Werner Koch, confirmed USG stooge

Thursday, 18 August, Year 8 d.Tr. | Author: Mircea Popescu

We find from qntra that Werner Koch has been deliberately subverting the cryptographic strength of his braindamaged implementation of RSA for its entire existence. Finally caught, two decades later, he characteristically is neither willing to admit, nor desist from the practice.

At issue is the offensive habit of "whitening"i, which in this case has covered up at the minimum the loss of 20 bytes for every 580, and maximally the loss of all bytes past the 580th. Certainly worthy of all derision are the rhetorical gymnastics Werner Koch is willing to engage in :

This bug does not affect the default generation of keys because running gpg for key creation creates at most 2 keys from the pool: For a single 4096 bit RSA key 512 byte of random are required and thus for the second key (encryption subkey), 20 bytes could be predicted from the the first key. However, the security of an OpenPGP key depends on the primary key (which was generated first) and thus the 20 predictable bytes should not be a problem. For the default key length of 2048 bit nothing will be predictable.

Translated to human language, the squirmings of the worm read something very much like

This bug does not affect key generation because it affects key generation ; also my boss told me to tell you to use 2048 bit keys and also neener you about how you know, no matter what you do it still doesn't matter. Maybe you end up believing that nonsense, and so don't come with torches and tar to boil both him and me, like we deserve.

This isn't the first time Werner Koch was caught spewing nonsense for his "Equation Group" patrons, either. Back in May 2015 he was one of the main proponents of the (meanwhile discredited) "cosmic rays" explanation for the Phuctor finds ; which he pushed diligently along with the rest of the USG talking points on the topic - including the pretense that the set is small (which it turned out not to be), known in advance (which it turned out not to be), homogenuous in origin (which, similarly, it turned out not to be) and harmless (which it ... turned out not to beii, obviously).

Always remember : a USG stooge is very similar to a syphylitic whore - whatever she may say ; whatever she may do ; the spirochetes are there waiting to infect you.

Update Applying a trivial sanity check (after an original idea by Stan), you get the ultimate beauty of all time : Turns out that the perceived artefacts were a function of log_hexdump vs log_mpidump implementation and not relevant to the discussion.

———
  1. Universally and without exception a bad idea - it is the cryptographical equivalent of spraying on perfume instead of taking the bath. Strictly the only end whitening achieves is hiding the poor quality of entropy from the operator, it does absolutely nothing to hide it from the enemy. []
  2. See item VIII in the Phuctor FAQ. []
Category: Rautati si Mizerii
Comments feed : RSS 2.0. Leave your own comment below, or send a trackback.

7 Responses

  1. [...] if you have, then how are you any better than Koch, the OpenSSL freaks et [...]

  2. [...] if you have, then how are you any better than Koch, the OpenSSL freaks et [...]

  3. [...] "tools" that aren't actually useful, for the very simple reason that they do not work. Not in the Werner Koch sense of "works - but sabotaged" ; rather in the sense that they exist marginally at best, mostly [...]

  4. [...] you have to type gpg --encrypt --armor -r herpy because gpg is badly designed by the avowed enemies of the free world as well as anything nice and good ; but in a sanely functioning environment it [...]

  5. [...] do I sign something as simple as "This man is a traitor" to contend with nonsense like Koch & friends constantly pump into their trees ? What, are we to imagine that as their fiat empire [...]

  6. [...] As far as extant literature is concerned, Werner Koch is a malevolent imbecile whose shameless parents should nevertheless fucking apologize. Everyone [...]

  7. [...] the course of everyday business some amusing properties of the femstate's cvasi-crypto tools came out to light, resulting in the proper identification of [...]

Add your cents! »
    If this is your first comment, it will wait to be approved. This usually takes a few hours. Subsequent comments are not delayed.