#tlsnotary-chat

waxwing: can you sign a piece of encrypted RSA ciphertext with the same key? Wouldn't it be like decrypting it?

oh, no

ciphertext is first hashed, then signed

so that in itself is ok then?

key role reversal right oakpacific ?

oh sorry i got you now

yeah i can't say for sure, but why not use DSA?

i'm guessing you mean 'does giving a signature endanger the secrecy of the original message'

waxwing: DSA is notorious, isn't it?

but i am purely investigating out of theoretical interest here

there is no harm using two separate keys after all

s/DSA/whatever the currently accepted signature system is/

:)

waxwing: there is none other than RSA tbh

other than RSA?

or DSA?

yes

depends on

what you meant by 'accepted'

asking djb about his opinion on ECDSA/DSA and you would regret you ever got into cryptography

:)

but i don't know what you're investigating anyway. i guess you're right that people always use different keys for the two operations, but it's possible to use the same i guess

seems from looking that it's advised not to, which is hardly surprising: http://security.stackexchange.com/questions/180...

waxwing: tks

btw what does PGP use? to my best knowledge it's both RSA/DSA

el gamal is involved i seem to recall. or, an option anyway.

not sure about the signing though.

is the pliantext encryption done in AES now? or still IDEA?

huh, pretty weird that this guy's vid is nearly at the top of /r/Bitcoin http://www.theguardian.com/commentisfree/video/...

oakpacific: i looked into it a long time ago. got a feeling it's IDEA

https://en.wikipedia.org/wiki/International_Dat... that was indeed a long time ago :)

vitalik's bottom? https://bitcointalk.org/index.php?topic=946424.0

actually "buterin's bottom" works better :)

oakpacific: guess you aw it already https://www.youtube.com/watch?v=K8kua5B5K3I&...

too busy coming up with moon-math cryptos and playing with hypercubes, can't be bothered to look after his investors' money

https://whispersystems.org/blog/simplifying-otr... btw this is genius

made me giving up my handrolled, handbaked crypto :)

isn't that the one you linked to before?

i think i linked to axolotol

rather than this one

or is it this one

it was like, what you linked was a reference to that

never read past the original otr part though

waxwing: wanna know what was my handbaked pastry?

:)

you'd be wasting your time, i don't understand otr yet

don't worry, i assure you will want to slap my face :)

so each time, both A and B, need to create a ephemeral secret g^(ab) mod p, but it's well known that DH doesn't do authentication on its own

so basically the idea was for each two parties in one communication, one party creates a prime modulus p specifically for them, and sign it and pass to the other party, so if both people don't reveal it, they can be sure next time when they receive a g^a mod p, if it's authentic :)

also p has to be passed with something like RSA

so does the RSA pubkey have to be authenticated then?

https://bitbucket.org/miohtama/cryptoassets moo-_- :)

waxwing: the RSA keys have to be established, that's the point

I wonder at this price point, will some of the big miners shift sellings off-exchange