|
spankmeister posted:I use 3073, because it's twice as good
|
# ? Sep 20, 2019 16:13 |
|
|
# ? Jun 9, 2024 16:16 |
|
spankmeister posted:I use 3073, because it's twice as good Cyberpunk poo poo.
|
# ? Sep 20, 2019 16:19 |
|
Wiggly Wayne DDS posted:e: who uses 3072? only the coolest of crypto cats so not me obviously
|
# ? Sep 20, 2019 16:22 |
|
i only use one-time pads
|
# ? Sep 20, 2019 16:33 |
|
today, I write my second ever vuln disclosure I'm not even trying to look for these, I'm just stumbling over bugs holy loving poo poo Dell, Jesus Christ what the gently caress
|
# ? Sep 20, 2019 16:39 |
|
the NIST P curves aren't very good, should be using x25519 if your stuff supports it. Apparently P-521 is an absolute mess, so the recommended ordering is generally x25519, P-384, P-256
|
# ? Sep 20, 2019 16:47 |
|
my p curve is just fine tyvm
|
# ? Sep 20, 2019 16:51 |
|
cracking a 256-bit key sounds cool until you specify that it's an RSA key
|
# ? Sep 20, 2019 17:36 |
|
LMAO, I didn't even notice: The paper is by a Crownsterling researcher. Its the Time AI guys again. The guys who got booed out at Black Hat.
|
# ? Sep 20, 2019 18:13 |
|
CommieGIR posted:LMAO, I didn't even notice: The paper is by a Crownsterling researcher. That was the first thing I noticed, because it just makes it all the better.
|
# ? Sep 20, 2019 18:41 |
|
Volmarias posted:That was the first thing I noticed, because it just makes it all the better. Apparently someone noticed too that the guys screenshots match one of the original RSA cracking sessions, so this may even be a straight plagarism.
|
# ? Sep 20, 2019 18:55 |
|
CommieGIR posted:Apparently someone noticed too that the guys screenshots match one of the original RSA cracking sessions, so this may even be a straight plagarism. Not just someone but Tavis.
|
# ? Sep 20, 2019 19:12 |
|
Bruce: quote:Earlier this month I made fun of a company called Crown-Sterling, for...for...for being a company that deserves being made fun of. https://www.schneier.com/blog/archives/2019/09/crown_sterling_.html
|
# ? Sep 20, 2019 19:15 |
|
Salt Fish posted:Is anyone taking this company seriously anymore? I honestly wouldn't be surprised if this was a hoax press release. It's not currently on the company's website. when i was trying to find the full version of their stupid paper about prime numbers it was really fuckin' hard to find on their website too, so lol i think they're just incompetent all around
|
# ? Sep 20, 2019 19:29 |
|
it's tempting to register clownsterling.io
|
# ? Sep 20, 2019 19:47 |
|
Lain Iwakura posted:it's tempting to register clownsterling.io
|
# ? Sep 20, 2019 21:51 |
|
factoring a 256 bit rsa key sounds like an interesting exercise for an undergrad
|
# ? Sep 20, 2019 23:23 |
|
I used RSA 256 as toy keys to test out my distributed factoring code because I knew I could crack them in under a minute.
|
# ? Sep 20, 2019 23:25 |
|
CommieGIR posted:NSA Recommended no thanks
|
# ? Sep 21, 2019 00:06 |
|
Nomnom Cookie posted:factoring a 256 bit rsa key sounds like an interesting exercise for an clown, in a circus
|
# ? Sep 21, 2019 00:33 |
|
Midjack posted:no thanks I'm telling the NSA on you!
|
# ? Sep 21, 2019 00:38 |
|
Lain Iwakura posted:it's tempting to register clownsterling.io do it
|
# ? Sep 21, 2019 02:43 |
|
welp https://twitter.com/malwaretechblog/status/1175240305844424704
|
# ? Sep 21, 2019 04:21 |
|
Subjunctive posted:please jiggle mouse to continue booting
|
# ? Sep 21, 2019 10:29 |
|
do motherboards/cpus come with hardware prngs or not? also why not use uefi to store/restore prng seeds?
|
# ? Sep 21, 2019 10:59 |
|
the latest amd cpus literally came with a hardware rng that always returns -1
|
# ? Sep 21, 2019 11:01 |
|
why would they need a prng when you can just implement an identical one in software? if you're gonna build special hardware you might as well make it a real rng, that uses an unstable flipflop or something that randomly goes one way or the other alternatively, keep a running counter, and generate your random bits by encrypting it with a key known only to you and the nsa
|
# ? Sep 21, 2019 12:03 |
|
Shinku ABOOKEN posted:do motherboards/cpus come with hardware prngs or not? also why not use uefi to store/restore prng seeds? nobody trusts rdrand because it came around right around the same time as the Snowden leaks
|
# ? Sep 21, 2019 12:24 |
|
Soricidus posted:the latest amd cpus literally came with a hardware rng that always returns -1 that number was carefully selected with several dice rolls by a committee
|
# ? Sep 21, 2019 13:26 |
Cocoa Crispies posted:nobody trusts rdrand because it came around right around the same time as the Snowden leaks On FreeBSD, it goes through the same whitening process as every other source of random data (*), each of which is then individually fed into one of the many queues Fortuna accepts - so that as long as there is at least one good source of randomness for the system, /dev/random is well-seeded. *: Software interrupts, hardware interrupts, netgraph (BPF) network activity (such as broadcast fragments, broadcast arp, other noise on a normal network connection), ethernet jitter, VTI traffic, mouse (the small vibrations that naturally occur when moving it around), keyboard (the always-variable delta between when buttons are pressed), device attaches, plus a user-definable cache by default, and UMA data and filesystem access-time can be enabled. Plus, there's a bunch of hardware PRNGs supported via various system busses.
|
|
# ? Sep 21, 2019 13:34 |
|
D. Ebdrup posted:Who said you only have to trust one source? yes I too just read the Wikipedia article, I just figured I’d summarize the important part and not do what you did
|
# ? Sep 21, 2019 13:39 |
|
infernal machines posted:
|
# ? Sep 21, 2019 13:51 |
|
but then how will we run our expense reporting tool
|
# ? Sep 21, 2019 13:59 |
|
mystes posted:For some reason I didn't think about saying this earlier, but I feel like I should mention that this is a good reason for companies to completely disable VBA (I believe you can do this with policies), although this will probably make some people in the company mad. there’s a gpo that disables all macros with mark of web and allows you to whitelist sites/network shares. there’s zero excuse for this poo poo infecting companies
|
# ? Sep 21, 2019 14:02 |
|
mystes posted:For some reason I didn't think about saying this earlier, but I feel like I should mention that this is a good reason for companies to completely disable VBA (I believe you can do this with policies), although this will probably make some people in the company mad. I still get security questionnaires from our clients that are huge macro-enabled excel spreadsheets.
|
# ? Sep 21, 2019 14:29 |
|
geonetix posted:that number was carefully selected with several dice rolls by a committee well then that's the problem right there, they rolled one time too many and got an overflow
|
# ? Sep 21, 2019 14:52 |
|
ewiley posted:I still get security questionnaires from our clients that are huge macro-enabled excel spreadsheets.
|
# ? Sep 21, 2019 15:11 |
Cocoa Crispies posted:yes I too just read the Wikipedia article, I just figured I’d summarize the important part and not do what you did
|
|
# ? Sep 21, 2019 16:31 |
|
ewiley posted:I still get security questionnaires from our clients that are huge macro-enabled excel spreadsheets. microsoft's own preliminary license audit forms are exactly this
|
# ? Sep 21, 2019 17:20 |
|
|
# ? Jun 9, 2024 16:16 |
|
Soricidus posted:the latest amd cpus literally came with a hardware rng that always returns -1 Are you sure it always returns -1?
|
# ? Sep 21, 2019 17:27 |