Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kmfkewm

Pages: 1 ... 92 93 [94] 95 96 ... 249
1396
I actually quite like the idea of on the fly key derivation from a passphrase, I just don't know that people could memorize a password with 256 bits of entropy in it. 

"I wonder how much entropy is in a sentence like the one I am typing right now, or the ease with which I could remember said sentence. Well, I could remember it, but I do not even know if it is entropic enough in itself to be used for private asymmetric key generation!!!"

hm that sentence is 270 characters, generally safe to assume 1 bit of entropy per keystroke of an English sentence, so a passphrase of that magnitude may be adequate for on the fly password based key derivation of a 256 bit ECC key.

1397
Off topic / drug chemistry analogy puzzle
« on: March 16, 2013, 06:02 am »
Just wondering how long it will take before someone gets the correct answer.

AMT is to tryptamine as ? is to phenethylamine

1398
Off topic / Re: Which drug would you NEVER do again?
« on: March 16, 2013, 06:00 am »
mephedrone

1399
what the hell is the purpose of storing private keys at third party servers?!

1400
Off topic / Re: Who else likes child pornography?
« on: March 16, 2013, 05:22 am »
Here's what I sort of figure: child(and I mean CHILD) porn should be legal to distribute, punishable by death to film. that way, it'll be easier to track down child porn studios. Also, existing child porn will be easier to find archives of, and since it'll be easier to access, child porn studios will no longer be offering a rare, lucrative commodity. Additionally, viewers of child porn will be able to easier fulfill their fantasies. Children wont have to be harmed, since there is already currently enough child porn in existence to satisfy all the pedos. The damage has been done, might as well make use of what came of it. You might not agree with the methods by which the knowledge was gained, but regardless of how you feel, nearly all of humanity's scientific data of the effects of extremely cold temperatures on the human body(knowledge which has been applied to be very useful and save many lives) was learned from Nazi experiments.

Agree entirely (cept for CP studios offering a rare lucrative commodity, CP is pretty common and usually free). The solution is to make it so sex offenses that are REAL are severely punished, and be libertarian as fuck about everything else. It just fits in with the general theme of nobody being able to bitch about a libertarian world really. Legalize CP possession and distribution, lower age of consent to 14, take the people who pissed in the street off the sex offender lists. Now the remaining people on sex offender lists are actually sick fucks who have done serious harm to people, there is no more controversy to be had, they should be punished severely and strict laws against anything else. All this punishing people for bullshit because of moral panties being in a bunch is ruining the entire fucking world, I am so sick of it. People need to get over their fucking issues already, it is okay, we can be free omg !! We do not need to feel bad about our human nature. I think that religion and the government must have seriously warped the minds of god damn nearly everybody on this planet, we are afraid and ashamed of sex we are afraid and ashamed of drug use. We have no tolerance for people who do things we find disgusting even if they are not hurting anybody. In my mind it is no different to want to castrate somebody for looking at CP than it is to want to beat up some gay people. If CP looker rapes a child then it is justified, if gay person rapes a man / woman it is justified. Otherwise they cause no harm leave them the fuck alone and mind your own business. People say omg omg omg pedophiles rape children we must punish CP viewers. Why not say omg omg omg men rape women let's punish porn viewers. They mix shit up so much it makes me nauseated to see their logic.

Quote
An agreement can be made that to view the child porn, they sacrifice some of their privacy so that whatever authority figure is in place can better keep tabs on them, and ensure they dont take their fetish to the next level. and since their fetish will no longer be so taboo, they might be more willing to come out about it, so as to be embraced by a government that responds, not with persecution, but with mental health & counseling services.

I don't like idea of government monitoring people who have not hurt anybody. Should all males be monitored as potential rapists? Guess what there is actually a huge body of evidence that it is common for males to fantasize about rape, and really many probably feel urge to rape. It makes sense really from an evolutionary perspective, if there is any genetic component to rape the rape gene is going to be extremely prominent considering for most of the history of humans rapists were not punished or even easy to identify in the first place. But despite this only a small percentage of men rape women. And I see this parallels with pedophiles. They inherently desire to have sex with children, which is in itself inherently rape. It does not mean that they are going to go out and rape a ton of kids anymore than a normal man is going to go out and rape a bunch of females.   

Quote
To go one more level further of exchanging pragmatism for ethics, an initiative could be set up, so as to observe just how traumatizing sexual acts actually are on children, and learn ways in which those acts could be carried out so as to mitigate the trauma, and ways which would be most effective in post-child-sex-abuse years to learn the most effective trauma-negating counseling methods. You of course wouldn't be able to completely make up(from an ethical standpoint) for subjecting children to such things, but sums of money that ensure a high uality of life in their later years would of course help. Im not actually advocating this, but it's a fact that the world is gradually becoming more progressive, and such a concept might not seem so unreasonable to people in the future.

Already some libertarian and anarchist leaning people have suggested legalization of voluntary child prostitution. Their logic is that poor impoverished children in third world countries may see it in their benefit to do this, and that the current laws against this do more harm than good to such children, who end up starved to death rather than molested and living. They also say this will lower market value for child prostitution and lead to less adults using coercion to make children prostitute themselves, as they will not be able to make as much money from it.  I....don't really care about this. I will argue strongly as fuck that we should not harass people for viewing images or videos of anything. I will let more extremist libertarians argue for legalization of voluntary child prostitution, or that such a thing could actually exist. I doubt they have much luck.

Quote
As far as the ethics of jailbait are concerned, if a 15 year old has C-cup titties, theres notning wrong with fapping to it.

I really find it impossible to imagine that most men are not attracted to 15 year old girls. I mean, photographic forensic scientists cannot even reliably differentiate between girls of 14.5 years old and 18 years old, so what makes them think that they can? Teenagers are sexually matured physically, in a lot of the developed world (and undeveloped, and developing) 13, 14, 15 years old is legal for sex anyway. And are we not biologically wired to be attracted to fertility and youth? Pretty sure you can't find someone more fertile and youthful than a teenager. I think the people who deny these things are just denying human nature really , they cannot even be honest with themselves because they are ashamed because society tells them to be ashamed and they in turn repeat this to society. It is just one big cluster fuck of liars really, lying to themselves and to each other.

Quote
If jailbait was made legal, would it be easier for porn studios to manipulate emotionally unstable teenagers not mature of to make decisions rationally, especially at a point in their lives where they are financially unstable? Sure, but that's the issue you tackle; dont ban jailbait as a whole. If drunk driving is dangerous, then outlaw it specifically, instead of all banning all consumption of ethanol.

Shit vast majority of jailbait porn is made by teenagers with cellphone cameras.

Quote
I've gotten a blowjob from a 14-year old before. Was I more "mentally capable of rationality" of her, and thus, "manipulating her emotions and taking advantage of her reduced ability to make judgements and her sexual insecurity in the face of  being pressured into doing so" by making out with her and realizing she'd let the situation go to the "next level"? Well, I was going to say "no", but I realized after writing that sentence out that it was more accurate than I initially intended. But nonetheless, she still made the decision. and as far as nature is concerned, she was of sexual maturity. and I guess I could also bring up how the ethics of sexuality are arbitrary.

you could also point out that she is 14 and it isn't like willingly giving a blowjob is going to scar her for life, or probably at all honestly.

Quote
Besides all that, distribution of jailbait wouldnt be contingent upon a a soley-concerned-with-profit porn studio for distribution, and the combination of iPhones, bathroom mirrors, and boyfriends a grade-level above making reQuests  has proven.

Hell, jailbait has probably even less a for profit component than CP does. I think it is essentially exclusively self produced. Though does seem to be a trend of people extorting teens through the internet after obtaining an initial nude image of them, which of course should be crime still. In fact it is a crime to do that to adults as well.

1401
If you are talking about only storing the private key server side, and doing everything else with a client side application, I guess I just completely do not understand why you would store the private key on some third party server in the first place. Why don't you make something like FireGPG, that sounds a lot more trustable than something that inexplicably needs to keep private keys on a third party server, despite everything else being done client side.

Giving you the benefit of the doubt, I guess I just don't understand what problem you are even trying to solve. At first I thought you wanted something like Hushmail, then I thought you wanted something like Privnote, now I think you want something like FireGPG that inexplicably holds private keys on the server. Honestly, I have only skimmed this thread, although I did see your glaring post about the secrecy of private keys being of less than utmost importance, and had to LOL at it.

1.

I suppose you could use something like a brain wallet, although I am not sure exactly how secure it would be in practice. With ECDH it would be something like, the user types in their password (hopefully highly entropic), which is hashed with let's say SHA-256 and a PBKDF with some thousands of iterations or so to slow down brute force. Read the resulting hash as a BIGNUM and treat it as the ECDH private key, then elliptic point multiply a generator for a known 256 bit elliptic curve with it to get the public key. Provided the users password has enough entropy in it this should allow them to derive the private/public keys securely on the fly wherever they are, so long as they have their password. Now the private key only comes into existence when it is required, which is superior to storing it distributed across multiple servers, and even to storing it symmetrically encrypted on the clients computer as is traditionally done. The main issue with this is that normally these asymmetric algorithms are as secure as the PRNG used to generate the key pairs, and the strength of the users password only becomes relevant after their system has already been seized and the attacker has a copy of their symmetrically encrypted private asymmetric key. Using PBKDF to derive a private asymmetric key literally makes the users communications as secure as their password, as the attacker can then get their private key by brute forcing their password while having only a ciphertext of a message rather than the ciphertext of the encrypted private asymmetric key. But if the users password is entropic enough it should be fine, and of course the PBKDF slows down attempts to brute force some as well.

2.

everything should be client side. I see absolutely no reason for a required server side component for something like GPG.

3.

easy to do with mlock

1402
Off topic / Re: Who else likes child pornography?
« on: March 16, 2013, 02:06 am »
You're fucking 16?!

Kids shouldnt be using SR.

GTFO!

I was moderator on underground drug forums when I was such an age, part admin of my own shortly after, with people same age running it. Shit some of the biggest vendors in history of the scene started on drug forums as teenagers. You would be surprised.

Quote
Okay so YOU'RE not a fan, but saying other people should be free to be if they want to. I pretty much agree with Pinkbits or Pinksomething or whatever on the Philosophy thread. There IS an ugly side to at least some types of child pornography, very ugly, you obviously didn't see those sites or you'd want to choke the fuck out of these people, chainsaw their fucking arms off and cut off their fucking limp [edit.], assuming you were decent. There's abuse present in child pornography, at least some types, like you wouldn't believe. And I don't want a whole heap of stats on this. This isn't a freedom of choice issue. Tell that to the mothers of 5 year old girls who have been brutalised beyond belief and murdered, jesus, it isn't child pornography in some instances its snuff. My point is some things have a spin-off effect. TBO, the only way to treat these fuckers is how they have treated these children.

Piece, Love, and Fuck Haters.

I know some CP is horribly disgusting and disturbing beyond belief. People making such things do not get any pity from me, they deserve worse than they get now. Lots of CP has abuse in production really, to different degrees of course, the only CP I think has no abuse aspect is a lot of jailbait anyway. The thing you do that is irrational is you equate producers to consumers, it is like your hate of them is too big to contain and you let it spill over to others. The people who look at a picture of the worst CP, they are not the ones who hurt anybody. Put the blame where it belongs on the people doing the bad things, when you put the blame for them onto others you make it seem like they are not as bad as they are while making others seem much worse than they are.

1403
Off topic / Re: Who else likes child pornography?
« on: March 16, 2013, 01:58 am »
Define "Child porn".

and what about me? I love me some jailbait, and shouldnt it be more acceptable that I enjoy it over regular porn, considering Im not even 17 years old?

Just don't get busted , jailbait porn is still technically CP and can get you charged with the same shit as having any other type of CP. Although it is low priority of LE, sort of like the marijuana of child porn I suppose (maybe even less of priority really).

1404
Off topic / Re: Who else likes child pornography?
« on: March 16, 2013, 01:35 am »
Isn't it ironic that pictures of children being sexually abused are illegal, while pictures of children being tortured or killed, or pics of dead kids, are legal (as long as they are fully clothed)?

Pictures of rape and sexual abuse of adults are also legal.

How do you square that?

isn't it ironic that pictures of 17 year old girls flashing are illegal , but it is perfectly legal to fuck 17 year old girls in several parts of the USA? I think the most strange thing is that in the USA the difference between an upstanding citizen and a child sex predator is a few miles of land separating states.

1405
Quote
My point is this:
Having access to a private key is useless.

Having access to a private key lets you decrypt all messages encrypted with its corresponding public key. Public key cryptography is rendered useless if the attacker gains access to your private key. I will agree that it doesn't necessarily mean that the attacker can decrypt all of your messages, first they need to obtain the ciphertexts in the first place. But I do mean that it renders it entirely fucking pointless to have used asymmetric crypto in the first place, if your attacker has access to your private key. You are then banking on the attacker not being able to intercept your messages, but in the case that they do intercept your message, you may as well have not even used asymmetric cryptography in the first place. Thus it is stupid to claim that an attacker having your private key is useless, an attacker having your private key renders cryptography entirely useless and changes the problem to one of server security or some such thing, assuming encrypted links , without which the attacker could use a wiretap to spy on the information in transit. You are essentially arguing against using asymmetric cryptography for messages and rather only for links, with the security for messages coming from server hardening. Server hardening is important, but it is not nearly as important as asymmetric cryptography for encryption of stored communications at the rendezvous server, which is cryptographically secure and not something that is compromised on a regular basis, unlike server hardening. Essentially your claim is reduced to saying that people on SR shouldn't use GPG, but rather should hope that DPR is trustworthy and has perfectly hardened the server.

Quote
If I had an anonymous PGP Private key but did not know who's it was it would be absolutely meaningless and useless to me, I couldn't do anything, I would have to brute force every PGP message I could find in the blind hope I found one and that is to borrow a term 'an astronomical number'.

2^128 is an astronomical number. 2^256 is an astronomical number. There are NO WHERE near 2^128 GPG encrypted messages. Also, your system would involve a concentration of ciphertexts at a server, testing every ciphertext on that server with every private key wouldn't take much time at all. Even if the attacker cannot link a private key to a specific person, after they quickly find the messages that the key can decrypt, they will be able to select targets based on the contents of the communications. What you are arguing sounds a lot like security via obscurity actually, rather than security via the cryptographic system (rendered null by the attacker having the private key), you are saying people should rely on security via the obscurity of their ciphertexts. Anyone with a masters degree in cryptography would recognize that this is ludicrous.

Quote
Remember why I made my point in the first place, the statement is useless out of context. The app would hold a private key against a username, I was saying if that username had no link to your SR account at all, then even if someone were to break into my server and get them all, they would be worthless.

Really they would be worthless? Because they cannot test them against each of the ciphertexts on your server until they find the ciphertexts they can decrypt? Actually GPG ciphertexts usually have key ID embedded in them so they don't even need to brute force decrypt the messages they can look for the messages that are encrypted to the key ID that they have by virtue of having the private key. Shouldn't someone with a masters degree in cryptography know this?

Quote
My point was, I thought, quite clearly that a malicious party getting hold of a private key would only be a problem if they also knew who's it was and had a message that they KNEW was encrypted with the corresponding public key.

Pretty easy to tell if a message is encrypted with a corresponding key considering that by default GPG ciphertexts have key ID they are encrypted to embedded in them. I guess your server side implementation of GPG could always use --throw-keyids , but it is still just a matter of brute force decrypting messages. Unless you have 2^128 ciphertexts on your server, that seems like it will not be very good to rely on. Also, are we still assuming that you, the most trustworthy person in the world, are to be the keeper of the private keys? So since it is your server, doesn't that mean you also have access to all the message ciphertexts? Do you really expect us to believe that you cannot brute force ciphertexts until you find the private key that decrypts them? Anyway, how do you even plan to separate the keys from the messages while still managing server side encryption? Also, if an attacker can hack into your server and steal private keys, do you think they cannot hack into your server and steal message ciphertexts? Anyway it sounds like you are still arguing for security via server hardening rather than security via asymmetric cryptography.

Quote
The second part therefore was saying, if someone has access to your messages on your SilkRoad account then they must have had access to your silkroad account or the whole silk road server, in which case the security of my server would be relatively unimportant (i.e. you'd have bigger problems).

So your system doesn't hold ciphertexts, but only encrypts data for transit on other servers, like SR? Well let's see, you advertise your service on SR and it will likely be used by a largely SR audience. Now if LE pwn SR and get ciphertexts, they only need to pwn your server and get private keys and then try them against ciphertexts until they find ones that decrypt into intelligible things. Easy to do, and without 2^128 messages to go through, far easier than trying to directly attack the ciphertexts without the "useless" private keys. The full point of using asymmetric crypto to protect messages on SR is to protect yourself in the event that SR server falls into the hands of the authorities, so the full point of using it is to make it so you DON'T have bigger problems if the server is hacked/pwnt/seized. Once again, it sounds like you argue for security of communications via server hardening and link encryption, rather than end to end asymmetric cryptography. This is widely known as being a far inferior method of trying to protect communications, so it seems strange someone with a masters degree in cryptography would advocate for it.

Quote
If you really feel the need for more pedantry and the suggestion that someone with a masters degree in cryptography might not understand the necessity or point to encryption then please feel free to PM me but can we keep this thread to ideas on possibly implementing this app or objections to the idea rather than picking on the semantics of the OP who is very likely using some of the narcotics he stocks and so doesn't triple proof his posts...

Sorry for that last little rant, I'm just slightly surprised at the direction this thread has taken. I don't mean any offense.

I highly doubt that you have a masters degree in cryptography, or you would not say such stupid shit as it doesn't matter if the attacker has your private key.

1406
Off topic / Re: Who else likes child pornography?
« on: March 16, 2013, 12:27 am »
     1880    1920    2007
Austria    14    14    14
Belgium    -    16    16
Bulgaria    13    13    14
Denmark    12    12    15
England & Wales    13    16    16
Finland    -    12    16
France    13    13    15
Germany    14    14    14
Greece    -    12    15
Italy    -    16    14
Luxembourg    15    15    16
Norway    -    16    16
Portugal    12    12    14
Romania    15    15    15
Russia    10    14    16
Scotland    12    12    16
Spain    12    12    13
Sweden    15    15    15
Switzerland    various    16    16
Turkey    15    15    18
Argentina    -    12    13
Brazil    -    16    14
Chile    20    20    18
Ecuador    -    14    14
Canada    12    14    14
Australia          
New South Wales    12    16    16
Queensland    12    17    16
Victoria    12    16    16
Western Australia    12    14    16
United States          
Alabama    10    16    16
Alaska    -    16    16
Arizona    12    18    18
Arkansas    10    16    16
California    10    18    18
Colorado    10    18    15
Connecticut    10    16    16
District of Columbia    12    16    16
Delaware    7    16    16
Florida    10    18    18
Georgia    10    14    16
Hawaii    -    -    16
Idaho    10    18    18
Illinois    10    16    17
Indiana    12    16    16
Iowa    10    16    16
Kansas    10    18    16
Kentucky    12    16    16
Louisiana    12    18    17
Maine    10    16    16
Maryland    10    16    16
Massachusetts    10    16    16
Michigan    10    16    16
Minnesota    10    18    16
Mississippi    10    18    16
Missouri    12    18    17
Montana    10    18    16
Nebraska    10    18    17
Nevada    12    18    16
New Hampshire    10    16    16
New Jersey    10    16    16
New Mexico    10    16    17
New York    10    18    17
North Carolina    10    16    16
North Dakota    10    18    18
Ohio    10    16    16
Oklahoma    -    -    16
Oregon    10    16    18
Pennsylvania    10    16    16
Rhode Island    10    16    16
South Carolina    10    16    16
South Dakota    10    18    16
Tennessee    10    18    18
Texas    10    18    17
Utah    10    18    16
Vermont    10    16    16
Virginia    12    16    18
Washington    12    18    16
West Virginia    12    16    16
Wisconsin    10    16    18
Wyoming    10    16    16

1407
Off topic / Re: Who else likes child pornography?
« on: March 16, 2013, 12:21 am »
Chemical castration and/or incarceration, seems have the "best" results for society. Mentally ill people who pose a possible threat are locked away and pacified medicinally all the time.

Kmf you obviously don't have children and I doubt you ever will.   

Do you find it at all strange that for thousands of years humans regularly engaged in sexual intercourse with people from age twelve and above, and only in quite recent times did the socially accepted age of sexual intercourse increase by several years, particularly in the USA which has one of the highest ages of consent in the *entire fucking world*? It seems to me like it is pretty much natural for males to be attracted to anyone who is post pubescent, certainly to be attracted to people who are illegal in all of the USA, but recent artificial cultural shaping has caused most people to suppress this natural tendency, in the USA in particular to what can only be described by a rational human as a pathological degree.

1408
Off topic / Re: Who else likes child pornography?
« on: March 15, 2013, 11:51 pm »
Not a fan of prepubescent children, teens can be attractive though.

You were a fan of prepubescent children before this thread.......weren't you? With all your .edu the stands you sometimes take are amazing. (I'm not even trolling, I'm trying to be nice, but not good at it.)

Teens can be legal though. Age of consent is 17. Age of legal adulthood id 18. And no, don't throw all t[edit. you know what i actually dont give a fuck]

Piece, Love, and Fuck Haters.

Nope never been fan of prepubescents, pretty much anything under 14 I am not attracted to, don't give much of a fuck about what is legal honestly although I don't go out trying to fuck highschool girls regardless. Don't give any shits about people looking at CP of any age or variety, all arguments I have heard against CP possession being legal are fundamentally flawed , some more so than others. Pretty much I think people should be free to do what they like so long as they do not hurt others, anonymously looking at pictures of other people hurting others is not really hurting others and nothing is likely to convince me otherwise (I have heard all flawed arguments, they are not convincing). Pretty much sums things up I guess.

1409
Newbie discussion / Re: NEWBIE AND NEED A QUICK BIT OF ADVICE
« on: March 15, 2013, 10:35 pm »
don't use caps locks for titles. That is my quick advice to you.

1410
Off topic / Re: Who else likes child pornography?
« on: March 15, 2013, 09:49 pm »
Someone should make a site on the dark net where you can watch pedo's being killed.

I'd even pay to use it.

Scum of the earth  >:(

Worst thing is, you get a longer time in jail for selling drugs than you do for having like 10'000 kiddy porn images on your computer. This world is fucked.

Although both things should be legal, people selling drugs has almost undoubtedly done more damage to the world than all the CP collectors in the world have (by virtue of collecting CP anyway). Of course most of the damage done by the drug selling is actually done by the government by proxy, but there are not cartels of CP traffickers murdering tens of thousands of innocent people a year, and the CP collectors actually funding child abuse are but a small minority, and increasingly smaller.

Pages: 1 ... 92 93 [94] 95 96 ... 249