<hulkhogan_>
wee, -wizards logs are back up, thx andytoshi!
frankenmint has quit [Remote host closed the connection]
<andytoshi>
hulkhogan_: fyi my logs are pretty patchy and hard to search .. the botbot.me ones are much more robust. (if that's what you mean, thx, but i have nothing to do with them..)
frankenmint has joined #bitcoin-wizards
<hulkhogan_>
well, sadly the botbot logs are only up until a year or so; bitcoinstats has -dev logs from '11 or so, but thats just for -dev only
<hulkhogan_>
(unless i've missed where botbot.me keeps their archived stuff)
Dr-G2 has joined #bitcoin-wizards
Dr-G has quit [Disconnected by services]
<andytoshi>
yeah, we didn't have botbot until a year or so. if my archives are ever down feel free to let me know at apoelstra@wpsoftware.net
<frankenmint>
is andytoshi real or a bot?
<frankenmint>
sorry I have to ask
<hulkhogan_>
awesome yes, i will definitely shoot you a ping if they do :)
<andytoshi>
frankenmint: bots can be real
<frankenmint>
sorry, does andytoshi have sentience?
<frankenmint>
seems to :)
<andytoshi>
;)
Quanttek has quit [Ping timeout: 264 seconds]
<andytoshi>
(and yes, i'm a real person. you can google the name in my /whois to get way too much information on me if you like)
frankenmint has quit [Remote host closed the connection]
<kanzure>
real is just a matter of perspective
kgk has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
bassguitarman has left #bitcoin-wizards [#bitcoin-wizards]
d1ggy has joined #bitcoin-wizards
d1ggy_ has quit [Ping timeout: 244 seconds]
HostFat has quit [Ping timeout: 244 seconds]
grandmaster has quit [Remote host closed the connection]
dEBRUYNE has joined #bitcoin-wizards
hearn has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
rusty has quit [Ping timeout: 246 seconds]
c0rw1n is now known as c0rw|zZz
kgk has joined #bitcoin-wizards
rusty has joined #bitcoin-wizards
dEBRUYNE has quit [Ping timeout: 244 seconds]
jeremyrubin has joined #bitcoin-wizards
felipelalli has joined #bitcoin-wizards
priidu has quit [Ping timeout: 272 seconds]
kgk has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
Guest1212 has quit [Remote host closed the connection]
fanquake has joined #bitcoin-wizards
fanquake1 has quit [Ping timeout: 272 seconds]
belcher has quit [Quit: Leaving]
kgk has joined #bitcoin-wizards
Dr-G has joined #bitcoin-wizards
Dr-G2 has quit [Ping timeout: 258 seconds]
ThomasV has joined #bitcoin-wizards
ThomasV has quit [Client Quit]
kgk has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
DougieBot5000 has quit [Read error: Connection reset by peer]
DougieBot5000 has joined #bitcoin-wizards
fanquake1 has joined #bitcoin-wizards
fanquake has quit [Ping timeout: 265 seconds]
<nsh>
.wik Hyperreality
<yoleaux>
"In semiotics and postmodernism, hyperreality is an inability of consciousness to distinguish reality from a simulation of reality, especially in technologically advanced postmodern societies." — http://en.wikipedia.org/wiki/Hyperreality
kgk has joined #bitcoin-wizards
<nsh>
i was about to idly muse "If only we had more cryptographers who were semioticians" and while i was still wondering what on earth that would even mean, i saw this sentence in the WP article: "Some famous theorists of hyperreality/hyperrealism include Jean Baudrillard, Albert Borgmann, Daniel J. Boorstin, Neil Postman, and Umberto Eco."
<nsh>
(NB: d.j.boorstin)
frankenmint has joined #bitcoin-wizards
TheSeven has quit [Ping timeout: 265 seconds]
TheSeven has joined #bitcoin-wizards
fanquake has joined #bitcoin-wizards
fanquake1 has quit [Ping timeout: 264 seconds]
nuke1989 has quit [Remote host closed the connection]
zooko has joined #bitcoin-wizards
sadoshi has joined #bitcoin-wizards
jtimon has joined #bitcoin-wizards
kgk has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
GAit has quit [Read error: Connection reset by peer]
GAit has joined #bitcoin-wizards
arubi has quit [Ping timeout: 264 seconds]
gsdgdfs has joined #bitcoin-wizards
Transisto2 has quit [Ping timeout: 272 seconds]
kgk has joined #bitcoin-wizards
arubi has joined #bitcoin-wizards
arubi has quit [Ping timeout: 240 seconds]
gsdgdfs has quit [Ping timeout: 256 seconds]
fanquake1 has joined #bitcoin-wizards
fanquake has quit [Ping timeout: 250 seconds]
wallet42 has quit [Quit: Leaving.]
ThomasV has joined #bitcoin-wizards
Emcy has quit [Ping timeout: 264 seconds]
zooko has quit [Ping timeout: 264 seconds]
DougieBot5000_ has joined #bitcoin-wizards
priidu has joined #bitcoin-wizards
fanquake has joined #bitcoin-wizards
DougieBot5000 has quit [Ping timeout: 258 seconds]
fanquake1 has quit [Ping timeout: 272 seconds]
DougieBot5000_ has quit [Ping timeout: 272 seconds]
DougieBot5000 has joined #bitcoin-wizards
arubi has joined #bitcoin-wizards
jeremyrubin has quit [Remote host closed the connection]
<gmaxwell>
ThomasV: that complaint is somewhat misunderstanding /dev/urandom (and CSPRNGs) in general. There isn't such a thing as "low on entropy" for such constructs, so long as its ever had sufficent entropy gathered (e.g. 128+ bits) the output will forever be unpredictable-- barring an improbable brake of the interior cryptographic function (and in the case of that you're likely screwed regardless). Wh
<gmaxwell>
at actually _is_ an interesting concern is when the rng has never been initilized at all, linux has a newish syscall that has flags for precisely that case.
<gmaxwell>
most of the code out there for "move the mouse around" and such is really horrifying. (e.g. some bitcoin key generator thing simply polled the mouse position a couple times in a tight loop and then combined that with the time.....)
<ThomasV>
oh I thought the "mouse moving" was only going to act on /dev/random's entropy estimate
dc17523be3 has quit [Read error: Connection reset by peer]
<gmaxwell>
Basically, the urandom behavior is really what virtually everything wants. Except for this corner case around initial startup. Really it should be changed to block in that case, but it cant because userspace starts reading it super early in boot and would get stuck.
<gmaxwell>
ThomasV: nah thats not reliable. at all. sadly, no reason to believe the mouse activity will be credited against it. Linux went through a cycle of removing randomness credits from drivers for a number of years until it got to a point where basically only the timer interrupt added "randomness".
<gmaxwell>
Seems to have gotten somewhat better recently.
antanst has joined #bitcoin-wizards
<ThomasV>
I see
<ThomasV>
"please generate timer interrupts to increase your entropy" :)
DougieBot5000_ has joined #bitcoin-wizards
hktud0 has quit [Read error: Connection reset by peer]
<ThomasV>
gmaxwell: did you know the page I linked at the bottom? is it correct?
dc17523be3 has joined #bitcoin-wizards
gielbier has quit [Read error: Connection reset by peer]
Mably has joined #bitcoin-wizards
hktud0 has joined #bitcoin-wizards
gielbier has joined #bitcoin-wizards
DougieBot5000 has quit [Ping timeout: 258 seconds]
DougieBot5000_ has quit [Ping timeout: 276 seconds]
DougieBot5000_ has joined #bitcoin-wizards
DougieBot5000_ is now known as DougieBot5000
<gmaxwell>
looking at it now, haven't seen it before. Yes, it's correct (it simplifies the design of the linux randomness infrastructure, but it points out the simplification)
<gmaxwell>
It's also correct about other people's opinions on the subject.
<gmaxwell>
Realistically for our usage in generating 'long term' keys perhaps the cost of /dev/random makes sense: just because we shouldn't be wasting our time arguing with panicing frightened users, and there is little risk of the user bypassing the randomness when it does actually block. (I qualify long term keys because all other places where our program use randomness should _not_ use /dev/random, be
<gmaxwell>
cause the blocking will be problematic for sure and may lead to crazy bypassing)
<ThomasV>
ok.. do you mind if I paste your irc answer there?
<gmaxwell>
Not at all.
grandmaster has joined #bitcoin-wizards
<gmaxwell>
Another point that page doesn't point out is that if you do have an application for an information theoretic RNG source, linux /dev/random is very likely non-sutable. Even if there is adequate entropy in it, the output may be still structured enough to make it distinguishable from random to a computationally unbounded attacker.
<gmaxwell>
(Thats not our application set in any case; but it's probably an argument that /dev/random basically shouldn't exist. The only applications it might be better for it's still not sutiable for.)
<gmaxwell>
To clarify what thats all about: There are some cryptosystems which are secure even against an attacker with infinite computing power; a one time pad is an obvious example though there are other ones. For those properties to hold, the randomness must have no mathmatical structure at all. Running lots of real randomness through sha1 likely gives it mathmatical structure that an attacker with infin
<gmaxwell>
ite computing power could exploit, even if you had plenty of randomness to begin with.
prodatalab__ has joined #bitcoin-wizards
<ThomasV>
gmaxwell: how could they exploit it in that case? is there a known algorithm for that, or is it just a theoretical bound?
<gwillen>
gmaxwell: he does actually say "If you really need information-theoretically secure random numbers (you don't!), and that's about the only reason why the entropy of the csprngs input matters, you can't use /dev/random, either!"
prodatalab_ has quit [Ping timeout: 265 seconds]
rusty has left #bitcoin-wizards [#bitcoin-wizards]
<phantomcircuit>
gmaxwell, the tests applied to the output of an rng likely enforce something similar, no?
<phantomcircuit>
if a hw rng output nothing but 11111 im guessing nobody would believe it was random despite that being technically a possible result
frankenmint has quit [Remote host closed the connection]
frankenm_ has joined #bitcoin-wizards
ThomasV has quit [Ping timeout: 272 seconds]
CoinMuncher has joined #bitcoin-wizards
andy-logbot has quit [Remote host closed the connection]
andy-logbot has joined #bitcoin-wizards
* andy-logbot
is logging
sbos99 has joined #bitcoin-wizards
gill3s has joined #bitcoin-wizards
kgk has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
Logicwax has quit [Remote host closed the connection]
gielbier has quit [Read error: No route to host]
gielbier has joined #bitcoin-wizards
frankenm_ has quit [Remote host closed the connection]
kgk has joined #bitcoin-wizards
dEBRUYNE has joined #bitcoin-wizards
kgk has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
<fluffypony>
zomg are we doing /dev/urandom discussions again?
<fluffypony>
phantomcircuit: did you see the classic comment on Bitcointalk?
<Taek>
"I don’t want a back door," Rogers said. "I want a front door. And I want the front door to have multiple locks. Big locks."
<Taek>
In general I'm against backdoors of any kind
<Taek>
but I wonder if there isn't a way to add a 'front door' that has a computational barrier
<Taek>
perhaps, a standard secret key that works as normal,
<Taek>
and then a govt secret key that's known, but can't be used without scanning a 2^64 search space or something
<Taek>
This would make mass surveilance prohibitively expensive, but still enable the government to access specific targets
<Taek>
which is something I think the general populace would be in favor of
Quanttek has quit [Ping timeout: 252 seconds]
<Taek>
it also makes it less exciting for attackers to compromise the govt's secret key, because instead of compromising anything, it's still expensive to access any particular communication
<Taek>
one risk with such a scheme is us getting to a point where 2^m is no longer very expensive at all, but thanks to slow legislation we can't increase 'm'
c-cex-yuriy has quit [Quit: Connection closed for inactivity]
<tdryja>
Taek: Those specific targets can simply use regular old RSA/AES/Whatever before encrypting with the front-doored system.
<tdryja>
it would then take 2**64 time to discover not the plaintext, but another layer of encryption
<gmaxwell>
(though note, the scheme discussed in that paper is weaker than the authors thought)
<gmaxwell>
at tdryja points out, it's pointless though for positive uses. And any 'feasble but costly' can easily get reduced to a very minor speedbump by building a bunch of custom hardware and amortizing the attack cost across many attacks.
<Taek>
tdryja: that would provide an interested counter-play: hide full encryption under weak encryption, and then let the LEA waste resources on something they couldn't crack anyway
NewLiberty has joined #bitcoin-wizards
<gmaxwell>
thats what he was sawying. :)
<zooko`>
That's approximately what the initial "export grade crypto" intention was.
<zooko`>
and get off my lawn. :-(
<gmaxwell>
(thats also a general example of why any kind of escrow or 'front door' approach is unwise.)
zooko` is now known as zooko
<Taek>
oh got it
* zooko
laughs.
<gmaxwell>
(because the supposid high value targets that justify the enormous civil rights risk of undermining private communication can so easily just encrypt inside and then they have perfect cover traffic too.)
belcher has quit [Quit: Leaving]
<tdryja>
Diffie said something like this at a talk a few weeks ago
belcher has joined #bitcoin-wizards
belcher has joined #bitcoin-wizards
NewLiberty has quit [Ping timeout: 265 seconds]
<tdryja>
It would seem to quickly devolve into law enforcement opening all the "front doors" all the time
<tdryja>
just to make sure there wasn't another locked door which they couldn't open behind it
<gmaxwell>
and they can't even really check that, because so long as you don't need a hugely high bandwidth channel; strong steganography is an obvious enough tool.
<zooko>
I've had the honor of meeting him a few times.
<gmaxwell>
So, what you have to admit is that you want backdoors to catch idiots (and orgs so massive that idiocy is unavoidable) because the non-idiots will encrypt inside and stego. But of course there are lots of other ways to fight idiots.
<gmaxwell>
(or that you don't want to fight specific threats at all, but actually just want it to monitor random people...)