Notices by Opalescent (opal@ioc.exchange)

@ryanc

Any chance you'll post up the modulus and factors when you write this up? Might be fun to see if there are any obvious weirdnesses in how the primes were generated.

@mkj @ryanc

It's not as much about key length as it is about RSA in general.

There are, like, a HANDFUL of RSA implementations that are audited, trustworthy, and suitably protected against the insane variety of subtle mistakes that can completely wreck its security. Even using those implementations safely takes a lot of care and effort. Using other libraries is a gamble; rolling your own is the cryptographic equivalent of bungee jumping without bothering to check if your harness is attached.

Timing attacks, faulty prime selection, improper padding, poor public exponent selection, related message attacks, etc. Lots of it discovered 20+ years ago, yet still showing up in RSA software written today.

Heck, even partial key leakage is a shit show compared to more modern algos. If I accidentally expose a quarter of a SPHINCS+ key, the remaining bits should still need to be brute-forced. If I expose a quarter of the bits in a private RSA exponent, though, the game is up completely.

If you're gonna go classical, use ECC. If you're gonna go PQ, there are good options to choose from (and NIST standards coming out). Either way, deprecate RSA wherever possible.

@ryanc

...they want to stop recognizing documents from WYOMING for making it "too easy'?

To get my BC updated, I had to get vaginoplasty, an affidavit from the surgeon, and a fucking COURT ORDER.

What the fuck more do they WANT?!

@ryanc

Well, yes-- it's the UK, so that much is obvious.

I'm just wondering what sort of convoluted standards they're trying to set.

@ryanc

My employer pays me to analyze cryptographic implementations for security and correctness.

This sort of thing is why they pay me enough to buy decent Bourbon.

@Woodchaz @futurebird

Maybe greenwashing? It's easy to fall for promises of helping the environment when companies hide their actual environmental impact and sell themselves as our great green saviors.

It's especially frustrating when the movement leads us to focus on individual action instead of advocating for systemic changes. I can buy carbon offsets for every year of my life; it doesn't fix the natural gas power plant 20 miles from here (and the "offsets" are often scammy anyway).

@ian

8675309 (as in, Jenny's number from the Tommy Tutone song) is a prime number. What's more, it's the bottom half of a twin prime pair: add 2, and you get 8675311, which is ALSO prime.

If you're writing software that implements number-theoretic algorithms, it can be problematic to test it using small primes like 7 or 11, because small primes tend to have a lot of weird properties tend to trigger exceptions and edge cases. Having a pair of easy-to-remember, "big enough" prime numbers like the Jenny primes is really useful.