Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - astor

Pages: 1 ... 140 141 [142] 143 144 ... 208
2116
Security / Re: Are you Paralyzed by PGP? Fear no more! Join PGP Club :)
« on: February 03, 2013, 03:51 pm »
@NW Nugz

-----BEGIN PGP MESSAGE-----

hQIMA9+fz6FB1NRiAQ//bKpXl2j3N2IYZqH86vHMYTdS9P8MeFWiW2AI0LnS/YaN
pahzH4C9J/rvwINAXdRILYh67XHzsYNjFRt/chsp/dUlEfpDvYy/iH05F6q/M8Db
VRuKoxD9WG9WgKsxxii2otOBdMukhd8btk9ptsEvI2YiVYCaiLHObO994S96xm6W
sp89aa7fTQtkHyb4vjNvkuxcjmqT03Okex9bdaa19IC+pqwa2t6AE6LIKB80jgio
PEIQweLEQTblfw9Rz57oJQzHw0g1kYoZooPeCM93PryrNyok/prmTAxI/kG4DRdN
9H3m35l8DduHDYF3Uu9JELnzAVZ20+4iTHRmc++Oy8Dp+LxIcH44V3eHBDLF88MW
2Y913K+ugxPFJQZmSz8LfbmFJlwMZbpeSBdEtGyR1anMQxTOGEuocedQoWQGg7DY
plPKABI877Icn6YtjCpQzm4+3Yc+mdX4PWkJU7v4KErZOmGV+ebJNNuT/O+/nRHC
WC2h/htadVVcgbHYUfuLaJDMDdpJTC3TPObb0x9pGnIlSSHHEnrsniQcE5TALXsI
3CT1IoIDQzmgnfVf+QqdNJcoK9VY14anoIND1duSaQLayy3wYScJV+qQwaTA8MIy
/nF4JRyc/jRMRVP64efspJ/uP5H9Gxu8G2EaQc1Jm47amLPR6x7ws7BNksNuQRmF
AgwD/6flA8ySWtcBEACXE0766OBq+OBm6QmxXWy50jdo3LTIYW6oV0xpUazsRl50
lzfX2LCrMe2wwsQl4FpxkosopRsqCRi/aysqqQg6/PiQyhyFae868esrbHY/g8WC
zQ+J+QftFzA+Gbpl8gIJNNt9h11PITgOKpBYYhWX6j0x1CHBCi7KN8knvaII8UT9
qhnT/lPFgAYgsW4f5uhl5IWEV2LeLGtrRTo5C9D9Y8oYGvuhXtoAnHGTf5IQHRWX
oK12hAmFhnqobDunBGY/ad0BIKGHFKvg5WMRYNats+aJQc4ijkySZ7FF2H0PN8kW
PhC6JYL4hjjW49TSm7YDl0Tafpb1mVhVP4BM94XmU5ZVynvuaEed5VTJ3lTGGjK6
UEYXZs3iyvyWGn/Yo4lxZvjZUV8OmXglVBUxbG2c3tRhD+cDq17KRlnEbcuH50Cp
gTLxSkNSHefT63wRmRnHNC0v9ojNBz16CuwEkFj8n+ftHI4rVfD5/bJG6EzrypKX
sQ/87LCYwPskqn2JjlcVOHApICTAeIchMc0sXc07lyZXP9GM/0nRXG5CFNxtljP2
B5EVWIKRZIw+HSP7KHkJd1dNrfJsgZ2LF2yR27J0/XaZwp9x9F3Uq+prK9s9OCjK
58nee4V0apXl4/i3D10K+PBMmuskIHY0O6rbHoGf2yNfclQI2zX1x2wziEYs4dKI
ATk0vBEhJdfypRyYkjLt4pg/x6Qbkm01MQez7niBrG9t1hdGAVqMveuNjsoUWD5L
TJkJUzi5RMr16ta6HUUC0gfrbiKXqgzIUIuJpPCIuI9NwhTenGkt5sjeKe02JDOV
WM+886xyrrfZpweSybU/007Hw81x4YHmaRbkc77IjczfcRI8WqGv3A==
=MpdJ
-----END PGP MESSAGE-----

2117
Security / Re: Are you Paralyzed by PGP? Fear no more! Join PGP Club :)
« on: February 03, 2013, 12:30 am »
@NW Nugz

You encrypted that message with your own public key, so only you can decrypt it. You need to import my public key (link in signature) and use it to encrypt a message for me.

2118
Silk Road discussion / Re: O acounts in 3 window browsers?
« on: February 02, 2013, 11:34 pm »
You can extract the browser bundle in 2 places and run separate TBB instances. On Windows, for one of the Tor instances, you will have to change the SocksPort and ControlPort in onion icon -> Settings -> Advanced or in ./Data/Tor/torrc. On Linux (and possibly on Mac), the SocksPort is selected randomly each time TBB starts, so you don't have to do that.

2119
Security / Re: Are you Paralyzed by PGP? Fear no more! Join PGP Club :)
« on: February 02, 2013, 11:18 pm »
1. pine hasn't logged in since December

2. There are 157 pages of encrypted messages in this thread. It should be obvious that you post the messages right here.

3. It's supposed to be crypto-anarchist, although there's a tiny chance she meant Cyprio-anarchist. As in, an anarchist from Cyprus. :)

2120
Security / Re: Can someone link me too a good guide for acquiring bitcoins?
« on: February 02, 2013, 08:06 pm »
Almost 300 posts on the forum and you don't know? What have you been talking about here? :)

http://howdoyoubuybitcoins.com/

2121
Security / Re: Are you Paralyzed by PGP? Fear no more! Join PGP Club :)
« on: February 02, 2013, 07:15 pm »
Quote from: Bromine on February 02, 2013, 05:22 pm
-eDit- / Update:
I hadn't exported my private key to my USB stick.  Got it now, new PGP key, but I figured it out.

Right, obviously you need the private key that corresponds to the public key that I used to encrypt that message. If you delete your key or use a new PGP program without importing it, you won't be able to decrypt messages encrypted with that public key.

2122
Security / Re: Are you Paralyzed by PGP? Fear no more! Join PGP Club :)
« on: February 02, 2013, 07:11 pm »
@TheCrawlingKingSnake

-----BEGIN PGP MESSAGE-----

hQIMA/+n5QPMklrXAQ//aPSyjUYZxkHcbx0ZiEm7zZY0ddZOPnlub64uOXXG09dY
afwmGcv2CHlgmgJFe1Isf+OasvWsCkx8QdUSS6GvjFjtixrzJWLTcY9HvJ+BMmUh
jLFtTCpkF/JPeKR76ZJ+ks0iG3DViUE3gCCVZEzix7R7XmRdOuEd7eFjuZmzvktg
n7AIRTBMKQ826dA1gNlDvKmjiYdJI/sNdij5sDTlAenz8i+xdl2HfOPtNqQtXRNQ
f3b1/g4zDCQbWRpPXW5Kq0u/7vWHMPyaxmQYSvQFjipPPSVF1Lkn9eIhx6nxLaJa
5XpK4SCFHqEKM2alo+jc7bi9pHl1MpV7nTfCRLhvbuxjJI1Qfna8WWWSpu07+cG8
So4D/nSxbv3Hnj1D/w1W9ZUdkxfETkqxabxemoDoqYIFT5rhsvHi9LI2Cmms/Q6V
Un7/pccCBLHN1dluDPgz+bE8fU5IRa8FMasCkzjou77JJ/ANKq+vHp3TF/xq5Q4r
et7aGoxMEwaVIY3eZj3PmFtox3XxqSmNCHQrrZf22qtd9YhrQ2SB38weu0IM9Dl6
rtk30bIm/g+vwbPtIeIVAEIZnizp/y5bMBLhIMwwsn+BAvRLSyV44CPBRD0PvNl9
ugNPnwFkkrzY3pmpTc5iv777q6ReTDtJT1YnvtuWJ3YPdFLL69L1Y96zgPih6zOF
AgwD0SacF0SWCuQBD/9/SQpUr/TP6TtL0ecNWpiCTmGYOMO8oklwPsO4Drt3mMRX
37XnB0VFwP3PFFlwImAZ9r+eDP9glF/q5L+5bvxADx/xWdloOkQGVAWN+Xz1ZLnX
IhoP4BS/5n4jHKAbIuA/q78NB0o0POqGij1MyPXD0ELLNfgoRJP8wcy/Ku69Nysa
xNjRvplwqohVfahkCcp1/aKvAi3qyxAisFa7pnymE9QzTww/nD0QDj0sEFfDCp3O
TSbwdVqdp32O7eWirlChzxj14vBoJ+FXBfhNk/MRAz8iqOLoMLJf4fUfFkg5+AYm
GTKYks5o29aF6hyqxNQ5QqP4OzMr9poout0Hjg/LHXdkPt4KitLdMEDhfkdN2G0u
dXWZ1krGFP0bVxbn9471+NAkhb2TjZQITHhfyNUv6XnNIe5gdppMWnbLFn5eBy8Q
+/r6rFqcq3bm+ZFnjEVCshhj7IUW+GO/Cj+SFQ3J1i+OyFq5p6UM99CpRqJ0BMXl
ijRqHjMk+E6hjtYdggJ/eyGNDGJzbxO8g8YYe4x3tGwxXKK/xQd409deXfo8YqXq
8PDF7Gq/rKd8ZiWdzCYjhxH3HF6koumWaR61T6Bi0qY7HMHasn/jY/ajy5f636ML
mf368YueOOslKMo3frRqOtmMzQ3X+7AJ/4q+NBF3JSWTQ5eBvVFalq7PSVdcRtK1
AXWDrQdtvONlnZXnRcpss0iRgiUQNRKPfomp4SbG+eR73uIH6Xe+rySni9fRwwXU
YVyEeXCT+0pP+QSPuVxuziNfu8Qp8sfYwQYCNUt0MMyaRjHJBLc3oRGJCsfEcZai
fTZZgDMWw0wxA3INibDtVTXzwRIiSeEdzSG1XmrZ4PulnVjib9YW5niTK6Y84QU1
58ao40lMPqNFwCIEX7ndcPPIqkvf+gTtIxksrzhI6nnSNNZ2cA==
=8LOm
-----END PGP MESSAGE-----

2123
Security / Re: 7 Pass Secure Erase?
« on: February 01, 2013, 06:47 pm »
Quote from: comsec on February 01, 2013, 07:38 am
Encrypt the entire disc with impossible 64 char password you don't ever use again

I wholeheartedly agree. I've been advocating for FDE my whole time on the forum.

However, a lot of people find themselves in the situation that they have done sensitive things on an unencrypted drive and need to securely erase that evidence. I advocate (at least) one random write using an offline tool like DBAN. 2 or 3 writes is ok too, but 7, 15 or 35 writes is overkill, in my opinion and the opinion of experts like NIST and CMRR. Of course, FDE should be mandatory afterwards.

2124
Security / Re: Distributing the public key on this forum defeats it's purpose
« on: February 01, 2013, 06:37 pm »
There was a vendor whose SR and forum accounts got hacked about a month ago. He created a new forum account and several of us said that he had to prove his identity, because the alt account could have been the hacker too. He signed a message and we waited for some of his customers who would already have his key to verify it. I don't know what the resolution of that was, since nobody came forward after several hours and I didn't keep track of the thread.

The problem in that situation was that he wasn't a big time vendor and didn't have enough customers with his key to immediately verify his identity, but you can see that the solution is to distribute your key and trade keys with as many other people as possible. A top vendor would have been verified quickly and easily.

Thousands of people have DPR's key, so it's basically impossible to impersonate him short of stealing his private key.

2125
Security / Re: Are you Paralyzed by PGP? Fear no more! Join PGP Club :)
« on: February 01, 2013, 06:19 pm »
@TheCrawlingKingSnake

Your key doesn't have an encryption subkey, which is a non-standard set up, but at least the key is 2048 bits. Better than some keys I've seen and the bare minimum at this point. A 4096 bit key would be preferred. May I ask what program you used to create it?

Here's a message for you

-----BEGIN PGP MESSAGE-----

hQIMA/+n5QPMklrXAQ//alcywgpsnjoiCcuvCDyGKuXGTvW2GvwITYkBlvEQipSa
ZwqWQG6knTPjY2kQ6I5vKON9rLW4NedSkgKWld4Uf/6B9eg04E2wt96Xb84VmQe5
FGWvsSkxfkuLqE1gKVyvIxJwgx34EgDxL/+8b/hKlhYqq7eDDTwytPQLDEq6cckb
Z1XpEWNwcwQcVP56IvIlis+HDAWgZd1n86GF44+C0bR1pa88y0QPuvs8q/6v1zev
9pCPwXFmyawGjyQfopF6eh6r0/BgH3kiBvvPChRYceqpx6tE9H4VVQVvDMti118P
GfRsrWGlepGt8myPOb4MNfIA4N/5A040vfa/7CbjC9RZstqHfHP1sYyYVLSVZhuh
Ffwwqxl6rlJ0F7YMmrOiEjtRt8LVRDu/CmYu0qjIbu6JA7FIwGFY7EVfJbmjHI2E
kZfbz7WMSfbW/hp8gZC/0Sa4stRipY2TAgoiQfrdKaY98+lGl4/0PFZmz87Db7Sj
MYKskGOU/wBkfacUe5H+FWEbKlsuQUHmy9Tvybs4xXRqMXfPodO63ez+O2OLPyqT
rZEn7VwBf6F3jBdjTSPsJHCe7RpDwc/z/39LiBq90jY1WasMHf5V3ReHA2GJKKD+
0TVPYewkYr/qGGYUtPcH1pS+QwaipJUaQsPLgFSzZrgnEnHT49FmAEFQUlDRdviF
AQwDNWhKrlyJHt0BB/4j71xxx394SarD8KbsZnaMJ1a5AraMSImoQ80g9RCbrPgX
Yr4WQRm5BorKk6W41MFmpObKcTmmOVaH6rkQFhjY+uVR0ccQzH67MC1l+8RM3pbF
b7k5PdElNb4zwyZCR3nFA732R3n4CPK0YuetUS9P7gd/NnANa/xe24Te+8IhUSLI
iRZ56pClLMPRCoq1eG9+A1LsDwZMzxiUPQDJHkTRhQ5F/VAJOTLCPUaAdVQSgqVn
B3CLg134H4UzIhjLI8n+DdFszQcYuCPNfo8KZ3sutBULwWwgWq34sZ/5rt0O1tEU
TEfWb1dJZJpVU3QQXVgHBQktA/9wIj5P488gQ2no0sAEAZUoXzVefvtV0vJ2Qw/D
w9M/6D2boXogU/LhHGh75Cf+VG9RZZ77zxRDEDpnDM13zimgc+Q8mbN1JbiONc1O
0gc4ItPkF92/DpVWUvTIEQI9AIIgANKauwh5mdpT1r57xKxJUWB7tqWbB+mtHVb4
dgi2st6QZv4woSEVo4g8g5tHXkZOhz/vduH/Lc/f87pU4eN30vckFbPE+B8YBNb9
4VUlE3yWQLgjLJXdim2Al4RhTAVCLnYdwe+7KvN3lpU/VMRVkQ==
=tS+y
-----END PGP MESSAGE-----

2126
Security / Re: New Login Screen?
« on: February 01, 2013, 05:50 am »
I tested it with a throw away account. After entering username and pin it says:

Your password has been changed to <password>
Please log in immediately and change it via account->settings

After logging in, everything seems normal. I think it's a new feature to recover lost passwords.

2127
Off topic / Re: Whoever left me the -1 Karma
« on: February 01, 2013, 02:38 am »
LOL, somehow this turned into the new karma thread, so +1 for everyone.

I experienced a negative karma issue a few weeks ago. I got negative karma every 3 days like clockwork, 4 times in a row, and I couldn't tie it to anything I had said on the forum. Some people are just dicks.

2128
Security / Re: Distributing the public key on this forum defeats it's purpose
« on: February 01, 2013, 02:19 am »
That is true, which is why signing your PGP key is useless. An attacker can create his own key, sign it, and replace yours.

The solution to this problem is to distribute your key to as many places (and people) as possible and let everyone know about it. The attacker probably can't pwn every distribution channel, so majority wins.

You can find my key in these places:

http://dkn255hz262ypmii.onion/index.php?topic=174.msg668472#msg668472

http://32yehzkk7jflf6r2.onion/astor.txt

http://25vuwfdig7yt44qo.onion

If one of them is ever different, the outlier is a forgery. There are also plenty of people on the forum that you check with at this point. If an attacker pretends to be me, a few of the many people who have my key will notice. The only time you should trust a new key claimed to be mine is if it is signed with the old key.

2129
Security / Re: Are you Paralyzed by PGP? Fear no more! Join PGP Club :)
« on: February 01, 2013, 01:15 am »
The thread seems to have died. :(

2130
Security / Re: 7 Pass Secure Erase?
« on: January 31, 2013, 10:16 pm »
There are two things about that.

1) NIST and CMRR recommend a random write, not a zero write.

2)

Quote
All the data that Johnson was able to retrieve from un-allocated space came after that overwrite, he said.

They also recommend using an offline program, meaning the host OS isn't running. DBAN is a program that you reboot the computer into, for example. If the host OS is running, then depending on the program, it may not write over the unallocated space (for example, running the command "secure-delete C:" won't write over the unallocated space). The article doesn't mention whether it was an online or offline program, but one interpretation is that he used a program running on the host OS, which only wrote over the allocated partitions/space, leaving the unallocated space untouched, even though he didn't cancel the job.

In fact, he may have done a zero fill of the empty space, which would be the least secure.

Pages: 1 ... 140 141 [142] 143 144 ... 208