On how the factored 4096 RSA keys story was handled, and what it means to you.
Part One - The Handling
Sane people did sane things as a result, such as independently verify that the key was factorizable (it was), try and figure out where the key was used (turns out it wasn't), try to figure out how dangerous the situation is (unclear, but it doesn't seem likely that the key can be used as-is in most circumstances), examine the key (turns out it's a fragment of a valid key to which a signature for a different key was attached) and so on. This is all good stuff, and in an ideal world the only sort of stuff that matters. Consequently, we won't be talking about it. That's the tradition.
Insane people (such as) went on about their usual pastime of boxing with the shadows in their minds. We won't be talking about them all that much either.
Which leaves TPTWBi. These guys have a standard playbook for when something happens, and while pretty retarded it nevertheless gets applied verbatim, each and every time. Each.and.every.fucking.time, like some sort of Walmart three ring binder thingee.
At this point, I could just let the circumstances speak for themselves - they speak quite very loudly indeed. If I were a lesser man, or poorer, or less powerful indeed I might. As it happens however I'm not your random pasty ass geek, afraid of whatever bugaboos and hobgoblins terrorize the geekdom ; nor am I a "scientist"/academitard, entirely, consumately dependent on governmental largesse for life. I am powerhouse in my own right, with an Intel service at my disposal as befitting a proud lord of a sovereign nation and so forth.
Consequently, I have sought and obtained confirmation from folk actually still workingii in the numerous, amply bureaucratic, broadly ineffectual, often overalapping, always struggling programs fielded by the USG to "hearts and minds" the Internetiii.
So : no, this wasn't happenstance, yes, this was a jobiv, no it won't likely do anything, yes life is hard, no it's not particularly fair, yes someone's getting paid for it, no the money doesn't do anything for them - gotta pay the mortgage, gotta pay the college debt, gotta keep blowing out or else the shit's flooding in.
Back to the playbook :
I. Outright suppression. Apparently, the US Department of Fake Entrepreneurship learned something from the previous debaclev, so they didn't dare delete the thing outright. Nevertheless, they did not really learn enough.vi
Here's a quick comparison between the evolution of the actual story and the evolution of its hastily released replacementvii :
One to two hour reaction times are not bad, I suppose, judging from what can be achieved with men and a budget. Kudos to whatever conclave of faceless bureaucrats struggling to earn that luscious retirement package. One to two hour reaction times are also not really useful, judging from the opposite angle, of what the Internet is and does. C'est la vie.
Anyway, coupla hours in, once it became obvious nothing else works, they got ol' Paulie G to push the buttonviii. Herp.
II. Throw shit at the wall, maybe something sticks. This is the easiest, cheapest and most commonly seen approach, mostly because the Internet tends to irradiate itself periodically in a doomed attempt to rid itself of the cancer that it itself is. Nevertheless, just like grass grows naturally but is distinguishable from astroturf, just so ordinary Internet shitwallism is distinguishable from organised Internet shitwallism. Some of the choicest bits :
[1] He's been scraping the profiles of young women (specifically) and posting links, names, and hometowns on his blog. Yes, as technologists, we know that this kind of indexing is trivial. That's no reasonix, as a decent human being, to terrorize innocent people.
You shouldn't be surprised to see blatant lies from Mircea Popescu, who also claims that he's a billionare, that English literature literally does not exist, that bitcoin literally makes states and laws obsolete, and that nuclear weapons are ineffective.x
I could go on, but it'd just be more of the same - the problem with jobsworths is that they bore something fierce.
III. Teaching the controversy. Apparently the contention is whether "RSA" as an ideal, idolized construct has or has not been broken. Go ahead and argue about that, like you'd argue about whether the repumocrats or the deblicans would best "save the country". Notwithstanding what the article in question says, notwithstanding that Stan actually bothered to go in the idiot pit and state explicitly that no, that's not what's being discussed, The Narrative must has The Controversy and so this thread is now about kittens.
IV. It never happened, but had it happened we did it first anyway. Two didn't work, specifically because I am smarter than whatever's left in the USG HR pen. Three didn't work, as you'd expect seeing how fucking retarded it is, and so time for four with a dash of one and all should be good. Not like it'll work, but heck, they've tried and therefore nobody should criticize them. They've done "the industry standard", forget about it.
The way four works is that random asset comes in with a blatant lie, something thickly ridiculous like
"The reason factorizable keys appear associated with the names of well known FOSS people and bearing their signature copied over from a different key is that... umm... bits were flipped in transit. You know, on the Internet. This happens."
"Somebody should tell RIAA then. Turns out filesharing never worked all along! Who knew!"
"Uhh... actually there's a really obscure German email program that does this."
"Which one ?"
"Nevermind. Hey, did I ever tell you about that time when I derped at Stanford ?"
which he/she/xze/twe/we then wraps in another blatant lie, something like
"Oh, I did this before except I never published anything nor told anyone but srsly guise, it's real, believe me."
"Who're you again ?"
"Nobody on a stick."
"Sounds legit."
Then it gets all packaged by more assets going on with the derpage - some chick that has "credentials"xi gave a speech before Retard Club going generally over banal shit vaguely related, so clearly ; some derp from the Bitcoin scam clubxii has seen it all with his own eyes so obviously and so on and so forth.
I am altogether at a loss to explain who in his right mind seriously imagines this would further their interest, or what is this pile of unadulterated idiocy & refined nonsense even supposed to achieve. Four point strageties to accomplish what exactly, have Hacker News run another two hours', weeks', years' worth of pointless drivel ? Because what, it matters to the source of news whether the spigot delivers news or crap to the audience ? It's the Internet, yo. The audience that's not retarded can find the news with or without you, and the rest you can keep, for all the good they'll do you, or themselves, or anyone else.
It's ridiculous, sure, but for one thing it's nothing new. In any case, if I am supposed to care... I'm sorry. I don't care. Who cares ? I get it, bureaucrats don't actually want to achieve anything, they're just trying to make it to the next paycheck unfired, but really ? This is what you do with your time ? Sad.
Part Two - The Meaning
Generally speaking, we hit on something here. What exactly, it is altogether uncertain, but by the pained wincing of the octopus (isn't it cute, with its eight legs and five neurons ?) I would suspect it's big enough.
Phuctor will, of course, continue to work the keybase. As Stan explains, there's exactly zilch anyone can do to deter this. The things that need doing and you can help by doing them are broadly of two kinds :
- Review the various available GPG implementations, as exemplified by jurov here. The problem with FOSS is that everyone hopes, and in that hope deludes himself to believe, that because the code could have been reviewed by millions of eyes it magically somehow actually was reviewed by millions of eyes. In practice, this could be no further than the truthxiii, and I would guess that a good half of all lines of code deployed currently have never been read - including by their very author.
- Help us find a diddled GPG implementation. The idea is that if these manufactured keys are an attack - a much more plausible hypothesis than the "someone accidentally a complex fraud" theoryxiv - then the more likely attack mechanism would be something like this :
Suppose someone needs to talk to hpa - either to verify his signature or to send him encrypted communications. With a correctly working PGP implementation, the user connects to a key server, discards the wrong key and proceeds as expected. If however his PGP implementation is compromised in a specific way, the wrong key on the server may very well be the magic packet, causing it to behave in an unexpected - and not otherwise detectable - manner. Such as, encrypt to the weak key, or email the NSA, or whatever else. This sort of thing (the so called "fail to pass" testing) is the exact sort of stuff we've seen from the NSA to date, and so it would mesh with that experience. But it is a theory - until someone produces such a diddled implementation it stays a theory.
The proposition that hpa is the victim is naive at best and disinfo at the worst. The likely victim would be whosoever tries to look for/at him. There's by no means any certainty that there's anything here, but there might well be. Always remember : the factoring of keys was not going to yield anything... until it did. Work pays.
- There could be a third. BYOT.
Practically speaking, understand that one does not get to exist in the US sphere without being a tool of the USG.
You can't have a bank that does banking : either it does policing work for the USG or it gets burned down. You can't be an investor : either you push the USG agenda ad idem or else they come take your shit. The notion that there's a website owned by USG agents that follows, upholds or defends your interests is about as ridiculous as the notion that someone could own a website over there and not be an agent. Wake up and smell the coffee, that's just not how that country works. Paul Graham exists as an unofficial USG Agency, the USG Czar for Geeky Teens, living off printed money which he may have for just as long as he behaves. His minions are in no way different from any other social worker. What they publish or delete from Hacker News, Reddit, and the rest of the propaganda machine is decided by the propaganda needs of the USG, not by other, spurious considerations.
If you care about your independence, get the fuck out of the shithole already. You won't, because lazy, and because the diamond train must have its customers, but anyway. If you care about truth, learn dialectics. Most importantly, try and rid yourself of this ridiculous acquired mental handicap where you imagine that if you don't like reality as it is, you can hallucinate a better reality in its place. It doesn't work. Getting more idiots to agree with you does not help.
Life is somewhere else.
In closing, for the tl;dr / eli5 / etc crowd : this article is not for you. Go back to doing the dishes, we'll wake you up once you need to buy a new flag.
Part Three - The Later Updatexv
USG's Departpent of Red Hat's very own Florian Weimer dutifully included an alternate construction point for this entire discussion in his "research paper" burning some (known) vulnerabilities in that stack-of-shit PKI thing. Apparently the USG didn't previously know "the terrorists" were also wise to the particular holes.
As the government would have you believe it, during "research" it was "discovered" that forward secrecy as generally implemented by available hardware is nothing more than a side channel to leak private keys. According to them this was neither known nor deliberate, but, you know... an accident. That was then discovered later. Thank the stars above for Weimer's "research", no other man could have done it. Literally.
Also part of that divinely inspired contribution to human welfare (the GI story goes), they "noticed" exactly what Phuctor announced four months ago. It just so happened. The "cosmic rays" nonsense is restated for good measure and guess what ? If you're the sort of mentally slow individual that actually buys government paper, you now have a reference point for that mythical "research" that the hastily written replacement article promoted by slashdot references (without actually referencing). It was Weimer's August thing! Back in May! Problem ?
Any dumber than this and they'd be meatballs.
———- Short for "The Powers That Wanna Be". Because that's how it is. [↩]
- You should see what the turnover for intelligence jobs @USG is like - you'd think you've died and gone to fast food heaven.
And speaking of which, if you're one of those poor souls that for whatever reason remain mired in that fetid swamp - do consider if it makes any sort of sense on the mid term, and for that matter if you even want to be there at all.
Yes, I'm aware that as The Narrative goes, "there's nowhere else". This is patently false - unlike USG's future, The Most Serene Republic is an actual thing. [↩]
- Which is why this article was delayed for a day in the first place. Turns out, plausible deniability cuts both ways. [↩]
- It's not clear if ongoing or not, it's definitely clear it burned like a red hot iron poker. [↩]
- Back in January Reddit did a very botchy job of deleting the entry of a Qntra article guilty of making the very simple point that the Bitcoin Power Rangers don't even have much to do with Bitcoin at all, let alone any sort of consensus worth the mention on changing it. That simple point was apparently very problematic for The Narrative, because at the time The Narrative went something like "it's definitely happening" and much like any other socialistoid construct The Narrative is very, very fragile.
In the intervening few months the putative "consensus" was degraded in official verbiage to a mere "controversy", for absolutely no reason given whatsoever. That strange notwithstanding, it nevertheless was still obviously going to come out the way the USG wanted it to come out, The Narrative went. Because of course.
But then, in a clearly shocking move nobody could have foreseen... it didn't go that way. Instead, it went exactly the opposite. Because... seriously now, when is the last time the USG managed to get anything it wanted ? The "Tikrit* offensive" ? The "Embargo on Putin" ? Laissez.
---
* For the record, that quote comes from the best episode of the best cartoon Romania ever produced : RObotzi S02 Ep14 Subtil. It's pretty damned good. [↩] - As Gavin's painfully enlarged rectum should have told you, no, I can't be suppressed. Whatever you may like to believe or wish really really hard to be the case, it's not gonna work. Find a better strategy.
Sucking the cock would probably work best, but don't let me get in the way of this wunderbar "do the effectual thing just as soon as all alternatives have been exhausted" thing you got going. [↩]
- Which yes, was prepared (in broad strokes, ready to be released with a few changes as needed) for just such an eventuality.
That's right : this was part of a contingency plan, just in case someone rocks the boat. A major victory for No Such lAbs in the struggle with its large but largely inept competitor for that three letter initialism, but nevertheless : sources didn't know (or didn't care to share) what boat that exactly is in question. So I dunno. Which sucks.
Do you know ? Tell me! [↩]
- Yes yes, you know all about how hacker news ranking really works dot html and so can tell by some pixels that it's all automated and due to the comments etc. Notwithstanding that the replacement also got a ton of comments and so on. Carry on. [↩]
- Conveniently omitting the part where Bitlove LLC wouldn't fix a vulnerability in Fetlife (still there, btw). Also incidentally forgetting to mention that entire debacle with fraudulent DMCA claims and whatnot. Because that's exactly how random Internet twerp would behave. [↩]
- Apparently, SA is still very, very butthurt over that fiat lulz incident. Seriously doods, it's not my fault you're easily triggered and then end up saying stupid shit you did mean but didn't really wanna sign. Okay ?
Anyway, what I actually said was that I think you drastically overestimate the military importance of nuclear weapons ; that "The proposition that there even exists any sort of English literature of the 1900s - as a thing, as a fact, as a fruit of that forsaken realm - seems entirely ludicrous today (and the 1800s aren't really feeling any better)." and so on and so forth. The "argument"'s not quite the same without the strawman, huh. A well. [↩]
- Here's something that may come as a shock, although it should not come even as mild surprise in a sane world : you don't get to package other people's work, present it before a collection of your peeridiots and pretend like you did something. It didn't work when Gavin Andresen repackaged Bitcoin to sell before the NSA - Gavin Andresen doesn't own Bitcoin, and the actual owners are very much present and very much capable to bitchslap him into oblivion. It doesn't work when Nadia Heninger goes to sell Phuctor before Stanford - Nadia Heninger doesn't own Phuctor, and the actual owners are very much present and very much capable to bitchslap her into oblivion. I am aware that all this USG-wank subsists by repackaging work they "found on the Internet", and I'm aware they're reading the #b-a logs, and I don't specifically care - but do not expect that it will wash. Even if Stanford, NSA etc claim it did. They aren't the authorities on this matter, not by a long shot.
Which brings us to the all-important matter of credentials. There are anons, on the Internet. Their personal value is zero. There are people with sound credentials. You may find these in the WoT. There are people with negative credentials. These are people like Nadia above. Stanford does not increase your value, it decreases it. An association with Stanford is not a positive, and it's not even nil. It is a negative, it costs you, it lowers you below the anon derps.
Consequently, given a collection of nobodies and Stanfordites, the question is not whether it sums up to above epsilon or below epsilon. Epsilon is off the tabln> table. Zero is off the table. The sum is necessarily negative, and the whole charade can be readily ignored. [↩]
- Who's "zmanian" ? Zaki Manian. What's keybase.io ? A wanna-be WoT implementation, the same exact "here's where we did Phuctor except it doesn't work and we forgot to publish any results" play but applied to the WoT this time. Who uses it ? The sort of twerps you'd find pushing The Narrative on social media, assorted Bitcoin scammers like Meni Rosenfeld, the whole shitcrème. In their hallucinations this even works, I suppose. [↩]
- There are a billion people online, and your website is online, so therefore it could have been seen by a billion people. There are however many teenage sluts in your town, and you're horny, so therefore you could have fucked them all. On it goes, this, and it never starts making any sense. [↩]
- Among other reasons because key servers have a serious incentive to not keep bad data around. They go as far as to wipe the comment section from keys, which is a reasonable space saving measure, but supposedly they just keep useless cruft because... Doesn't seem too likely, does it.
Also among those reasons, the directly evident "so some
onething took a length of bytes, copied two thirds of them, then accidentally took another very specific length of bytes which was the signature for the previous set and copied it over verbatim and in the right place". Because yes, this is how accidents happen, a crane fails so it just turns into a train engine for a week. Or a plane. Definitely one of these two. No piles of random scraps of metal have been seen in this alt-world for thousands of years, you just crash two cars together and get orderly arrangements of forks and three inch nuts flying every which way. [↩] - On September 5th, 2015. [↩]
Monday, 18 May 2015
Just a note:
>> Oh, I did this before except I never published anything [...]
Research of the same kind with results of the same kind has been published since at least 2012. Example (this one has been linked to in the context of this particular story quite a few times, maybe you've seen it already): https://eprint.iacr.org/2012/064.pdf
/meaning no harm
B. O.
Monday, 18 May 2015
Sure. More generally, research of this kind (ie, with numbers) has been published since at least 300 BC, for some definitions of published. I don't suppose the idea ever was, or ever could be, that "hey, we invented the number 7 over here, and check out the interesting implications it has for the GPG keyset".
Research of this kind (ie, here's how trivial it is to factorize a key appearing on hpa's page) has not, to my knowledge, been published.
Monday, 18 May 2015
The trolls at /r/Buttcoin summarized this article before you wrote it, but as a subscriber you already knew that.
Also, how is your bandwidth topped out at 7 MBps? PRQ.se gives more bandwidth for your bitcoins. You should try them!
Monday, 18 May 2015
I actually hadn't, link ?
And no it's not capped. That's how far the traffic actually went, its natural peak.
Tuesday, 19 May 2015
> Research of this kind (ie, here's how trivial it is to factorize a key appearing on hpa's page) has not, to my knowledge, been published.
Fair enough, and in any regard the findings and the methodology are I think valuable and interesting, but have you e.g. seen this (just glance over it, maybe I'm mistaken re. overlaps in methodology and Phuctor's mechanism is fundamentally different) (it is an interesting paper): https://factorable.net/weakkeys12.conference.pdf
they used a thing called "Quasilinear GCD finding" (fancy name) on actual keys on teh internets.
Tuesday, 19 May 2015
What exactly "Quasilinear GCD finding" is doesn't seem to be published anywhere, so I have no idea (the term does strictly seem to be used in half a dozen documents originating from the same source).
The algorithm Phuctor uses really needs no further words or explanation than "Euclid's GCD" because it is exactly what it is. Some minor implementation optimizations have been applied over time (such as moving from python to GMP, altering memory usage and db interaction patterns, scl) which do yield major "improvements" on the basis of the weakness of previous versions and that alone. None of these are really worthy of mention in this discussion - Phuctor is really no better and no different from any sane man's implementation of Euclid's GCD on a contemporary computer.
Tuesday, 19 May 2015
Re. GCD finding, that particular algo is documented in Figure 1, section 3.3 (it's very short) (fwiw it's attributed to djb (if your ssh is enabled to use elliptic curves, it's most likely that it's his algos spinning there) and the thing is covered in detail in his 2004 paper: http://cr.yp.to/factorization/smoothparts-20040510.pdf) Just putting this here for teh record.
Monday, 15 June 2015
> and that nuclear weapons are ineffective
Señor Popescu, have you made such a claim or (more likely) some other claim which is being construed as such?
If so, in either case, would you kindly direct us to it?
I suspect it will be most entertaining.
GBANGA!
Monday, 15 June 2015
The claim was specifically "I think you drastically overestimate the military importance of nuclear weapons.", and see in particular
Saturday, 14 November 2015
| and that nuclear weapons are ineffective
https://www.youtube.com/watch?v=_bB9_hsETP4
"Four Myths About Nuclear Weapons"
tldr: they are not militarily useful except to terrorists.