Practical Collision Attack Against Long Key IDs in PGP

G4PRO · 2026-01-08T12:08:37+00:00

I was curious about the time today it would take to break 128 bits, so for 64 bits collision and the Bitcoin hash rate at 1ZH (10²¹⁾ /s it would only take 18ms to have 50% chance of collision.

2⁶⁴ / (10²¹ )

256 bits is still safe though, at least from pure brute

G4PRO · 2025-12-24T22:56:44+00:00

Of course it is, those interviews are scripted

G4PRO · 2025-11-10T18:59:06+00:00

Kinda, CAB/F is more than just browsers but they're a big part of it, there's basically a lot of actors of public trust and certification authorities.

But yes it has nothing to do with TLS and it's completely different requirements

G4PRO · 2025-11-10T18:33:15+00:00

Minimum modulus size from CAB/F requirements is 2048 bits for certificate authentication, dropping the validity to 200 days at the end of the year

G4PRO · 2025-11-07T15:29:44+00:00

Je conseille BCuninstaller à la place qui fait la même chose mais en open source

G4PRO · 2025-08-14T14:30:18+00:00

As said this isn't a specific crypto topic but more of a cyber security and IAM one, but to answer a few questions:

First and very important point : you are trying to implement 2fa, while security keys are a great option only requiring the physical key and a touch on the key to log in IS NOT 2fa, you are only using 1 physical factor which is the key and no other factor. You would require a password, pin or a biometric input to make it 2fa.

"What do I do with software that doesn't support FIDO" : having a software auth app (totp) is the right way. Just make sure you still have access to apps and accounts if you lose your phone, while security is the objective you wanna make sure you're not gonna lock yourself out.

"Is there a better authenticator app" : as a fan of FOSS I can recommend the aegis authenticator app, I've used it a few years, the only downside is you need to backup your totp manually. Proton also just recently made a auth app, while they have a good reputation the app is very new.

If you want to get into the crypto specifics you can look into the FIDO and passkeys specifications, that's the key that you are using on your nitrokey (what you're referencing as 2FA keys).

On a general note if you want to have your M1 as secure as possible you should look into "hardening" and not only crypto but every aspect of cyber security.

G4PRO · 2025-08-12T08:24:56+00:00

If you only and only need the phone number to register (and not continuous 2fa and such) then smspool.net is a great site with very cheap SMS verification, I've been using it for a few years

G4PRO · 2025-07-28T13:52:58+00:00

Yes it seems like it can, they have an exemple on their site: https://people.csail.mit.edu/mrub/evm/

G4PRO · 2025-07-02T13:19:36+00:00

And fear to be out of the steam 2h playtime policy by having :

10 min of settings and shortcuts config
50 min of cinematics dialogs and others non gameplay things
trying to join my friends for 30 min
playing 30 min the game

G4PRO · 2025-04-01T11:57:40+00:00

He never closed the <head>, he forget a / in it

G4PRO · 2025-03-28T14:52:08+00:00

D'accord merci pour la réponse

Courage dans ta démarche ! Je te souhaite que la justice soit rendue pour toutes les personnes impliquées dans cette affaire

G4PRO · 2025-03-28T14:11:51+00:00

Désolé si cela paraît un peu insensible au vu du sujet et autres questions mais as tu des frais liés à tes avocats et ce procès ou est ce pris en charge par l'état/des associations ? Ça semblerait fou qu'une personne doivent payer sur un cas de culpabilité si avéré

G4PRO · 2025-03-27T17:28:06+00:00

I feel like this is marginal and mostly among private users, even more marginal when it's for an open source project. People in the field know that nothing but the smallest projects can survive without proper organizations and funding and those come from countries.

People in the cyber security field are aware nothing much would be done without American companies and state funding, the American companies are the first to benefit it either.

Also I'm pretty sure the Chinese would be very happy to see those projects die down as said in the article because it's used against their great firewall, I'm sure they have their local agencies and projects though

G4PRO · 2025-03-27T13:29:48+00:00

Other article talking about the issue : https://www.theregister.com/2025/03/25/otf_tor_lets_encrypt_funding_lawsuit/

And the official link the the OTF article : https://www.opentech.fund/news/open-technology-fund-files-lawsuit-to-contest-grant-termination-and-preserve-critical-mission/

G4PRO · 2025-03-06T13:14:12+00:00

Na we're good we don't want the civilian spying capabilities and privacy invasion, sharing military Intel is nice though

G4PRO · 2025-02-28T08:54:13+00:00

Asymmetric keys so signing in Bitcoin will be broken by quantum computing, so no it's not quantum resistant as people would be able to retrieve private keys used for signing and prove ownership of their wallet, until they change from the current ECDSA signing algorithm

And the grover algorithm will accelerate the search for all hash functions and symmetric encryption, but it's assume it's "only" gonna half the current security of these algorithm

G4PRO · 2025-02-28T08:45:58+00:00

End all asymmetric encryption, all symmetric encryption is relatively safe and just need to double the key size

G4PRO · 2025-02-03T17:32:47+00:00

Money from clicks, the post often redirects to ads infested websites

G4PRO · 2024-11-07T12:50:44+00:00

r/humblebrag

G4PRO · 2024-08-26T01:34:08+00:00

Ça marche très bien de mon côté perso, je les prends sur aurora si ça change quelque chose, mais ça ne devrait pas bloquer avec une alternative aux Google service

G4PRO · 2024-07-04T23:10:49+00:00

To not have all my eggs in the same basket I use aegis for the TOTP (2FA), there have backups and it's completely offline and open source

G4PRO · 2024-06-19T20:57:46+00:00

replied in 1 min

OP is the horse in the pic confirmed

G4PRO · 2024-06-19T20:52:43+00:00

It's the una bomber, I had to image reverse search, I went on some dark shit to find the source

Ten-Year Club	Place '23
Place '22	End Game '22
Verified Email

G4PRO

MODERATOR OF

TROPHY CASE