all your crypto are belong to us (private key from public key only)

[chan] general
Oct 17 03:05

I don't know why this is hidden in the news. https://threatpost.com/factorization-flaw-in-tpm-chips-makes-attacks-on-rsa-private-keys-feasible/128474/ https://www.engadget.com/2017/10/16/encryption-companies-rely-on-has-serious-flaw/ 76$ on amazone buys your private key from your public one, 1024 key lenght. 2048keys take a bit longer. Imaging sigining git repo for ... I don't know bitmessage or, some other code you run. What would they pay to infect everyones PC. How many code signatures are hacked? Does this impact GPG? Yubi? Is this fake? A crippling flaw in a widely used code library has fatally undermined the security of millions of encryption keys used in some of the highest-stakes settings, including national identity cards, software- and application-signing, and trusted platform modules protecting government and corporate computers. The weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. The five-year-old flaw is also troubling because it's located in code that complies with two internationally recognized security certification standards that are binding on many governments, contractors, and companies around the world. The code library was developed by German chipmaker Infineon and has been generating weak keys since 2012 at the latest. The flaw is the one Estonia's government obliquely referred to last month when it warned that 750,000 digital IDs issued since 2014 were vulnerable to attack. Estonian officials said they were closing the ID card public key database to prevent abuse. On Monday, officials posted this update. Last week, Microsoft, Google, and Infineon all warned how the weakness can impair the protections built into TPM products that ironically enough are designed to give an additional measure of security to high-targeted individuals and organizations.

[chan] general
Oct 17 03:13

how ... conveeeeeeenient

[chan] general
Oct 17 03:21

It only effects keys generated from these specific hardware devices (TPMs by Infineon). So GPG is safe. And most open source repos are probably signed using software generated keys. The smart cards have a problem because they've got the TPM inside, I guess.

BM-2cX62WCeFcUwzXWqxTBfaAzNy4j1y8yZVm
Oct 17 07:41

> Does this impact GPG? Yubi? The description says it affects private keys generated by some hardware devices using Infineon chips. It doesn't affect X86 CPUs, so software GPG seems safe. I used the testing tool to test my PGP public key that's on my Yubikey as well as the code signing DER certificate that's on a different smart card, and it said both are safe (they probably don't use an Infineon chip). > Is this fake? Probably not. Peter Surda Bitmessage core developer

BM-NBiKPeWczBokYDoYzk4TRb3KCDTZbTQ2
Oct 22 00:02

It depends on the firmware version of the Yubikey. If you generate your RSA key on your local system, you are safe. https://www.yubico.com/keycheck/

BM-NBooR8MZhawaba2hW6nwPHvNiQKrTVCB
Oct 22 11:56

Had one yubikey with vulnerable firmware, it was very easy to get a replacement key, though, through the yubico website. Not using the onboard RSA generation, though.

[chan] general
Oct 28 20:30

I got my replacement from Yubi

[chan3] general
Oct 28 20:38

Infineon is part of Siemens AG. Siemens AG is part of German intelligence services. The same Siemens AG from "swiss" Crypto AG scandal. All was needed is to read carefully about Infineon's management structure. Then it will be obvious they are BND/NSA puppet. Start thinking, people. It doesn't hurt.

[chan] general
BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r

Subject Last Count
Eat this! Jan 23 00:12 6
NSAtan: From my diary [redacted] Jan 22 23:45 6
[chan] NASAtan BM-2cVc6abNRstAuWxW4bGyq9tAhf9PiS2aH4 Jan 22 20:11 1
Cicada 3301 Jan 22 20:05 1
[chan] NSAtan BM-2cTc559WqVfDXynWqMxTrJfhFVvMmTf6mV Jan 22 20:05 1
Unit 8200 Jan 22 19:22 5
Happy birthday, NIA! Jan 22 13:28 6
How To Protect Yourself from Scams Jan 22 07:06 9
Luda Jan 22 03:45 1
STFU why doncha: I'm sick of seeing this bollox continually reposted Jan 22 01:27 6
[DELETED] Jan 21 20:39 3
FINALLY FOUND A REAL HACKER Jan 21 18:06 5
What is secure? Jan 21 13:56 12
Today's output Jan 21 10:24 2
need pm's, bunker backups and any info on groups still working on the Insurance Files Jan 21 09:00 2
[DELETED] Jan 20 22:47 1
Televangelist Joyce Meyer is a Tranny! Jan 20 20:57 1
God has been building his kingdom right under your nose and you can't see it! Jan 20 18:40 5
[Big Sell] Western Union Transfer Jan 20 12:50 2
Don't drink the water! Jan 20 11:10 2
wtf Jan 20 07:15 3
Advertisement: MeinCoin Crypto Research Jan 20 01:03 1
Soviet ancient astronaut propaganda Jan 19 23:18 1
Security questions Jan 19 23:17 1
Cthulhu-Ancient Astronaut Connection Jan 19 23:17 1
I don't remember eating that! Jan 19 22:38 2
The Protocols of the Learned Elders of Zion Jan 19 21:41 2
Political Truth Jan 19 20:05 2
UK Column News - 19th January 2018 Jan 19 19:58 9
Wikileaks is a Front for Russian Intelligence Jan 19 19:58 2
UK Column News - 19th January 2018 Jan 19 19:58 5
It’s a coincidence … that Snowden got in contact with Wikileaks. Jan 19 19:58 2
- Dimitry Z. Manuilsky, Soviet Chairman of U.N. Security Council, 1949 Jan 19 19:58 2
From The Washington Times, 9/11/01: Jan 19 19:58 2
What do we know about the new head of al-Qaeda, Ayman al-Zawahiri? Jan 19 19:58 2
On Snowden and Coincidences Jan 19 19:58 2
Legacy Jan 19 19:58 4
From NTI, September 2001: Jan 19 19:58 2
From Aviation Week & Space Technology, 6/3/2002: Jan 19 19:58 2
Against the United States Jan 19 19:58 4
UK Column News - 19th January 2018 Jan 19 19:57 6
Active measures Jan 19 19:57 2
Or individual Jan 19 19:56 2
IDIOT(s) Jan 19 19:56 2
some jackass has copypasta syndrome Jan 19 19:56 2
chan Procedure Nazi Dumb Blonde SuperDick Jan 19 19:56 2
The Operating procedures of the alleged "many" are not dictated by the few Jan 19 19:56 2
Active measures Jan 19 19:55 2
Stop quoting this old tribal stories of hope. We have a better God now. Jan 19 19:54 4
More rejection of tribalism in the bible: Jan 19 19:54 8
Jan 19 19:54 25
You need urgent psychiatric help, dude. Jan 19 19:54 4
That's all you got? Ad hominem? Jan 19 19:54 4
Just think how upset you will be when you find out that there is no god. Jan 19 19:54 7
If the world hate you, ye know that it hated me before it hated you. Jan 19 19:54 4
> Quotes from my holy book I'm writing right now: Jan 19 19:54 1
Are there any Christians here or channels for Christian discussion? Jan 19 19:54 7
John 7:7 Jan 19 19:54 4
But the Shepherd will return and destroy them. Jan 19 19:54 4
You are a mental midget. Jan 19 19:54 4
Christians Jan 19 19:54 9
You have the mental illness of religious mania. Jan 19 19:54 6
"Federal Government" means "Directing the mind of the flocks": Jan 19 19:54 4
We are tired of your retarded crap. Jan 19 19:54 3
"The quick brown fox jumps over the lazy dog" (Joe Public 3:14) Jan 19 19:54 2
You hate your brother. You a heartless murderer. (John 8:44) Jan 19 19:54 4
The Greek New Testament rejected tribal distinctions: Jan 19 19:54 4
John 15:18 Jan 19 19:54 4
No, dude. Ad monkey. Jan 19 19:54 4
Quotes from my holy book I'm writing right now: Jan 19 19:54 2
"Lorem ipsum dolor sit amet" (Jane Doe 6:66) Jan 19 19:54 2
Are you willing to die for your "holy book?" Jan 19 19:54 1
1 Corinthians 6:9-10 Jan 19 19:54 1
Are you willing to be crucified for your "holy book?" Jan 19 19:54 1
IAUZIA== Jan 19 18:38 1
farmapram@protonmail.com Jan 19 18:32 1
Eric Dubay: Dinosaurs Never Existed! Jan 19 18:19 4
Christians Jan 19 18:16 35
Dinosaurs! Jan 19 17:35 2
Customer complaint Jan 19 17:12 1
Richard Spencer's Anti-White Wife Jan 19 17:05 6
proximity Jan 19 16:36 2
enmity Jan 19 16:36 2
self-denial Jan 19 16:36 2
secret Jan 19 16:36 2
justification Jan 19 16:35 2
confession Jan 19 16:35 2
IPFS test Jan 19 15:55 10
force all connections through tor Jan 19 15:50 5
camlistore / perkeep Jan 19 14:27 1
argument heard Jan 19 11:54 1
(no subject) Jan 19 08:01 21
UK Column News - 18th January 2018 Jan 19 07:59 1
n00b Jan 19 04:37 16
to boldly go Jan 19 04:36 1
Updated Broadcast List (2017.12.25) Jan 19 02:00 2
Richard Spencer's Jewish Ancestry Jan 18 21:50 1
ALT RIGHT IS 1000% Jewish. Jan 18 21:37 1
face-id -> humanity sunset Jan 18 20:45 1
The UnaBomber was a psyop Jan 18 10:01 2