Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - astor

Pages: 1 ... 127 128 [129] 130 131 ... 208
1921
1 bit of entropy, where do you get that?

If the attacker knows it's only upper or lower case characters, then it's 270 log2 52, or 1539 bits.

If the attacker knows that it's composed of English words, then it's 53 log2 80000, or 836 bits, for 53 words and assuming a standard dictionary of 80,000 words.

I suppose an attacker could use statistics on word patterns in English sentences to lower the overall entropy, since some words are more likely to follow other words, and some words never follow each other, but I imagine it would still be in the hundreds of bits. Maybe in that sense it would be 200-500 bits.



1922
I think he started out with the idea of offering an easy to use web service for PGP, which is well intentioned.

He's interested doing web projects, so that's what he wanted to do, but it's simply not secure.

Now the plan is a browser add-on to encrypt locally, he just hasn't gotten around to admitting that it's easier and safer to store the keys locally too. :)

At that point it's not a web project anymore.

1923
Off topic / Re: Silk Road Dating lol....
« on: March 16, 2013, 05:48 am »
You could go on virtual dates with other members by running Jitsi* over Tor.

Of course, you'll want to hide your face, but you could get creative with it. Pick a theme and wear costumes/masks.



* Or something similar: https://tails.boum.org/todo/VoIP_support/

1924
@astor: I work full-time and have an active social life, I'm honored and flattered that you think I could have solved this problem if I'd put my mind to it in the last 2 days but unfortunately I haven't been able to.

Sorry, I was under the impression that you already had a system worked out.


People, the number or rather strength of insinuations already that I may be secretly trying to steal your data is ridiculous. We are trapped talking about a single point that I already know where the disagreement has come from and it is entirely down to the fact that I made some assumptions I shouldn't have.

Talking about whether I understand asymmetric encryption is not helpful or to be honest very nice, and in a very early post I suggested alternatives to all of the issues you raised in your posts. So can we move on?

You are very sensitive, my friend. You are not going to make it long on this forum. :)


1. Multiple nodes each being separate agents store parts of encrypted keys using a username and passphrase (hashed on each node) so no one server holds a private key neither does any one party
2. Encryption and Decryption are client side (security such as key-logging or even just doing it in public are not in the scope of this app)
3. No messages are saved outside the RAM of the machine you are working on (and we can't control other software on a given machine)

Have you heard of the Freedombox Project?

https://www.freedomboxfoundation.org

There was discussion in that community of backing up private keys through a distributed p2p network, which sounds similar to your system. The idea was to distribute pieces of a private key to friends in one's network (perhaps through Diaspora). If the friends don't all know each other, or know who else has parts of the key, then they can't reconstruct it, but your client can.

I don't know if they got around to implementing it.

The main difference from your idea is that you control all the servers while theirs is a decentralized p2p system.

1925
OP has made several posts since the one where he said he would explain his system to us.

I think he could have already done it if he had focused on that.

1926
Off topic / Re: Who else likes child pornography?
« on: March 16, 2013, 02:11 am »
There IS an ugly side to at least some types of child pornography, very ugly, you obviously didn't see those sites or you'd want to choke the fuck out of these people, chainsaw their fucking arms off and cut off their fucking limp [edit.], assuming you were decent. There's abuse present in child pornography, at least some types, like you wouldn't believe. And I don't want a whole heap of stats on this. This isn't a freedom of choice issue. Tell that to the mothers of 5 year old girls who have been brutalised beyond belief and murdered, jesus, it isn't child pornography in some instances its snuff. My point is some things have a spin-off effect. TBO, the only way to treat these fuckers is how they have treated these children.


I don't think anyone is arguing that the people perpetrating the abuse shouldn't be punished. The question is whether viewing images of the crime should be illegal, and if so, what about images of other crimes?

You can go on any number of shock and gore sites right now and view pics and videos of kids getting run over by cars, shot, shit like that.

Should that be illegal? I'm sure there are sick fucks in this world who jerk of that shit, and while I personally find it disgusting, I don't think I would want to get into the game of banning "everything that disgusts me".

Now you have to be internally consistent about it. Either cp should be legal or depictions of these kinds of harm done to (clothed) children should be illegal.

Or if the current laws are sufficient, why? What is the difference?

1927
Off topic / Re: Who else likes child pornography?
« on: March 16, 2013, 01:29 am »
Isn't it ironic that pictures of children being sexually abused are illegal, while pictures of children being tortured or killed, or pics of dead kids, are legal (as long as they are fully clothed)?

Pictures of rape and sexual abuse of adults are also legal.

How do you square that?

1928
Silk Road discussion / Re: PM "business"... scam?
« on: March 15, 2013, 11:38 pm »
Parasites.

1929
Security / Re: Missing Bitcoin
« on: March 15, 2013, 09:13 pm »
What service were you using? SR? blockchain.info? The Bitcoin-QT client?

Someone could have phished your password, or guessed it if the password was weak.

If it's the desktop client, you probably have malware on your computer.

1930
Security / Re: Incognito Mode for the SR Forum ???
« on: March 15, 2013, 07:27 pm »
You can install Adblock Plus and Element Hiding Helper.

Then go to the ABP icon -> Select an element to hide

Hover over the title and click it. The pop up should say it is adding this element hiding rule: dkn255hz262ypmii.onion##.forumtitle

1931
It means you should upgrade your browser bundle here:

https://www.torproject.org/download/download-easy.html.en

But there was a slight fuck up in reading the version numbers and if you already upgraded, it's ok.


1932
Security / Re: Bitcoin wallet is synchronizing
« on: March 15, 2013, 07:32 am »
My question is, does it need to go down to zero before my deposit I made show up or will they show up before.

Your deposit will show up when your client downloads the block in which it was lodged, which is a recent one.


It just seems like its going to take 8 hours before it will get to zero which surely is not how long it takes??
Thanks in advance.

There's a difference between the actual state of the block chain and how much of it your client downloaded.

Check a service like blockchain.info. If there's at least one confirmation on coins sent to your address, you can spend the coins, even if your client hasn't downloaded that part of the block chain. (The transaction will show up when you dowload the block)

Think of it as an absurdly slow way of downloading your bank history.

Except actual ACH transactions take much longer. :)

1933
Silk Road discussion / Re: Delayed withdrawals
« on: March 15, 2013, 06:50 am »
Remind me again how zero moderation is a great policy.

1934
Conspiracy: BBB is masterblaster's alt and you all got trolled.

1935
Security / Re: How often does this happen to you?
« on: March 15, 2013, 12:58 am »
If your name is on it, that's harder to deal with, but you can still maintain plausible deniability. Don't take any positive action suggesting you know about the package. Don't call and ask about it. If someone shows up at your door to deliver the package, refuse it and say you didn't order anything. For something small, they are not going to leave it in your mailbox and wait for you to pick it up (for all they know, that could take days).

DBAN is here: http://dban.org/

Keep in mind that it will completely overwrite your hard drive and you need to reinstall an OS.

You may not want to do that, and you don't have to do that, but individual file erasure is unsafe.

http://dkn255hz262ypmii.onion/index.php?topic=99520.msg699299#msg699299

Pages: 1 ... 127 128 [129] 130 131 ... 208