Replying to a 10-year-old tweet is a power move in itself.
this is gold yet I don't know anyone who would get it that I can share it with
I just shared it with a bunch of people while also telling them that I didn't care if they didn't get it and I wasn't going to explain it.
They're used to this.
Edit: 2 of them got it. That's pretty good for me. I've played to smaller crowds.
That's why we come to the internet. Real life people suck.
I have exactly one person and they loved it.
I shared it to the memes group at work, as a developer
That’s why I have a sister studying cyber sec 😎
If you had to explain it, how would you?
I wonder if you string together enough words can it be a valid key?
I would hope so, sentences and words are some of the most secure passwords/phrases you can use
Words are the least secure way to generate a password of a given length because you are limiting your character set to 26, and character N gives you information about the character at position N+1
The most secure way to generate a password is to uniformly pick bytes from the entire character set using a suitable form of entropy
Edit: for the dozens of people still feeling the need to reply to me: RSA keys are fixed length, and you don't need to memorize them. Using a dictionary of words to create your own RSA key is intentionally kneecapping the security of the key.
While this comic is good for people that do the former or have very short passwords, it often misleads from the fact that humans simply shouldn't try to remember more than one really good password (for a password manager) and apply proper supplementary techniques like 2FA. One fully random password of enough length will do better than both of these, and it's not even close. It will take like a week or so of typing it to properly memorize it, but once you do, everything beyond that will all be fully random too, and will be remembered by the password manager.
The part where this falls flat is that using dictionary words is one of the first step in finding unsecured password. Starting with a character by character brute force might land you on a secure password eventually, but going by dictionary and common string is sure to land you on an unsecured password fast.
Yeah, except for the first few bytes. PKCS8 has some initial header information, but most of it is the OCTET_STRING of the private key itself.
The PEM (human "readable") version is Base64, so you can craft up a string and make that your key. DER is that converted to binary again:
/** * @see https://datatracker.ietf.org/doc/html/rfc5208#section-5 * @see https://datatracker.ietf.org/doc/html/rfc2313#section-11 * Unwraps PKCS8 Container for internal key (RSA or EC) * @param {string|Uint8Array} pkcs8 * @param {string} [checkOID] * @return {Uint8Array} DER */ export function privateKeyFromPrivateKeyInformation(pkcs8, checkOID) { const der = derFromPrivateKeyInformation(pkcs8); const [ [privateKeyInfoType, [ [versionType, version], algorithmIdentifierTuple, privateKeyTuple, ]], ] = decodeDER(der); if (privateKeyInfoType !== 'SEQUENCE') throw new Error('Invalid PKCS8'); if (versionType !== 'INTEGER') throw new Error('Invalid PKCS8'); if (version !== 0) throw new Error('Unsupported PKCS8 Version'); const [algorithmIdentifierType, algorithmIdentifierValues] = algorithmIdentifierTuple; if (algorithmIdentifierType !== 'SEQUENCE') throw new Error('Invalid PKCS8'); const [privateKeyType, privateKey] = privateKeyTuple; if (privateKeyType !== 'OCTET_STRING') throw new Error('Invalid PKCS8'); if (checkOID) { for (const [type, value] of algorithmIdentifierValues) { if (type === 'OBJECT_IDENTIFIER' && value === checkOID) { return privateKey; } } return null; // Not an error, just doesn't match } return privateKey; }I wrote a "plain English" library in Javascript to demystify all the magic of Let's Encrypt, ACME, and all those certificates. (Also to spin up my own certs in NodeJS/Chrome).
Edit: To be specific, PKCS8 is usually a PKCS1 (RSA) key with some wrapping to identify it (the OID). The integers (BigInts) you pick for RSA would have to line up in some way, but I would think it's doable. At worst there is maybe a character or two of garbage at the breakpoints for the RSA integers. And if you account for which ones are absent in the public key, then anybody reading it could get a kick out of reading your public certificate.
It's assymetric crypto. You'd need to find a matching public key. Or it's just some useless characters. I suppose that's impossible, or what we call that... Like take a few billion years to compute. But I'm not an expert on RSA.
It the length not the content for the most part. Some keys have syntax such as leading or trailing characters.
I genuinely LOL'd at this thank you OP.
It's sad that I can't find anyone to share this with.
Burst a kidney please help
While the joke is funny, what is the context? Why did she post the original tweet in the first place?
It's lady gaga.
If you've followed her at all, even indirectly, this is NOT the weirdest thing she's done, and bluntly, the weirder stuff wasn't justified (to the public at least).
I'm not trying to throw shade at Gaga at all. Lady, let your freak flag fly all day long. You don't need my permission to do it, but if you want it, you got it. Weird isn't bad, it's just weird.
IMO, at this point, gaga doesn't need a reason to be weird.
lol
