Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - astor

Pages: 1 ... 33 34 [35] 36 37 ... 208
511
Security / Re: anonymous membership query
« on: August 01, 2013, 07:06 am »
Sorry, I know nothing about this aside from what you wrote on the BitMessage forum. :)

512
Security / Re: 4096bit RSA keys.
« on: August 01, 2013, 07:00 am »
If you killed someone and wrote the confession in a PGP encrypted message, then they'll care about decrypting it in 20 years, otherwise they won't care about petty drug transactions you made 20 years earlier. They'll be busy solving the crimes of the 2030s.

513
Security / Re: 4096bit RSA keys.
« on: August 01, 2013, 05:20 am »
Yeah, when I imported 1020 vendor keys, I added up the different key sizes. At the time there was one vendor with an 8192 bit key, DrCol, but since then I think there has been one other vendor with a key that big, but I don't know his name. I forgot how many 4096 bit keys there were, but the vast majority were 2048 bit, then maybe 50 1024 bit keys, and 10 or so 512 bit keys. You can crack a 512 bit key in no time. Most of those vendors are using BCPG, where it is the default for some retarded reason.

514
http://lmgtfy.com/?q=torchat

515
Security / Re: 4096bit RSA keys.
« on: August 01, 2013, 03:23 am »
There's no reason why most people use 2048 bit keys other than that's the default in a lot of PGP programs. On the other hand, 2048 bit keys should be safe for another 20 years, so it doesn't really matter. 1024 bit keys are considered weak because they will be crackable in a reasonable amount of time (100 days or so) with computer clusters within the next 5 years, so you might want to avoid vendors with 1024 bit or smaller keys, but there's nothing wrong with 2048 bit keys.

516
Philosophy, Economics and Justice / Bitcoin banned in Thailand
« on: August 01, 2013, 03:12 am »
If you think governments can't control Bitcoin, look what happened in Thailand. They can make it a lot harder to work with.



In a statement on its website, Bitcoin Company Limited said it had given a presentation to the Bank of Thailand about how the currency works in a bid to operate in the country.

However, at the end of the meeting, "senior members of the Foreign Exchange Administration and Policy Department advised that due to lack of existing applicable laws, capital controls and the fact that Bitcoin straddles multiple financial facets... Bitcoin activities are illegal in Thailand".

The ruling means it is illegal to buy and sell bitcoins, buy or sell any goods or services in exchange for bitcoins, send any bitcoins to anyone outside of Thailand, or receive bitcoins from anyone outside the country.

Bitcoin said it "has no choice but to suspend operations until such as time that the laws in Thailand are updated to account for the existance [sic] of Bitcoin", adding that "the Bank of Thailand has said they will further consider the issue, but did not give any specific timeline".

Launched in 2009 in the wake of the global financial crisis, bitcoins are "mined" using complex computer source code. The virtual currency started as a relatively niche method of payment, devised by an anonymous programmer, but can now be used for anything from online gambling to pizza delivery.
Related Articles

Earlier this month, the Winklevoss twins - who famously sued Facebook founder Mark Zuckerberg for $140m, filed to float their stash of bitcoins on a conventional stock exchange.

However, in June it was reported that US authorities are examining the use of virtual currencies such as bitcoins amid fears that Americans are using them to evade taxes.
Currency


http://www.telegraph.co.uk/finance/currency/10210022/Bitcoins-banned-in-Thailand.html

517
Security / Re: YOUR HARD DRIVE will put you behind bars.
« on: July 31, 2013, 10:10 pm »
Full disk encryption.

518
Security / Re: What would happen if TOR disconnects?
« on: July 31, 2013, 08:31 pm »
Tor Browser is configured to use localhost port 9150, so if Tor dies, the connection will fail. However, other apps, most notably bittorrent apps, can bypass the proxy settings and connect over clearnet.

519
Security / Re: Tor / Onion privnote alternative - deadletter
« on: July 31, 2013, 08:25 pm »
every time I updated the site, which will be quite frequent

That's why I've always been against web services like this. You don't know which of those updates might include malicious code, and you'd have to audit the code every time, so it ends up being less convenient than a desktop PGP app. The code in my desktop app changes a couple times a year, but it's also released to a much larger group of people who will audit it for me. Millions of people use gpg.

520
GPG is GPG, darknet or clear

It makes a big difference in use cases. We will never attend key signing parties. We don't upload our keys to key servers. The web of trust as envisioned by the PGP developers doesn't work here.

Quote
The gpg developers state that this option makes messages vulnerable to attack.

I don't see how you can continue to recommend  it to new users if you care about their security.

Do whatever you want, I've said my piece.

Because, as I stated, the vast majority of PGP programs don't use it. Blame their developers. The MDC integrity feature is already disabled on their end, my option just turns off the warning, so it doesn't annoy you every time you see it, which would be every time you decrypt a message.

521
You learned PGP from the documentation. I configured my client to work in the real world, specifically the anonymous darknets.

Users should not use 'trust model always' by default, it hides changed keys. Better is for them to locally sign the key.

We don't use a web of trust here, so it's irrelevant. You have no need to re-import a key multiple times, as none of them are signed, and signing them yourself is a useless chore. The whole key signing mechanism can and should be ignored with trust-model always.

Quote
That affects the cli arguments, not the message body. From the man page:

'utf8-strings Assume that command line arguments are given as UTF8 strings.'

That comment was fixed in a newer version that I posted a few months ago.

Quote
The mdc is a security check for message integrity, from the man page:

"disable-mdc Disable the use of the modification detection code. Note that by using this option,  the  encrypted  message becomes vulnerable to a message modification attack."

Any user who has no-mdc-warning in their config file should remove it.

Since most PGP programs don't use it, you will constantly see these warnings, and they will be false positives. They are mostly useless and can be ignored.

522
I don't consider there to be any errors. Some of the comments were wrong, which were fixed in the other version, but I'll copy it over to this thread.

523
Silk Road discussion / Re: Revenge heroin delivery/LE tipoff
« on: July 30, 2013, 09:59 pm »
Cimicon-Rep nails it.

524
Fuck these journalists. Don't let them do LE's job for them. Anything you say to them can be used against you in a court of law.

525
If you encrypt with your own public key, and you have the private key available in your key ring, then it should test all of them and find the right one. Don't know what else to tell you, except make sure the private key is there and you're encrypting with the right public key.

Pages: 1 ... 33 34 [35] 36 37 ... 208