncovered various lulz re koch's variant )
(trilema) a111: Logged on 2019-01-09 15:36 asciilifeform: last night i re-read diana_coman's piece on m-r , it is interesting just how much sweat diana_coman had to put in simply on account of koch gnarl
(trilema) asciilifeform: last night i re-read diana_coman's piece on m-r , it is interesting just how much sweat diana_coman had to put in simply on account of koch gnarl
(trilema) asciilifeform: mircea_popescu: mpi is subset of gmp that koch cut ( and ate $mil of microshit payola to do it, somehow ) , aha.
(trilema) asciilifeform: i've been referring to mpi and gmp interchangeably as 'koch rsa', but this is unscientific, i must remind that they are diff items.
(trilema) asciilifeform: the 1 application where ffa defo dunwork, and koch -- does, is phuctor.
(trilema) asciilifeform: tbh i'm not sure what kochtronic rsa will be good for once i have the keygenning ( it apparently dun win on speed anywhere, even tho it gets to skip 0s in modexp.. ) but this time not yet come.
(trilema) asciilifeform: also recall the (surprising to asciilifeform , but apparently nobody else) discovery that ffatron as-is-stands is ~2.5x faster than koch.
(trilema) asciilifeform: mircea_popescu: correct. the item that needs padtron, is mircea_popescu's specced 'fuckng replace gpg already' ; and possibly also koch-free euloratrons.
(trilema) asciilifeform: diana_coman implemented prototype, using koch
(trilema) asciilifeform: the only folx for whom 'mystery' and 'requires' 50,000 ln of overflowlang -- are koch et al
(trilema) mircea_popescu: yeah, and their name is collectively "koch" and "the gnu foundation"
(trilema) asciilifeform: ( the punchline is that koch, ssl, etc are ~in this set~ )
(trilema) asciilifeform: in other noose, earlier this wk , asciilifeform tried to repeat http://www.loper-os.org/?p=2906 test , but using 'gmp', the 'uncut' version of koch's thing, with asmism etc. but lo and behold, it is apparently impossible to repeat the full test battery, because :
(trilema) mircea_popescu: so your reasoning was that if some bits get left out the koch is gonna eat them ?
(trilema) asciilifeform: gpg itself is substantially moar crippled than koch's mpi lib
(trilema) asciilifeform: test was re koch's arithm engine (which does take arbitrary exps etc, and a patched ver is used in e.g. phuctor)
(trilema) a111: Logged on 2016-11-26 16:31 asciilifeform: koch's shitball per se is written in such a way that the cruft is glued on with broken glass (all the ciphers are modularized in very gnarly multilayered way, whole thing relies through and through on his weirdo streams thing, 1,001 idiocies)
(trilema) asciilifeform: but i expect ffa-cum-asmism will still beat shit out of koch-cum-asmism
(trilema) asciilifeform: incidentally, it's a 'fair fight', i.e. both ch14 ffa and mpi-koch lack asmism
(trilema) asciilifeform: and that he still gets to skip , theoretically , ~half~ of the work of a modexp with random inputs (half the bits of exp are 0, and in kochian modexp dun result in a mul/square cycle)
(trilema) mircea_popescu: Turns out, Koch’s pile of shit, despite eschewing constant time arithmetic, and being implemented in Overflowandcrashlang… loses the footrace, when given a full-width modular exponentiation (i.e. one where it cannot cheat by skipping over leading zeroes.)
(trilema) asciilifeform: if only merely 'spun in desert'. these are the folx who gave us 'i lost mah keyz' zimmarman, who then pupated into 'rng, what rng' koch, et al
(trilema) asciilifeform: koch loses surprising amt of cycles to variablewidthisms/heapism.
(trilema) asciilifeform: ^ which is about on par with koch's, interestingly
(trilema) asciilifeform: ( and , in fact ~to the credit of~ koch, at least the latter didn't fuck about with 'proofs' )
(trilema) asciilifeform: approx on par with e.g. koch.
(trilema) a111: Logged on 2018-11-29 19:21 diana_coman: asciilifeform, and the loc is not the whole story either; I'd much rather read *your* 1000 loc than Koch's 100 loc
(trilema) diana_coman: although ofc it's more like Koch's 1mn loc ~always
(trilema) diana_coman: asciilifeform, and the loc is not the whole story either; I'd much rather read *your* 1000 loc than Koch's 100 loc
(trilema) asciilifeform: mircea_popescu: they're really e.g. https://github.com/gabriel-laddel/masamune/commit/b7332fe26e69ff4d60f075f3c21179cd1eae8bae , they do the kochtard 'short fp' thing in the ui
(trilema) a111: Logged on 2018-11-26 18:31 asciilifeform: d the online payment processor Stripe each pledged to donate $50,000 a year to Koch’s project.' etc
(trilema) asciilifeform: d the online payment processor Stripe each pledged to donate $50,000 a year to Koch’s project.' etc
(trilema) asciilifeform: 'Feb. 5, 2015, 8:10 p.m.: After this article appeared, Werner Koch informed us that last week he was awarded a one-time grant of $60,000 from Linux Foundation's Core Infrastructure Initiative. Werner told us he only received permission to disclose it after our article published. Meanwhile, since our story was posted, donations flooded Werner's website donation page and he reached his funding goal of $137,000. In addition, Facebook an
(trilema) asciilifeform: ( archaetypical ill-conceived 'smart' -- koch's 'keychain' nonsense )
(trilema) asciilifeform: mircea_popescu: presumably cuz koch stuck a gpl sticker on it
(trilema) asciilifeform: mircea_popescu: stallman has plenty to answer for, but i dunno what he has to do specifically with koch's gpg
(trilema) asciilifeform: ( on , afaik, all known kochian gpg )
(trilema) asciilifeform: yea kochian 'normalization' (variable-width representation of bignums) does that.
(trilema) asciilifeform: maybe ilsa koch had one ?
(trilema) asciilifeform: somehow on koch planet, is seen as acceptable..
(trilema) mircea_popescu: but yes, as far as anyone knows 2048 bit keys perfectly safe, now and for the foreseable future (this isn't a comment on koch faux-pgp, which unsafe at any length as well documented in logs qntra and so on).
(trilema) mircea_popescu: i should have thought of that! think alfie, a future world wherein all thart's left is nostalgia for the past. a past which is no longer accessible, except in the limited sense, that victorian novels about prim sad ladies have pages steeped in koch solution ; whereas italian fiction of the plague will gladly give you it.
(trilema) asciilifeform: pretty sure nobody has any other gpg eater than callout to koch
(trilema) asciilifeform: recall , similarly, koch's 'fix' for his mpi bug.
(trilema) mircea_popescu: all that code SHOULD NOT have been shared. not with fucking red hat, not with fucking koch, not with fucking drepper and so on.
(trilema) a111: Logged on 2018-05-21 11:48 spyked: it might also in a way be interesting to report how I stumbled upon this: I tried to recompile gnupg-1.4.10 on my broken debian system and got the same "multiple definition" linking errors as in vtools' case (though I *did* use gcc<5). so I dug and found the usual kochs "fixing" things to compile gnupg on newer gccs.
(trilema) mircea_popescu: you know, EXACTLY HOW KOCH GPG WORKS ?
(trilema) mircea_popescu: "extension scripts", fancy that wonder. koch put ethereum in gpg before ethereum was even "a thing"
(trilema) asciilifeform: meanwhile, in other koch gpg2isms : https://archive.li/FWdDD >> '...signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extensions scripts. Modifying the configuration file allows the attacker to inject additional encryption keys under their control, thereby disclosing passwords to the attacker. Modifying the
(trilema) lobbesbot: trinque: Sent 13 hours and 6 minutes ago: <asciilifeform> might be worth testing whether koch's latest lul affects deedbot's gpg hose
(trilema) asciilifeform: !Q later tell trinque might be worth testing whether koch's latest lul affects deedbot's gpg hose
(trilema) deedbot: http://qntra.net/2018/06/koch-burns-gpg-signature-version-vulnerability/ << Qntra - Koch Burns GPG Signature Version Vulnerability
(trilema) spyked: it might also in a way be interesting to report how I stumbled upon this: I tried to recompile gnupg-1.4.10 on my broken debian system and got the same "multiple definition" linking errors as in vtools' case (though I *did* use gcc<5). so I dug and found the usual kochs "fixing" things to compile gnupg on newer gccs.
(trilema) asciilifeform: also the term 'self signature' as used in kochiana/rfc2440/4880 world , is misleading : if all that were signed were a modulus, one could trivially produce 'self sig' for any modulus/exponent that satisfy the rsa equation, incl. ones generated on the spot. 'self sig' in gpg world is simply attempt to tie commentstrings to keys.
(trilema) asciilifeform: diana_coman: it was a specific chumpatronic term used by koch et al
(trilema) asciilifeform: lol i also signed the original. but it is still kochware.
(trilema) asciilifeform: eucrypt is kochware.
(trilema) mircea_popescu: asciilifeform no kochware involved though.
(trilema) asciilifeform: it so happens that i've designed exactly such a device. but it will be filled with ffaware, not koch. and all things in their proper time.
(trilema) asciilifeform: let's posit that asciilifeform were willing to put his signature ever again on kochware. ( he ain't. ) how would the key get on the device ? ( i.e. is this exactly the orig cardano ? )
(trilema) a111: Logged on 2018-02-23 16:09 asciilifeform: http://btcbase.org/log/2018-02-23#1785695 << i can't think of why it would be wrong to shell-out to ~working~ (sane) util. shellouts only suck if to e.g. kochgpg
(trilema) asciilifeform: http://btcbase.org/log/2018-02-23#1785695 << i can't think of why it would be wrong to shell-out to ~working~ (sane) util. shellouts only suck if to e.g. kochgpg
(trilema) asciilifeform: i for one intend to retire the modulus i made on kochian prng.
(trilema) TomServo: Wouldn't a FG powered kochrsa be preferred over no FG?
(trilema) ben_vulpes: TomServo: you're talking about updating the nonsense "name" field on your kochrsa key?
(trilema) ben_vulpes: hey, pete_dushenski how didja plug the fg into the koch-rsa keygenerator?
(trilema) ben_vulpes: pete_dushenski: you don't want a 4096 bit key; i can't find the relevant logs at the moment but koch-rsa does bad shit when generating keys > 2048 bits
(trilema) asciilifeform: sometimes, trivial fix. ( koch's gpg had at least 1 case, iirc ) but doesn't generalize to a mechanical fixer.
(trilema) asciilifeform: mircea_popescu: this is correct. which is why we dun have mechanisms judging kochs.
(trilema) asciilifeform: the difference b/w http://btcbase.org/log/2018-01-26#1776941 and e.g. koch-rng remains apparent to anybody with half a brain
(trilema) asciilifeform: and the 'bad spec' thing is part of multilayered shit sandwich, the general principle is that complexicrud accretes; the overflows, etc. follow naturally ( with helping hand from kochs, dreppers, et al as necessary )
(trilema) ben_vulpes: he is also in my koch-rsa l1, what of it?
(trilema) asciilifeform: the 'binary signature' thing is astonishingly idiotic kochism.
(trilema) asciilifeform: ^ for anybody else who stepped on same koch mine
(trilema) mircea_popescu: what is your standard of proof anyway ? suppose x claims that koch works for weimer ; and y claims weimer works for koch. how do you distinguish these claims ?
(trilema) mircea_popescu: how about this "mechanical borrowing" system you proposes ACTUALLY weakens responsibility, because the 15, instead of taking seriously their true deed, which IS in fact authorship-indistinguishable, rather aim to hide behind a claim of "hey, we merely work here, signing signatures" a sort of "well i really wanted to X and the only part Y available was Koch's so don't blame me"
(trilema) asciilifeform: just like all cmachineism eventually converges to koch.
(trilema) asciilifeform: apeloyee: kochanski's method ( at least as described on his www ) very definitely took variant times.
(trilema) asciilifeform: we went over kochanski here, in august
(trilema) apeloyee: likely kochanski's multiplier is the next simplest thing
(trilema) asciilifeform: more proximately, kochian ('primeinc') gen will ~never give you the 2nd half of a twinprime pair
(trilema) mircea_popescu: http://btcbase.org/log/2018-01-08#1766977 << i don't see the problem with using the actual spec. koch "optimizations" not really useful.
(trilema) asciilifeform: i suspect that koch was blindly following the schoolbook here.
(trilema) asciilifeform: ( it makes a kochtronic (i.e. variable-width) arithmetron exponentiate faster. but answer is same , as far as i can tell, as if it were not done )
(trilema) asciilifeform: the nonsensical padding scheme used by rfc2440/4880/koch is on display , incidentally
(trilema) asciilifeform: naturally koch methodically omitted it
(trilema) asciilifeform: i mean ffs, koch dun even leave a knob to get ~key~ entropy trngistically.
(trilema) mircea_popescu: dja understand motherfucking koch fixed one of the witnesses in mr ?
(trilema) asciilifeform: there is such a thing as maliciously-ugly c. i.e. what koch et al write.
(trilema) asciilifeform: which is monstrously retarded, but koch did not ask me, lol
(trilema) shinohai: no need for bickering VIII: The Kochaclypse
(trilema) asciilifeform: imho plenty of kochs to go around.
(trilema) asciilifeform: for what do we need an n-th koch
(trilema) mircea_popescu: which yes, kock wouldn't be koch if he didn't live to try and befoul the tools of salvation through association with his turpitudes.
(trilema) asciilifeform: koch wouldn't be koch if he did not write it like-so.
(trilema) asciilifeform: ( it was perhaps 80% of how asciilifeform cut koch-mpi , by similar proportion )
(trilema) asciilifeform: but it isn't clear to me why weaker koch test would have different answer than stronger m-r
(trilema) mircea_popescu: was it ever checked whether it would appear prime to koch-gpg ?
(trilema) asciilifeform: http://btcbase.org/log/2017-12-14#1751803 << at one time i linked to 'diff' src here, when hunting for ordering nonuniformity that turned out to be a uniturdism . it made koch's war crime, look clean.
(trilema) asciilifeform: ftr i have no intention of amending mpi myself . if at some time i discover a new kochism therein, i will vdiff against diana_coman's mpi-containing entity
(trilema) asciilifeform: i can even see the logic, 'why would i give half a shit what rngolade to feed to my koch whitenertron'
(trilema) asciilifeform: and 'uses the components of elgamal' and 'leaks like a sieve if we use koch's routines, via side channel' required additional pedanticism somehow ?
(trilema) asciilifeform: mircea_popescu: the linked item earlier is from when asciilifeform dug out and studied koch's proposed sidechannel countermeasure. proclaimed it nonsensical and useless, and bit the bullet, 'must bignum from scratch.'
(trilema) diana_coman: mircea_popescu, we can do it yes; I guess the question is where to start i.e. no point in starting from koch that I can see; starting from asciilifeform 's sane-mpi would be one; adds and deletes stuff
(trilema) asciilifeform: thing could shrink further, i left koch's buffering system , used by the logger ( also remained ), intact
(trilema) mircea_popescu: anyway. my conclusion is ima do the eu-crypto as a new genesis, because really most of the koch crap in mpi (esp the prng crap) got dirtched
(trilema) asciilifeform: so it is still entirely a koch product
(trilema) mircea_popescu: i am not interested in claiming any kochian pedigrees.
(trilema) mircea_popescu: (on proper rng. on bs prng / kochgpg etc, they don't.)
(trilema) asciilifeform: ( she is using my sanitized gpg bignum. but i did not preserve koch's faux-rng atrocity ; so anything pertaining to entropy, is new )
(trilema) asciilifeform: you lose 1. but in koch's variant you lose 2 .
(trilema) asciilifeform: aha, koch does
(trilema) asciilifeform: the shaving of the ~highest~ bits is an idiot kochism on the other hand,
(trilema) asciilifeform: mod6: noshit koch doesn't do this
(trilema) mod6: <+mircea_popescu> in other news : it was established in teh minigame torture rooms that in point of fact 4096 bit keys contain only 4090 bits of entropy at the very most (minus whatever koch-gpg manages to shave off in other ways). << uugh. every time we peel a layer back...
(trilema) mircea_popescu: the reason is that (in a translation of what koch-gpg does into sanity) you take 2045 bits of rng for each possible prime, stick 11 in front and 1 in the tail and THAT is your 2048 bit prime candidate.
(trilema) mircea_popescu: in other news : it was established in teh minigame torture rooms that in point of fact 4096 bit keys contain only 4090 bits of entropy at the very most (minus whatever koch-gpg manages to shave off in other ways).
(trilema) diana_coman: existing koch-rsa, simply once with co-prime e, the other time with prime e
(trilema) asciilifeform: ang-st: asshole in C << koch, drepper, et al. but they're old and they ain't making more, for some reason.
(trilema) mircea_popescu: http://btcbase.org/log/2017-11-08#1734650 << this is very much a koch-gpg problem in the vein of "lobbes warning people not to rely on the "control dials" as provided by koch-gpg, for being unreliable" and probably the most important example thereof.
(trilema) asciilifeform: ( unsurprising koch mechanics )
(trilema) mircea_popescu: well, at first it was about lobbes warning people not to rely on the "control dials" as provided by koch-gpg, for being unreliable ; then you wanted to talk about fps and then at some point and without warning anyone apparently pivoted to talking about pubkeys and signatures.
(trilema) mircea_popescu: yes, koch fps are ineptly chosen names. yes there's value in having a biunivocal name-item relation by default.
(trilema) asciilifeform: observe the mendacious idiocy of koch's signature code, where if sha1 hash collision is found , can forge sigs ~regardless of what sig algo hashing was set to~
(trilema) mircea_popescu: koch-gpg is an unreliable apparatus in the vein of random-shooting pistols etc.
(trilema) mircea_popescu: notrly, no. koch-gpg iotself though.
(trilema) asciilifeform: ( exercise #2 : show how many bits of input entropy are on avg. discarded by koch generator. )
(trilema) asciilifeform: ( the koch method, of taking R and adding 2 to it until m-r says yes, trivially leaks )
(trilema) asciilifeform: apeloyee: upstack, it becomes clear that koch put in crt strictly so that gpg can shit out your private key when uncorrected memory flip
(trilema) diana_coman: <asciilifeform> >> http://wotpaste.cascadianhacker.com/pastes/DrA3R/?raw=true << for n00bs : rsa-cum-crt , as seen in koch's gpg-1.4.10 <- aha, that's what I use, yes; anyways, will comb the thing again a bit later today and then get back with something concrete
(trilema) asciilifeform: >> http://wotpaste.cascadianhacker.com/pastes/DrA3R/?raw=true << for n00bs : rsa-cum-crt , as seen in koch's gpg-1.4.10
(trilema) asciilifeform: mircea_popescu: koch
(trilema) asciilifeform: ( same derps as hosted the koch talk linked earlier, loox like )
(trilema) asciilifeform: and naturally no koch speech is complete without a 'the web of trust, he feels, is inherently broken. It is only explicable to geeks, and not to all of them, it publishes a global social graph, because signatures on keys imply physical meetings on known dates, and it doesn't scale.'
(trilema) asciilifeform: 'So instead he's moving toward ECC ciphers, which are well-researched — more so than RSA, according to Koch. '
(trilema) asciilifeform: 'Koch then moved into Elliptic Curve Cryptography (ECC), which he discussed at some length. RSA, he said, is not likely to stay secure for much longer without really large keys. Support for 4096-bit RSA keys has been in GnuPG for some time, but Koch contends that real security will require 16Kb keys; that makes keys, fingerprints, and signatures all unusably long, particularly for embedded devices and hardware security modules (HSMs)
(trilema) asciilifeform: asciilifeform's 'hacked off koch' has been sitting right there on www since 2015.
(trilema) mircea_popescu: i wouldn't mind the dood who hacked off rsa from koch pgp and made a server that just passed encrypted comms. that's it.
(trilema) asciilifeform: in so far as i can tell, none of these items have anything to do with even kochian pgp
(trilema) asciilifeform: if you want 'compromise' rsa, use koch's.
(trilema) asciilifeform: a 2sec modexp is already a wholly fine replacement for koch's gpg, say.
(trilema) asciilifeform: i proposed primorial strictly as an initial winnowing to replace the idiot trial divisions koch et al used.
(trilema) a111: Logged on 2017-08-14 16:14 asciilifeform: ( tldr : superiority of the FUCKGOATS-enabled approach, of get-new-N-bits-from-rng-then-primalitytest-until-done, vs the kochian get-N-bits-then-increment-until-passes-millerrabin )
(trilema) asciilifeform: you will notice that koch's rng atrocity ain't in there.
(trilema) diana_coman appreciates very well that part with "astonishingly painful to properly saw off the kochball" after this past year of sawing off ps shit
(trilema) asciilifeform: note that this is a traditional, kochian, leaking bignumatron.
(trilema) asciilifeform: ^ asciilifeform's very painstaking 'trbfication' of koch
(trilema) mircea_popescu: the only item ready to go in is in fact koch's, and so he gets imported.
(trilema) mircea_popescu: red hat OPTED to be shitheads. like koch usually does.
(trilema) asciilifeform: ( kochian modexp stops at the last 1bit )
(trilema) asciilifeform: koch is neither here nor there, was not part of the measurements, nor is possible to compare because it does not actually do the same job
(trilema) mircea_popescu: asciilifeform so to try and extract actual reality from this : a ^ b mod m takes 0.26 seconds in koch writing ; same a^b mod m takes 51.3 on your box, notwithstanding a ^ b without any modding takes 1s ?
(trilema) asciilifeform: i can state with confidence that kochiana fits in NO head
(trilema) asciilifeform: like kochian rsa.
(trilema) asciilifeform: mircea_popescu: that's the kochian table approach
(trilema) asciilifeform: this is called slidingwindow and it's what koch does.
(trilema) asciilifeform: htm is to actual hypertext as koch is to rsa.
(trilema) phf: Daniel KochmaÅski
(trilema) mircea_popescu remembers the day mycobacterium was called "koch's baccilus"
(trilema) a111: Logged on 2017-08-14 16:14 asciilifeform: ( tldr : superiority of the FUCKGOATS-enabled approach, of get-new-N-bits-from-rng-then-primalitytest-until-done, vs the kochian get-N-bits-then-increment-until-passes-millerrabin )
(trilema) asciilifeform: ( tldr : superiority of the FUCKGOATS-enabled approach, of get-new-N-bits-from-rng-then-primalitytest-until-done, vs the kochian get-N-bits-then-increment-until-passes-millerrabin )
(trilema) mircea_popescu: im still talking of trying to adapt kochanski's thing
(trilema) a111: Logged on 2016-08-23 13:08 mircea_popescu: Framedragger the problem here is moreover default trust. so you wake up one day and you see... "gnupg". nomina nuda. you look around, theres' "werner koch" idem, nomina nuda. you look, there's "tor" with "shari" and "isis". names, hollow as can be. but the natural tendency of the brain, to see movement in a succession of stills and meaning in noise and structure in names convinces you these are THINGS.
(trilema) a111: Logged on 2017-07-22 22:40 mircea_popescu: http://btcbase.org/log/2017-07-22#1689243 << depends what you mean by "rsa encrypted message". a) current rsa "encryption" as implemented by koch-gpg et al consists of encrypting a symmetric key. trivial to test this against a number of rsa keys. b) conceivably item will include a courtesy key fp to help you know.
(trilema) mircea_popescu: http://btcbase.org/log/2017-07-22#1689243 << depends what you mean by "rsa encrypted message". a) current rsa "encryption" as implemented by koch-gpg et al consists of encrypting a symmetric key. trivial to test this against a number of rsa keys. b) conceivably item will include a courtesy key fp to help you know.
(trilema) mircea_popescu: (incidentally -- sheldon adelson, who is remarkably not ever mentioned by the sort of people who keep going "koch brothers!!!", but otherwise chiefly famous for a) helping trump get 25mn to win the election and b) being involved in a very typically http://btcbase.org/log/2017-02-27#1619009 shakedown and then buying newspaper to attack presiding judge and also making the "charge" go away.
(trilema) mircea_popescu: our cook's thermometer clearly indicates that the fault in koch's gpg is located in the upper left cpu quadrant.
(trilema) asciilifeform: iirc the d00d who found the koch whitening lulzgem used a proggy that worked quite like 'barium enema'
(trilema) mircea_popescu: ie, koch bignum dun actulaly work.
(trilema) asciilifeform: lol kochgpg ends up computing garbage if the 4096 cap is removed
|
Download hourly DB snapshot | Get Source Code