Category Archives: Shitware

RNG Whitening Bug Weakened All Versions of GPG

Posted on by

Werner Koch, maintainer of Libgcrypt and GnuPG, announced today:

"Felix Dörre and Vladimir Klebanov from the Karlsruhe Institute of Technology found a bug in the mixing functions of Libgcrypt's random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and Libgcrypt versions. … All Libgcrypt and GnuPG versions released before 2016-08-17 are affected on all platforms. A first analysis on the impact of this bug in GnuPG shows that existing RSA keys are not weakened."

However, in the text of one of the patches (archived) which accompanied this announcement, we find a slightly different statement:

"This bug does not affect the default generation of keys because running gpg for key creation creates at most 2 keys from the pool: For a single 4096 bit RSA key 512 byte of random are required and thus for the second key (encryption subkey), 20 bytes could be predicted from the the first key. However, the security of an OpenPGP key depends on the primary key (which was generated first) and thus the 20 predictable bytes should not be a problem. For the default key length of 2048 bit nothing will be predictable."

In effect, this means that no key created with GPG to date carries more than 580 bytes of effective entropy (e.g., all 4096-bit and above RSA keys have 'subkeys' which – we now find – mathematically relate, in a possibly-exploitable way, to the primary key.)

It should be remembered that, due to the structure of the OpenPGP format, breaking a GPG subkey is often quite nearly as good as breaking the primary key – i.e. it will allow the attacker to create valid signatures, in the case of a signature-only subkey, or else to read intercepted ciphertext, or both.

And thus we find that, due to the staggeringly-braindamaged design of the protocol and of this implementation, GPG users who elected to use longer-than-default GPG keys (Phuctor presently contains 1,090,450 RSA moduli which exceed 2048 bits in length1) ended up with smaller-than-default effective cryptographic strength.

Likewise noteworthy is the fact that this bug was contained in an RNG 'whitening' routine. The popular but wholly-pseudoscientific practice of RNG 'whitening' creates the appearance of an effective source of entropy at times when – potentially – none exists2, at the cost of introducing a mathematical relationship (sometimes, as in the case at hand, a very exploitable one) between RNG output bits, which by their nature are intended to be wholly uncorrelated.

  1. Not all of these moduli were generated using GPG. 

  2. A whitened (walked over with, e.g., RIPEMD – as in GPG, or SHA2, or AES) stream of zeroes, will typically pass mathematical tests of entropy (e.g., the Diehard suite) with flying colors. While at the same time containing no meaningful entropy in the cryptographic sense. 

Github Enforces USG.NSA Copyright And Other Lols, Roundup Xtend'd

Posted on by

Following the initial announcement of "Shadow Broker's" (WOT:nonpeople) planned auction of alleged NSA surveillance tools and miscellanea, further lulz emerged. Here they are Roundup Xtend'd:

  1. Github effectively and proactively enforced a potential copyright claim by the United States National Security Agency by booting the information off their platform.
  2. Numerous media outlets are skirting around where the goods came from by tenaciously using the "Equation Group" moniker for the group with which the tools originated.
  3. The issue of whether the teasers offered of the goods for sale are novel or rehashes of previous leaks has not yet been definitively established given the sheer amount that has been leaked already.
  4. A suggested price of One Million Bitcoin has been floating around. The price, which represents a substantial percentage of the best money's monetary mass, reeks of insanity and a deep povertree of the sort that makes a supposed person incapable of market participation.

Sorry for your lols.

There May Be Lulz

Posted on by

A hacking group known as Shadow Brokers announced Monday they were going to auction an assortment of stolen surveillance tools purportedly used by NSA hackers. The group released code samples to boost veracity of their claims, the National Security Agency naturally witholding comment on the subject. Security experts offered mixed opinions on the existence of the malware, and the hackers only said the auction would end at a specified time. (archived) Peace in our specified time.

FDA Prepares To Regulate Literal Shitware

Posted on by

Despite small-scale studies indicating that poo replacement treatment – known as Fecal Microbiota for Transplantation (FMT) – can be more effective than vancomycin at combatting Clostridium difficile infections, USG.FDA is preparing to regulate the emerging market in order to protect its Big Pharma supporters. Also, given that highly antibiotic resistant C. difficile pathogens are the leading cause of nosocomial infections in American community hospitals, that USG.Hospital wants to solve the problems it made itself is largely par for the course.

Intent on entangling FMT treatment in a bureaucratic quagmire to rival AML/KYC,1 USG.FDA's proposed regulations would deprive needy Americans of doctor-facilitated avenues for treatment, pushing even more folks into the smelly back alleys of the dark web, if only 10.5g at a time.

Sorry for your loose2

  1. APL/KYB anyone ? 

  2. stool, c. diff is a bitch.  

Dicamba Disaster Continues Destruction

Posted on by

As the story of the Dicamba Disaster in the United States begins finally reaching mainstream media outlets, the St Louis Post Dispatch brings us news that Dicamba Drift has threatened Missouri's largest peach orchard (archived). Two hundred and fifty acres of the orchard's peach trees are already irreparably harmed and as the damage continues to show that number could double by next spring as the injury progresses.1

Dicamba has been around since 1942. Until this year it had largely survived in its humble role as that thing you add as a tiny fraction of a percent to your tank mix as a little kicker to beat back broadleaf weeds. What it did, what it didn't do, and why it stayed that tiny fraction were established. Why it stayed the tiny fraction is that dicamba is volatile and the dicamba that doesn't get absorbed and bound will vaporize and spread.

The ascendancy of Roundup Ready in the 1990's inspired much panic. "Genetic modifications AND a super herbicide?" Glyphosate however turned out to be a kitten with the surfactants mixed with it carrying a greater hazard to fauna than the herbicide itself, flora was still fucked though.2

Monsanto opened a pandora's box with their latest offering, because when you offer desperate farmers soybeans that won't suffer any losses with two herbicides those farmers are getting as much mileage out of those two herbicides as they can. Bad behavior becomes mandatory, because fuck that other family's peach orchard which took a generation to grow. Also no one cares about the other stands of mature trees yellowing, defoliating, and in clear decline.3

It would likely have not made things much better even if Monsanto released their "less volatile" dicamba with the seeds4 so long as other people were selling classic Dicamba preparations for less. The competition between agriculture and chemistry is leaning decidedly in chemistry's favor with crops outside of the limited Monsanto supplied corns and alt-corns becoming environmentally impracticable. US agriculture at this point appears to on track to become a fiefdom of tort law in the same way US medicine is by this time next year. This is the story of your loss and imazapyr resistant crops can't come soon enough (archived).

  1. And even in the absence of further dicamba applications nearby it will continue to progress.  

  2. But only if the glyphosate solution actually made contact with foliage.  

  3. This phenomena is pointedly NOT limited to the portions of the Ozarks that US based media is suggesting it to be. 

  4. It seems likely they anticipated the destruction and didn't want their preparation taking the blame.  

The "Your Loss" Playbook

Posted on by

Before we at Qntra can be sorry for your loss, someone else has to bake your loss first.When a "business" decides to live at the intersection of Bitcoin money and fiat currencies your loss tends to follow the same few steps. There may be a few variation on these steps depending on whether your chosen loser is BitInstant, MtGox, Mcxnow, Homero Garza, Buterin,1 or Bitfinex.

  1. Make, buy, or steal a thing to be calling your business. If you are a true pioneer like Intersango you make it. You buy it if you are Mt Gox or Butterfly Labs. If you are Bitfinex you just straight up steal it.2
  2. You start making noise. If you are Trendon Shavers you recruit "privileged insiders" to do your selling. If you are Butterfly Labs you buy a bunch of advertising. If you are Homero Garza you buy advertising from all the media outlets and do a bit of the privileged insider thing.
  3. You build some history for either spectacular returns and reliability. You paper over the complaints with lies and declarations of "This is just how we do things" to justify the insanity. You lean on your loyal bought and paid for noisemakers3 to toe your party line.
  4. Your Loss, we are sorry.4
  5. When the complaints get too loud the payment processor and all manner of accessories to the scheme start getting scapegoated. Mt Gox had Dwolla. BitInstant had numerous payment processors to blame. At this point the existence of the loss is clear, but some effort is made to conceal the loss is yours.
  6. Tokens! A market for them! See MtGox Bitcoins on Bitcoin Builder, BFX Tokens on Bitfinex, and the entire Paycoin scheme that emerged when GAW could no longer hold up the pretense of mining.
  7. The pretense is suddenly lifted. Every one is sorry for your loss.

History rhymes and this is the story of your losses. Just like the various color revolutions, your loss follows a pattern. We're sorry.

  1. The various altcoin scams invariably end up actually being fiat/Bitcoin interface scams when the scammers need to eat off of customer deposits and pimp their rides. 

  2. preferably from another scam that too moribund to care at the time  

  3. Roger Ver and Andreas Derpolopolis are very popular and affordable choices.  

  4. The steps following this case can be skipped in the event of Trendon Shavers  

Popular Voting Machine Hacked With Seals Intact, Plays Pacman

Posted on by

J. Alex Halderman, professor of computer science and engineering at the University of Michigan, has modified a Sequoia AVC-Edge DRE voting machine to play classic video game Pac-Man. The machines were in widespread use in parts of Louisiana, Missouri, Nevada, and Virginia, according to the manufacturer Verified Voting. Instead of "using the machines to steal votes" they decide to use a MAME emulator to play the popular arcade game. The machines have 486 SLE processor and 32 MB of RAM, and runs MS-DOS as it OS. The professor said the machine was last used in the 2008 Williamsburg, Virginia primary elections, and was part of a pair sold for $100. Halderman further indicated the machine can indeed run linux as well, leaving open the possibility for a wider array of future projects.

Bitfinex Freezes US Customer Accounts Following Another Loss

Posted on by

Reports are emerging that Bitfinex account holders in the United States have had their accounts frozen. They are powerless to trade and more importantly withdraw funds from Bitfinex. The present scapegoat appears to be a dispute between Bitfinex and the payment provider Synapse pay who services their United States customers. A loss is allegedly at the center of this dispute. Sorry for yours.

Brexit Fallout : Illiterate British Justice Enacts Breach of European Declaration of Human Rights into British Legal Precedent

Posted on by

Sir Edward James Holman, born 1947, of the High Court of England and Wales, recently had this much to say in a divorce proceeding :

I have to say that I do not find it very ediffying that people in this financial bracket should be taking up a day of court time over a sum which to them, though not to others, is objectively so small. However, agreement has not been reached and I must rule.

Leaving aside the solipsistic spelling style bestowed on the otherwise innocent word "edifying", as well as a certain unfamiliarity with its meaning apparent from context1 ; and also leaving aside the ridiculous happenstance whereby the justice out of his own free will & ineptitude published matter into the public record (a right which he has), after which out of his own delusional ignorance decided he may proceed to take it back (a right which he neither has nor could possibly acquire) – this declaration also annuls previously good law in England and Wales, specifically Article 6(1) of the ECHR :

In the determination of his civil rights and obligations or of any criminal charge against him, everyone is entitled to a fair and public hearing within a reasonable time by an independent and impartial tribunal established by law.

Apparently in the newly constructed Ingsoc Republic, successor state of the United Kingdom of Great Britain and Northern Ireland after the latter's dissolution of its compact with the other states forming the European Union, the fundamental right of access to a fair trial by an impartial tribunal no longer applies ; instead an obscure system of quotas based on the petitioner's total wealth is to be employed.

In this novel and as of yet not fully documented approach to legal matters, a subject's total wealth – be it a pound or a billion pounds – entitles him to a fixed amount of court time. On that basis, the fractions of that wealth entitle him to fractions of that unit time, so a man who sues to recover a million when his total wealth is two million has better standing than a man who sues to recover a million when his total wealth is ten million.

It is perfectly understandable that Mr. Justice Holman has serious trouble foreseeing the necessary results of that naive policy ; but then again he also has serious trouble comprehending the apparently intricate workings of publication as a one way street; or for that matter the correct English spelling of reasonably common words.

With such great men, what need has England of any sheeps?

  1. Edifying is that which informs in a dispositive manner. 

Not Quite News Roundup Xtend (TM)(R)

Posted on by

Welcome to the Qntra Not quite News Roundup Xtend (TM)(R). Below are collected things that happened this week which did not independently achieve newsworthiness:

  • The United States Marshalls service announced another auction, this time only ~3 Bitcoins constituting the pot were stolen from Ross Ulbrict. The remainder come from other cases.
  • Gawker Media has celebrated their last week before becoming part of Ziff Davis by pantomiming the high school tradition of "Senior Week" and by opening an online "Men's Magazine" called "The Cuck." The Cuck's first post was:

    The Politics of Sitting Down To Pee

  • Bitfinex reopened trading as was planned. Trading included their non-consensual debt instrument.
  • Tradehill's Jared Kenna opened yet another Bitcoin "dark trading" pool.
  • Coinbase has continued their apology and solvency tour repeatedly offering that the number of Classic Ethereum tokens they lost was 40,000 United States dollars, a number denominated in a unit other than that of the actual things they lost.
  • The Huffington Post's David Seaman started off a round of Herpity Derping that supposes Barry Silbert did Ethereum Classic.
  • Barry Silbert's Coindesk announced plans to double its staff (archived).