Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - astor

Pages: 1 ... 137 138 [139] 140 141 ... 208
2071
Security / Re: Are you Paralyzed by PGP? Fear no more! Join PGP Club :)
« on: February 07, 2013, 10:38 pm »
pub   4096R/757D09A7 2013-02-07 [expires: 2018-02-06]
uid                  murderface2012 <murderface2012@tormail.org>
sub   4096R/21B1A6D2 2013-02-07 [expires: 2018-02-06]


Much better!


gpg: Signature made Thu 07 Feb 2013 06:56:27 AM GMT using RSA key ID 757D09A7
gpg: Good signature from "murderface2012 <murderface2012@tormail.org>"

Alright!

2072
Security / Re: Shopping cart contains multiple vendors - PGP
« on: February 07, 2013, 03:08 am »
Yeah, here's what it actually looks like with the command line client, which is more verbose than the GUIs. I've removed the other people's key IDs and email addresses in case they don't want that public.

First, I encrypt and decrypt normally:

Code: [Select]
$ gpg -r Nightcrawler -r SelfSovereignty -r astor -e hello.txt

$ gpg -d hello.txt.asc

You need a passphrase to unlock the secret key for
user: "astor <astorx@tormail.org>"
4096-bit RSA key, ID CC925AD7, created 2012-12-19 (main key ID 706EE207)

gpg: encrypted with 4096-bit RSA key, ID <KEYID>, created <DATE>
      "SelfSovereignty <email@example.org>"
gpg: encrypted with 4096-bit RSA key, ID <KEYID>, created <DATE>
      "Nightcrawler <email@example.org>"
gpg: encrypted with 4096-bit RSA key, ID CC925AD7, created 2012-12-19
      "astor <astorx@tormail.org>"

Hi there!

Then I encrypt with throw-keyid and decrypt:

Code: [Select]
$ gpg --throw-keyid -r Nightcrawler -r SelfSovereignty -r astor -e hello.txt

$ gpg -d hello.txt.asc
gpg: anonymous recipient; trying secret key <KEYID> ...
gpg: anonymous recipient; trying secret key <KEYID> ...
gpg: anonymous recipient; trying secret key <KEYID> ...
gpg: anonymous recipient; trying secret key <KEYID> ...
<It says that a bunch of times>

gpg: okay, we are the anonymous recipient.
gpg: encrypted with RSA key, ID 00000000
gpg: encrypted with RSA key, ID 00000000
gpg: encrypted with RSA key, ID 00000000

Hi there!

As you can see, I as the recipient would have no idea that the message was also encrypted to Nightcrawler and SelfSovereignty, even though I have their public keys.

2073
Security / Re: Shopping cart contains multiple vendors - PGP
« on: February 07, 2013, 01:22 am »
Quote from: jollygiant on June 03, 2012, 05:53 pm
1) the recipient of the message can be identified by the encrypted block with the first few bits if those are know or the public key is available

The Windows and Mac ports of GPG usually only include the basic options, but the standard command line GPG for Linux has the --throw-keyid option which enters zeros for the key id. In that case, your PGP client will try every private key that you own until it is able to decrypt the message or fails. Anyone to whom the message is not encrypted won't know who the recipients are, even if they have their public keys.

In that way, you could encrypt the message to multiple recipients and they won't know who the others are, although they would know how many recipients there are.

Edit: I should point out that I'm talking about the GUIs. When you extract GPG4USB, you will get gpg.exe in a subfolder called bin. It is a direct port of the Linux command line client with all of the options, so this will work

   gpg.exe --throw-keyid --armor -r Recipient1 -r Recipient2 -e address.txt

Encrypted and anonymous.

2074
Silk Road discussion / Re: How to completely avoid getting arrested, charged and convicted like Shadh1
« on: February 06, 2013, 11:56 pm »
Quote from: AussieMitch on February 06, 2013, 11:45 pm
Pay other people to receive the packages or pay them to setup mailboxes if you have to

If they get busted, do you honestly think they won't flip?

This is how it will go down. They get busted and tell the cops it's not their stash, they are just receiving it for someone else. The cops say it doesn't matter, they will get charged for it unless they cooperate. They call you up and say the package arrived safely. You go to pick it up / meet them somewhere, and of course it's a sting at that point. You get arrested.

When the shit hits the fan, nobody will be willing to go to jail for you, and nobody will be your patsy.

2075
Silk Road discussion / Re: Raising BTC prices
« on: February 06, 2013, 06:36 pm »
Quote from: TheBusiness on February 06, 2013, 01:13 am
We'll all look back and laugh when we are paying 0.00000002 BTC for a key of cocaine in 2024

And we'll also wonder who called it a "coin" in the first place when the metaphor breaks.

During runaway inflation of fiat currency, when common items start to cost thousands and millions of <insert currency name>, they simply redefine the currency. So a million old X = 1 new X. They could do that with bitcoins too, except in the opposite direction. Currently, bitcoins are divisible to .00000001 (10^-8), which is called a Satoshi, but that's not a hard limit. 1 Satoshi could be redefined as 1 bitcoin and re-partitioned to 10^-8. In that case, someone holding 10 BTC today would hold a billion of the new bitcoins.

2076
Newbie discussion / Re: Newbie PGP Club
« on: February 06, 2013, 02:48 pm »
@elmerjfudd

-----BEGIN PGP MESSAGE-----

hQIMA/+n5QPMklrXAQ/8CmzO9NxI1IW/r5O2h+rcVIf6Sm70+jkLOb6fmI3ctyCs
7kx7qTFZywQOlk+11ZuEhG5FefvCJWJMSDLbYQwMa3UcnxVQ86XqIOW9B2NTv8n/
SmreHWFbjoju+bnHTTCtr3GGpYDFcK8lNf/zYq5JttZTSOxTUzuGxyqH2KmjcG8P
ZXbaAL1HL7EuHWL5x7iw1DRY9ZDYZ6Hy3BFRe/ZfD5WAAZBtuSs7oChwDGwF6u3K
0mWmfHunWtjhcna75YZdY/wHtdM3pgtkwYs7YSOAHlyhQHmhNmNg4v0+oGgY3qj0
fm7KFF2sKXTwSKpuFFlMktS0agAEJTGz+PuLqk4SZ5lwocTtaUNg3yQ/GV3hNLyT
vLX61dnEHIDnI3espLPREkvgDNuJte0IG/x6RmavZOHasLU44KGSldl5+rCLfLtx
16O35QFSkCMNqeSB6IrpGloQDgfxotx36Bp0BmrjUQf370Bv+cEmng9n8gs2gACo
8kckKc2mjancL0FHDFPNeGQ+65+WEOFNSmowT/m6csZJPCt8Ln/K3xl/5Ek5IgH2
9Q4mmPS3vq8Ml5CudV2vcMUjHu+qcdnsL2RWVQZPd+c5S6cogB0d5gxgl5QtUkv5
PMBBVQ/8rZfv1iqDBBGZbwW+NN69TF2AiYB4cw4IvY4O+ML4jUu8cCsTrI9e54+F
AQwDLU6WGT3ONIgBB/4kbZB1uvcPi91I30B0Dp5aDiQTk45Qfe2mtSYhlS2buFQm
HaW9UQpA98EXSECmfvcQYQNIU3387hV2m7L+bHROarc5o4kahmXO+4CJ9+v7e/hy
z9RkTI7/m79chgQ4WUuPF3A3ZhtEm6AZLU0p683bAJbSsV+d+n4OI5vq0Cq8nfN7
FvH24vzXRzHySnFWv70D+QSZThTWRsWokwMBziv1cF9JodEQmnHBtInWI5J7xZq/
hj8SPRvrt7QbhWGsjYT7ci2umfkcoReeDDvpAcC2A5klBr/qzvHBOHB7a1fyEkvw
30LdR4/3yAIQsQa5LabwsjHHijau1/X8MSUlnboc0sCJAYf5zGlDdBYjsSkK1m2y
wH8FT4n7H/8uDAbbCNpe8wLBxJJuKqPyD7XqcVgygCZOClYWJm6Es68mcgAw21Fs
dD1lP7yffSg0saYyLeziXA/9UWJ/qNXrOiFzZYyQx7MP5E5EvVux7QBeXinnwsSl
P/u3pJdb9FffI8rh/OoZPfdrta/uC2gN0VU8RhEnlLS2vHC7dSHJXIR1OF4jSQiF
EGG01wCHEmHLul5ORfufpBHbahe09g4+vqdYANpcrdvEQ+DNzh8OG3BKliNw23Kx
KYrTHErUExcN6rXsLTnYeRY8cwXmnwDbF8DF2nynEWiu0c1GynuBjxt9lUQH+ZaI
oZcfE/woMAQCKg4JPB6JKsUXyNNP9ziAYNlXrFDAjmJd3adSJpgM6CwsUF4TSAqk
tXRO55VPcnZdxuoFk09KQm984uIIp/REON0=
=qFQK
-----END PGP MESSAGE-----

2077
Newbie discussion / Re: Newbie PGP Club
« on: February 06, 2013, 02:28 pm »
@elmerjfudd

-----BEGIN PGP MESSAGE-----

hQIMA/+n5QPMklrXAQ/9EUSnqzJtoKXQuLHrSIXXkEkopVfL8s4vjHZYvVXo4HRA
oRy9uRJIAsEp2zcNHXz0gjIETp4SIFG0nL9gEpoD9D47FC93by/ULE008NZqtJXr
fDAp8c/zYPxd7Un+EFCn0aq+kD530jJf7LDcSt317G3zIUWgtlD6X9u6BZyUoSqZ
77u7a00NX03OVE72REqV156U4krXmfVNSO8dqzgew/4sobfioz6XmDX3FUZimTWQ
s1/PHm8gpDGeIiDtejJOnxa0jb+DDMCLM9zolJEF1yYZACQqXWUZliWeC7viKg5J
T3E46VGqo25lypxRftTilo7dS10yy3fWuPGdMoQtMJHbtku4S0wN8kADamffdxD2
OJHz0YZflD1Z55K4iW9XzUc1fsiUcr9ZS2KpKTDQ7mv6tzWsRQuNc5i3/e65JNWS
lt6TXlRdre/9IAQCCyOrPFF1cRUdZiRbG0im6nyyE5RKgeXdXoWM1RUYGBQRLB0U
GTsQO1g+C0lPPBkodJEbOI+hASILzz4eW8kBBHAKsKKnLQYvlcyGDZEWV3s3KMYh
E3U26ZZPq6IKnH1hKULKKfV3qe/YZP1BtuXmh0+xcw+ZSpBKjZjtdKJz1gA9/2se
UMhXINCHDFz/JupNi+INfiIT+ONc/9U6FIMa4zhh8rVW9wnQdiUX0xQJpnHdDviF
AQwDLU6WGT3ONIgBB/9k8NZa0/Veat/ub4Wwrhk67aqAAfgDrUrSwitGa+EVYaLx
Qpk9ArLBtRs05r9YKHj/mRiEWsrHADNEoPoqJZ+buK8o9T7W26ctCn5S8S7Hznck
8RBQs+EhSLr8IdkGO8t+Kvbu3EHISGNB/WdHrLTGPz3mBmfOusxT4+J2w+7dtKi/
zUK5SixjUyHOHlgv6p5PSrqjyc+TreqajLBy7bfEANP0jlIBEhOkQDsdaDZj7o24
H4A/UHIRjbcmnlBKXCUhA/z3ATY/lTJ+Y9dboGkzKXk+LAb0ZR+DHDULqTF8PKYF
tCMSBilaebzR6ulzRBjnannE1sHS9McTt17E2avg0sARAa4FMXF1oLn+D+UfykjY
sy3tmxKQzIvqLm5XsCSHvP9ma7+2cDhbmw/HnC+qmKKBWGB/395JkKdJs1xSV2jl
GwQgzLQvgQnXnsVf1H6vQafJYwrdA1AdAqlhT7P2sQ0pgEdQfBjNR2zE/2Yrv6ge
E4ajOmqM2my3hUYxTgXZA4SfoYLAtD8DUFIDCfEeQHU7TqMO9TerrDj8FgaSnPjf
097vHi/hbPWiMp8aZQDDEQttdDQQEGr0MrMcXYjAna5ID1I3iiq4yD5P3Xpu8tAn
KzY=
=kEXy
-----END PGP MESSAGE-----

2078
Security / Re: cross circuit timing attacks on exit
« on: February 06, 2013, 02:12 pm »
Quote from: kmfkewm on February 06, 2013, 02:01 pm
It doesn't require your entry guard to be pwnt for an attacker to enumerate your entry guards, although it does require a pwnt entry guard for it to be used to link a client to their destination.

Right, that's the main thing to worry about.

How about this as a mitigation strategy: never close your client with circuits open to sensitive web sites. After you are done browsing sensitive web sites, do some mundane browsing for 15 minutes, then close your client. The attacker may be able to identity you, but you will be uninteresting.


2079
Silk Road discussion / Re: A few small changes
« on: February 06, 2013, 02:05 pm »
Quote from: treebeard on February 06, 2013, 01:30 pm
is it still possible to change / get a new bitcoin address? 

the spot where the link for this used to be is no longer there

That's odd. I still have that link.


Also, obligatory

gpg: Signature made Wed 06 Feb 2013 06:52:05 AM GMT using RSA key ID 67B7FA25
gpg: Good signature from "Silk Road <staff@silkroadmarket.org>"

2080
Silk Road discussion / Re: WTF has happend to blockchain.info??
« on: February 06, 2013, 01:59 pm »
blockchain.info lets you backup your wallet very easily. Now would be a good time to do that.

2081
Security / Re: Are you Paralyzed by PGP? Fear no more! Join PGP Club :)
« on: February 06, 2013, 01:57 pm »
@tetrizkube

-----BEGIN PGP MESSAGE-----

hQIMA/+n5QPMklrXAQ//YFyOA4Sw6sqOErdMH3QLA3JrHX2gcQtr8cZZbKU3BMMU
14eb4jAX2UDMPg1MtwbWlRIUGq698QhL3pC7oe4gBoxK23dK2LkfpkYL61V42UZq
LB4Dpw5yacGfAzOhcbTBD1Dsa4Dl4a6sIPe4+Cdnqf2h7I8d51ZmgowoXidHwLaz
dQKUV0+WcIqIEcToD+ce7AMaEVxasg1GzrXHws60P5MzAJqJGBpmoYjC+dYL/xjy
wL9V21wNdMIQ6wLb0YFVrKS89soKyWxGoIgR2382IQxp+zbcIB7r2mlkkwDRLcRo
2HnK63uAnnU2eEOEG03hC3XovUnYnNvjKgzi9DOq/SKoGvc4WtOZgiQjPqKnYD4U
Vwx1b1QSZj+v5oxchMyuoLHGfnW9HeqkfgNfQBqLCCdTWJpxOwZzusZ1kCpZsoUz
8j3If8/x6rdROenFghwM2Muc58ZCODSYGVQQ5h+7M53cnX65HvLP6BvYW6xetNRB
UGWr9LaJuqtAVF5CWyBASnX8ITqOqB0gf1cczJXwLmzLcGLaqLKVCJ/sWfLjrw9U
IjBYh+P60H0M9cIPOrbdtdEAc2joev3BSf9TXBZUkYc45xs6wMbO90XIZyktS9EF
LeGaYzj30bakJhGpMPJRjhjTm3QZWeksWWkWtcMZ9KeCOzwn2odlqDsISFUfMciF
AQwDe5GGcG5hGBwBCADCPe9atMJr9wgZmy/2oZNYKlTnrF/wM8x8hQfxbYwpAIz5
8zUJ/oRoh63106E7RwK7h74Z3A+vj/rRsIrRHZQYlQmMzs2s7qZPX/85l9OlfWyH
kOneZ4hhR2iIMPZT2e1rOf6JWlWn0f5dhEfyZcYCEjOz5oepvwra8cwrW9WRaqgJ
NFd4e9hjlf8nMCloFnrXqhn5yLKxFFsitIQgbOz80iWaWHeJuJBhqO9kFQHnnzsu
wu5iyetONzT/mH1SL1RQbiUP4774sYSOU9/PRPrj+7jYBCEsLq2/Z6q462Dq3+Ux
QtiCJpk6km2lF19YgRoYrtWGuBShpjvuZctKDHf50sAhAVTOVQy2/2tVil2PColr
M2tQCby93N/suwGdxGZ9uCePB0ZzAJnsjvLc8OJyxnBl2VRv3GevjVYqLFS3nU4Z
fyDBwgeRHekf9MkRkXKJWcBldJGSUSIY8BwyDzpPCF6M1RTULLNrGqmntWquslvO
nEhaFUTJdtfDwiOl8u1v5sz67jMUc9ezCCFVVk/n2t254aKB9Kj7qMq2jSZs1L7I
SeyWpslJnbiIcs5/w0MuGy33Y8qJZPgje61QuD6ooAMlqw4GasvQkK6iPSgJL/tZ
5f1kfMcGfMoJwz9g+vN4Q7XT
=h4hu
-----END PGP MESSAGE-----

2082
Security / Re: cross circuit timing attacks on exit
« on: February 06, 2013, 01:51 pm »
Interesting attack.

Clients send most of their circuits through high bandwidth nodes, which maintain hundreds to thousands of simultaneous connections. So, what is the circuit close frequency on those nodes? If it is at least once per second, then a timing attack probably would not be effective. This also requires that your entry guard is pwned, and you cycle through them very slowly.

2083
Off topic / Re: So is BlarghRawr really gone or what?
« on: February 06, 2013, 04:31 am »
Damn. We had a long and fun PM discussion a month ago about a bunch of stuff. I would not have predicted this, and now he's gone. :(

2084
Security / Re: Are you Paralyzed by PGP? Fear no more! Join PGP Club :)
« on: February 06, 2013, 04:15 am »
@murderface2012

gpg: Signature made Tue 06 Feb 2013 02:48:48 AM GMT using DSA key ID 3FD62A51
gpg: Good signature from "murderface2012 <murderface2012@tormail.org>"

murderface, your message verifies, but your key is too weak, as I wrote on January 8:

http://dkn255hz262ypmii.onion/index.php?topic=30938.msg711442#msg711442

pub   1024D/3FD62A51 2013-01-08
uid                  murderface2012 <murderface2012@tormail.org>
sub    512g/888C3F06 2013-01-08


This key is not safe. 512 bit keys can already be cracked and 1024 bit keys will probably be cracked in the next 5 years. I *strongly* recommend you use a different PGP program, like GPG4USB for Windows (follow the tutorial in my signature) or GPGTools for OS X. Set your key size to 4096 bits and post your new public key.

2085
Silk Road discussion / Re: Ever get bad karma for no reason?
« on: February 05, 2013, 03:26 pm »
I totally agree, or something. Really I'm just bumping the thread above the spam. :)

Pages: 1 ... 137 138 [139] 140 141 ... 208