Silk Road forums

Quote from: astor on January 11, 2013, 04:13 pm

It is probably unknown how many primes are in 127 bits (1.7e38 numbers), but given the trend, it's a tiny percentage .

The number of primes less than any number, n, is approximated by the formula n/ln(n)
So between 0 and 2^127, there are about 1,932,770,406,530,700,000,000,000,000,000,000,000 or ~2^120 that are prime.
(it comes out to slightly more than 0.01%)

But it is not 0 ... 2^127 in practice, because you know that two 8 bit primes are not going to be multiplied into a 128 bit composite number. Although technically the key space is all primes between 0 and 127 bits, in practice I was told the key space is closer to the number of primes that are 127 bits.

It is a bad move to post your tracking info here.

The number one rule about VPN's is that you should assume they are all entirely compromised. The second rule is that you should keep in mind asking for a VPN on a site like SR is essentially asking the feds if they would like your IP address. That said, JAP seems to be above average as far as VPN providers go. They will immediately start logging as soon as they get a court order to log traffic to a particular site or from a particular user, but they give you two or three hop cascades so usually two different court orders in two different countries are required. And they are very strict about not logging anything until they get a court order forcing them to do so. That is pretty much the best you can hope for.

Or you could go search around for some sketchy Russian service and buy a VPS from them. Personally I would be more inclined to buy a VPS to exit through if I wanted to have an exit IP address that didn't identify me as someone using an anonymity service. VPN services have their IP addresses on many of the same block lists as Tor exit nodes do.

If we can crack a 1024 bit key today and computing power doubles every year, then we could crack a 2048 bit key in about a thousand years, since the key space is 2^1024 times bigger than for a 1024 bit key.

The thing is, our ability to brute force keys appears to be increasing faster than Moore's Law. Assuming a doubling rate of one year, we would only be able to brute force 1 more bit per year, 10 bits per decade. The largest cracked key size is increasing much faster than that.

2048 bit keys don't have 2^1024 times bigger key space than 1024 bit keys, key space only doubles with each bit for symmetric keys.


there are two 1 bit keys:
1
0

there are four 2 bit keys:
11
00
01
10

any combination of 1's and 0's can be used as a key, and thus (assuming the key is properly derived from an entropic enough passphrase), the attacker must try all possible combinations (or until they find the correct one).

With asymmetric crypto, the problem is a bit different. You are not guessing permutations of 128 or 256 bits until you get it right. Rather you have some number, perhaps a large composite number, and you need to find other numbers that are related to it, perhaps you need to find two prime numbers that are multiplied together to equal it. The difficulty of solving these problems generally does not double for each additional bit, where as the difficulty of finding a permutation of 2^x bits obviously doubles for each additional bit.

I am sure someone better at mathematics can explain it better than I can, unfortunately I am not aware of the exact algorithm used to calculate asymmetric key space for a certain algorithm / key strength. I know there have been several different algorithms of different efficiency for prime factorization, however none of them are efficient enough to be a threat to sufficiently large key spaces. But the point is that it is a bit more of a moving target I suppose. I am not sure when the last major break through regarding prime factorization algorithms was either. Here it says that 600 bit RSA is 25 times harder than 512 bit RSA, but obviously a 600 bit symmetric key is 2^88 times harder than a 512 bit key.

https://www.rsa.com/rsalabs/node.asp?id=2088

It might be argued that this historical data lies BELOW what was theoretically achievable at each data point; that the data represents only modest efforts to break large keys. For example, to do a 600-bit key is about 25 times harder than RSA-512 and would require 5 times the space.

Many hosts provide KVM over IP with their default dedicated server packages. It also isn't exceptionally rare to have two servers at a data center with one hooked up to the other on a LAN, some websites have dedicated database servers that have no reason to be directly connected to the internet.  A quick google search reveals this host, although there are several others like them:

http://www.svwh.net/kvmoverip.php

Most SVWH Dedicated servers can be ordered with "Lights Out" IPMI KVM over IP Remote Management support built into the motherboard. IPMI (Intelligent Platform Management Interface) is a hardware-level interface specification that provides remote provides remote Keyboard-Video-Mouse access to your server for complete hardware control, including reboots - even if the server is powered off. The control console provides hardware monitoring, diagnostics, and the ability to remotely load ISOs from your local PC. With IPMI server administrators can view a server's hardware status remotely, receive an alarm automatically if a failure occurs, and power cycle a system that is non-responsive.
Key Features:

    IPMI with KVM Over LAN **
    Serial Over LAN (SOL)
    VSC 2.0 supports Video Solutions up to 1024 x 768 @ 60Hz **
    Virtual Media Over LAN (Virtual USB Floppy/CD and Drive Redirection) **
    LAN Alert-SNMP Trap
    Event Log
    OS Independent
    Hardware Health Monitor
    Remote Power Control
    Management Tools - IPMIView, CLI (Command Line Interface)
    Support RMCP & RMCP + Protocols

How does it work?

IPMI defines the protocols used for interfacing with an embedded service processor. This service processor – also known as Baseboard Management Controller (BMC) – resides on the server motherboard. The BMC links to a main processor and other onboard elements via a simple serial bus.
What does it do?

A Motherboard with an onboard Intelligent Management controller monitors onboard instrumentation such as temperature sensors, power status, voltages and fan speed, and provides remote power control capabilities to reboot and/or reset the server. It also includes remote access to the BIOS configuration and operating system console information via SOL (Serial over LAN) or embedded KVM capabilities. Because the controller is a separate processor, the monitoring and control functions work regardless of CPU operation or system power-on status.
Anytime and Anywhere!

An administrator accesses the BMC by using an IPMI-compliant management application loaded on a PC or via a web interface on a management appliance that includes IPMI management and KVM. The IPMI protocol leverages an out-of-band network (typically dedicated for server monitoring and management), which provides a secure path for mission-critical applications when regular in-band connectivity is lost or is unresponsive. IPMI messages follow the same format whether they are received through an operating system or are sent and received out-of-band.
Remote OS installation from an ISO

Use SSL or the Supermicro Intelligent Management web interface to install an OS from an ISO on your local machine.
Additional Features

The IPMI 2.0 specification supports Serial over LAN to redirect serial console functionality into IPMI over IP. Administrators can then gain full remote access to text-based system information and control for BIOS, utilities, operating systems and applications. IPMI 2.0 also offers major security enhancements. In summary, SIM includes the following key features.

    Embedded microprocessor providing optional out-of-band KVM capabilities, extending the use of a single keyboard/monitor/mouse to the entire network.
    Enhanced authentication support that provides stronger processes for establishing secure remote sessions and authenticating users.
    Enhanced encryption support that allows for secure remote password configuration and protects sensitive system data when transferred over the network

These high disk density servers can be configured as either Database Servers utilizing 15,000 RPM SAS drives for faster seek times and high I/O speeds or as Storage Servers utilizing low cost SATA drives to maximize storage capacity; add to either of these server platforms a choice of multiple RAID options and you have servers designed to meet your Business Critical database and storage needs.  All SVWH Dedicated DB and Storage Server offerings have 64-bit Quad Core processors and can support up to 32GB of RAM.

Dedicated Storage Servers provide a dedicated back-up solution for web infrastructure environments that typically include web, application, and database servers. Many companies choose to have a dedicated storage server solution to maximize capacity, improve manageability, and enhance security.

If a dedicated high capacity storage server is unnecessary or is beyond your budget Silicon Valley Web Hosting also offers managed back-up services in the form of private partitions on our shared Network Attached Storage servers. These servers are redundant RAID array servers connected to our private network within our data center, and are not publicly accessible via the Internet. As part of our managed backup data storage solution, you can purchase from 10 GB to 1 TB or more of network storage for backups and data storage external to your dedicated servers. To learn more about SVWH Managed Back-up Services click here.

Dedicated Database Servers are computer systems that provide database services to other computers. A typical scenario is for web and/or applications servers to access a database server or servers over a private network.

Database servers typically allow concurrent access by end users or applications to improve performance, they maintain the integrity of the data, and handle transaction support and user authorization.  The database server manages the processor-intensive work such as data manipulation, compilation, and optimization, and sends only the final results back to the web and/or application server.

For higher levels of redundancy or availability multiple database servers can be clustered or federated letting you spread the processing load across a group of servers by horizontally partitioning the data .

So they have two standard packages, one includes KVM over IP for dedicated servers, and the other includes a server on their LAN to be used as a database server that is not connected to the internet (of course you don't need to actually use it as a database server). So that right there is exactly what you need pretty much, although I am not sure how to configure the KVM to be accessed as a hidden service I am pretty sure it can indeed be done.

Pretty much the only advantage I see to doing colocation is that you can set the chassis intrusion detection system yourself, and also you can be sure that everything is how you think it is from the get go instead of having to have any initial trust in the hosting provider. However KVM significantly reduces how much you need to trust the host, since you can remotely install the entire OS yourself etc etc.

Don't get me wrong, there are some clear cut benefits to doing colocation or even running the hardware in your own house, but I just do not think those benefits outweigh the major advantages of using a server that has no way of being tied to your real identity even if it is totally compromised. Having the server registered with fake info and unlinkable to you is a last line of defense that I personally would not feel comfortable without.

Also it doesn't look like this host offers chassis intrusion detection, but plenty do. You need to keep in mind that legitimate corporations use servers in data centers, and sometimes they have quite valuable information in the data center. There are many non-criminal reasons for wanting your server to immediately encrypt all of its persistent data / wipe its RAM if the case is breached without authorization...and thus the service is provided by plenty of hosts. The thing is though you sort of need to trust that they have properly configured things in the first place if you do not use colocation and configure it yourself, but another thing to keep in mind is that if the hosting provider is legitimate there is a high chance they are going to have things configured properly simply because they will expect that you are running a legitimate business, not a criminal website that they may someday want to assist law enforcement in attacking.

signing for packages is bad. There are hundreds of stories of people signing for drug packages and then being arrested. Maybe try to google a little bit?

PGP can be cracked by an attacker with sufficient computing resources. Once you get to 4,096 + bit keys though it is not really feasible for someone to crack in our life times without having a quantum computer. Highly parallel traditional computers can mimic quantum computers, but the resources required to crack that strong of an RSA key with traditional computing power are extremely massive.

I am not sure where in this argument you give any reasoning for an OTC system being superior to a licensing system, which is what I advocated; but I suppose that someone who has been doing meth since they were 14 instead of letting their brain fully develop and who has been hanging out with drug addicts his entire life might have a hard time following or responding to an argument using logic.  (SIDE NOTE: Awesome having the balls to call someone you don't know a drug addict when you've been a meth head since 14).

First of all I will admit that I responded too harshly to you, mainly I am irritated at the wanker known as Limetless (whose name is somewhat of an oxymoron as it is not spelled correctly), I should not have snapped at you. In fact, your proposed system is not that bad at all. Mainly I hyper focused on one particular statement of yours

and move to a model of discouraging use and helping those in trouble instead of punishing them.

I disagree with this. First of all I took it to imply that you consider drug users to be in trouble, although this may have been reading into what you said. However I also disagree with discouraging drug use, you seem to be of the opinion that drug use is inherently bad and I highly disagree with this. We should not discourage drug use, rather we should encourage responsible drug use. I suggested that you go to rehab not because I think you are a drug addict, but because you are a drug user who advocated discouraging drug use, thus making yourself somewhat of a hypocrite.

I never said our current system is beneficial to anyone.  I said we need to move away from it (short term memory already forgot that part?).  I agree with some of the things you say in this paragraph, but you also display a shocking amount of ignorance for the fact that other people in the world don't hang out in the same crowds as you do.

Actually according to the professional IQ testing I have taken my short term memory is in the 99th percentile, so nope short term memory has not already forgotten that part. Your argument in your second post is that one reason for drugs to remain illegal is because children will use them, my counter argument was that children are already using drugs. You particularly named methamphetamine as a drug that children will use if it is legalized, I countered this by saying the fact of the matter is that when I was a child I and my peers already had ready access to methamphetamine.

Sure, whether drugs are prohibited, licensed, legalized, or whatever, you and your druggy friends will continue doing meth and feeding it to your children.  But whether or not you want to admit it, the current system of prohibition does discourage and prevent many people throughout society from partaking in these drugs.  Some of it is simple fear of breaking the law, others just don't do it because everyone around them see it as morally wrong.  It is always going to be possible for people to obtain drugs, but that doesn't mean we should just give unlimited access to everyone without any education and pretend like it's a regular part of life for everyone to do them.  This is just asking for trouble.

Fortunately for me I never became addicted to meth despite trying it some dozen or so times at a young age, although indeed I do have quite a lot of druggie friends! However none of my friends have fed meth to their children, although some of them were fed drugs by their parents as young children . The thing is, whether or not you want to admit it, children who want to use meth are going to use it regardless of what the law is. Trust me, I know this. I remember being young and although I knew plenty of people who didn't want to use meth, I cannot recall a single person who said 'Well I would love to use meth guys, but it is illegal so I better not!" , and in my opinion you are living in somewhat of a fantasy if you think this is at all a common occurrence. You say that we should not give unlimited access without any education, but that is exactly what you are arguing for. See, there already is unlimited access. Anyone can get hard drugs, even young children can without challenge. By making the drugs illegal you are clearly not stopping children from having access to them, but you are ensuring their exposure to the criminal world, you are ensuring that they are not properly educated and you are ensuring that there is a lack of quality control. The only thing you are failing to do is prevent children from gaining access to drugs.

How many people do you know over the age of 21 that haven't tried alcohol?  How about meth?  Well, maybe you're a bad example since it seems that all of your friends are druggies but hopefully you see my point - the free access to alcohol, not to mention all of the marketing around it, has caused our society to be one in which it is almost unheard of that a normal person hasn't at least tried alcohol at some point in their life.  Do you truly believe that society would be better off if every person experimented with heroin and meth and cocaine?  All this is likely to do is turn out more addicts in the world as people with addictive personalities try something they want to keep doing.  There is no reason to encourage this sort of behavior.  People should be able to seek out mind altering experiences if they wish.  And that is why I am in favor of a licensing system that allows those that are interested to fulfill their wishes, so long as they are responsible citizens of society and not bums or criminals who either can't afford it or have proven themselves to be irresponsible already.

Do you seriously think that the only reason meth has not been tried by as many people as alcohol is because meth is illegal? Maybe in your world people give half a fuck about the law, but in my experiences things being illegal does not prevent people from trying them. Also your hypocrisy continues to show by accusing me and my friends of being druggies, because although this is true you are obviously a druggie yourself. I mean, you have admitted to using MDMA multiple times as well as DMT, four drug experiences in a year comes down to once every three months (assuming that this is all you have done), and in the eyes of mainstream society this enough to qualify you as a druggie. Also, I have experimented with heroin meth and cocaine and I do not feel as if my life is much worse from it. Meth I tried at the young age of 14, I didn't keep track of how many times I used it but I would say under two dozen. Cocaine I tried multiple times over a few months when I was 17, and heroin I partook in several times over the course of two weeks when I was 22. I did not become addicted to any of these substances, I did not resort to stealing to fund my 'habit' , pretty much nothing bad happened to me. Now I do know that bad things can happen to users of these drugs, just a few days ago a friend of mine overdosed and died from heroin. You know what I blame for this? I blame the fact that he was fresh out of prison for a failed piss test and he had no tolerance. I blame the fact that end users never know the purity of the heroin they are taking and he couldn't have known the exact dose he was taking. Maybe he would still have died if heroin was legal, I guess nobody really knows, but I think that if heroin was legal and pure and not cut that he would probably still be alive today. I also know plenty of people who have become addicted to meth and heroin and coke and turned into thieves to support their habits, of course I believe that if these drugs were legal they would be more affordable and people would be less likely to turn to crime to support their habits. Cigarettes are quite addictive, alcohol is quite addictive, and I do not see people stealing to support their alcohol and cigarette habits. 

You completely failed to respond at all to the comment about unemployment, something I am guessing you will end up filing for at some point in your life if all you do is hang out with meth heads and people going to prison.   There are also the healthcare costs to consider.  But of course that doesn't matter to someone like you probably as you're probably not paying back into the system anything.  In your eyes, we should just let you do your drugs and then pay for your unemployment and healthcare after you've lost all your jobs and destroyed your body I suppose?

Aha now I see the type of person you are. It makes sense to me that you would be one of the liberals who are quite concerned with the lives of all others, simply because you feel some need to 'help' drug users. See I do not think there should be any taxation or social safety nets, so there is no worry about unemployment or health care of drug users being paid for by society. Now I know that socialist liberals are really at odds with drug legalization because they want to steal money from everyone and use it to fund things like health care and unemployment, but if you stop supporting thievery and start supporting total freedom you will see that these things are actually not issues at all. Additionally, yes I have a great many druggie friends, some of them are even pretty bad people unfortunately. A lot of them are not though. A lot of them have been to prison simply because of the fact that they have been arrested with drugs, and indeed after this happens they tend to become more and more a part of the criminal world. That is one of the side effects of drugs being illegal after all, children are not prevented from using drugs but they are forced to associate with criminals, they become part of the criminal world when they go to jail for drug charges, and then eventually they overdose on impure heroin and die. Of course I have to put the blame on them, but really the blame falls just as much on the prohibitionists.

See you really have me entirely misunderstood, but it is nice to see your prejudice against drug users and people who have been incarcerated for drug crimes, it really makes me feel less bad about earlier calling you a hypocrite, and once again I feel the need to ask; why the fuck are you here instead of at rehab?