Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - astor

Pages: 1 ... 153 154 [155] 156 157 ... 208
2311
Security / Re: Interesting Bitcoin Situation
« on: January 13, 2013, 02:39 am »
It should have nothing to do with the bitcoin client. The coins are tied to an address in that wallet. You can export the private key for the bitcoin address and add it to a new wallet, or move the wallet to a new client, and the coins will show up wherever the private key for that bitcoin address is.

Can you see the bitcoin address in the receiving addresses part of the bitcoin client?

2312
Security / Re: What VPN services would you recommend?
« on: January 13, 2013, 12:53 am »
Quote from: nmac on January 13, 2013, 12:42 am
tor is great for being anonymous but understandably there are some limitations.  Maybe there's a way to get tor to stick to the same exit node for certain sites?  That might alleviate the problem.   Connecting through tor into a VPN service might work as well as was suggested.

You have a couple of options. You can set this in your torrc

StrictNodes 1
ExitNodes node1,node2,node3   <- where these are exit node fingerprints, nicknames or country codes

Or you can you use the .exit extension.  First set this in your torrc

AllowDotExit 1

Then you can visit a site with the url   domain.com.nodename.exit. For example, www.google.com.TorLand1.exit


2313
Security / Re: Are you Paralyzed by PGP? Fear no more! Join PGP Club :)
« on: January 13, 2013, 12:42 am »
@Vole

pine hasn't logged in in a long time, but you can grab my key from the link in my signature and send me an encrypted message.

2314
Security / Re: Why can't PGP be cracked?
« on: January 12, 2013, 10:47 pm »
Quote from: SorryMario on January 12, 2013, 08:32 pm
The only bad part about using a command line it means the plaintext message has to be saved on a file somewhere.

No it doesn't. Type gpg -e and hit enter. It will prompt you for a recipient. Hit enter twice after the last recipient and you get a blinking cursor where you can type your message. Hit ctrl+d and it encrypts it in the terminal. Nothing is saved to disk. I would go mad if I had to save every message in PGP Club to a file. :)

2315
Security / Re: I believe that mailing addresses have been stolen from SR's database. Here's why
« on: January 12, 2013, 09:18 am »
Quote from: Decoherent on January 12, 2013, 08:26 am
I done got on SR and ordered a bunch of drugs what made my brain not all dumb like, that's why.

LOL.

You smoked a breakthrough dose of DMT. As your eyes adjusted to the kaleidoscopic fractals, Phil Zimmerman's face appeared, and he said,

Let me tell you about the 6 bits of reality...

1 Bit: You ask me for a PGP key, and I give you a raccoon.

2 Bits: You ask me for a PGP key, but it turns out I don't really exist. Where I was originally standing, a QR code rests on the ground.

3 Bits: You awake as a PGP key. You start screaming only to have entropy fly from your lips. The world is in sepia.

4 Bits: Why are we speaking German? A mime cries softly as he cradles a prime. Your grandfather stares at you as the prime falls apart into the Fibonacci sequence.  You look down only to see me with exponents for eyes, I am singing the song that gives birth to the universe.

5 Bits: You ask for a PGP key, I give you a PGP key. You raise it to your lips and take a bite. Your eye twitches involuntarily. Across the street a father of three falls down the stairs. You swallow and look down at the PGP key in your hands. There are children at the top of the stairs. A zero shifts uneasily under the one. The children are crying now.  I give you a PGP key.  You are on your knees. You plead with me to go across the street. I hear only children's laughter. I give you a PGP key. You are screaming as you fall down the stairs. I am your child. You cannot see anything. You factor the PGP key. The concrete rushes up to meet you.  You awake with a start in your own bed. Your eye twitches involuntarily. I give you a PGP key. As you kill me, I do not make a sound. I give you a PGP key.

6 Bits: You ask me for a PGP key. My attempt to reciprocate is cut brutally short as my body experiences a sudden lack of electrons. Across a variety of hidden dimensions you are dismayed. John Lennon hands me an apple, but it slips through my fingers. I am reborn as an ocelot. You disapprove. A crack echoes through the universe in defiance of conventional physics as cosmological background noise shifts from randomness to a perfect A Flat. Children everywhere stop what they are doing and hum along in perfect pitch with the background radiation. Birds fall from the sky as the sun engulfs the earth. You hesitate momentarily before allowing yourself to assume the locus of all knowledge. Entropy crumbles as you peruse the information contained within the universe. A small library in Phoenix ceases to exist. You stumble under the weight of everythingness, Your mouth opens up to cry out, and collapses around your body before blinking you out of the spatial plane. You exist only within the fourth dimension. The fountainhead of all knowledge rolls along the ground and collides with a small dog. My head tastes sideways as spacetime is reestablished, you blink back into the corporeal world disoriented, only for me to hand you a PGP key as my body collapses under the strain of reconstitution. The universe has reasserted itself. A particular small dog eats primes for the rest of its natural life. You die in a freak accident moments later, and your soul works at the returns desk for the Phoenix library. You disapprove. Your disapproval sends ripples through the inter-dimensional void between life and death. A small child begins to cry as he walks toward the stairway where his father stands. You look at the child and realize that he is you, and you are me.

In an instant the universe makes sense. You open the note in your hand it says,

Please, encrypt your address.



2316
Security / Re: Why can't PGP be cracked?
« on: January 12, 2013, 08:14 am »
Quote from: 00OOIlI00lO1O0 on January 12, 2013, 08:02 am
There *are* some negative aspects of PGP, however unlikely.

If your system and the vendor's gets compromised, it may worsen the case against you that you were the one that made the order.

Obviously, if your computer is compromised, you're fucked. However, if the vendor is compromised...

If messages to the vendor are not also encrypted to yourself, there's no proof you encrypted the message.

If they are encrypted to yourself...

gpg --throw-keyid

That will remove the key id from the message. All the attacker will see is:

gpg: encrypted with RSA key, ID 00000000


2317
Security / Re: I believe that mailing addresses have been stolen from SR's database. Here's why
« on: January 12, 2013, 08:07 am »
There's a weird disconnect here. Honestly, you write too intelligently to be someone who didn't encrypt their address.

2318
Security / Re: Why can't PGP be cracked?
« on: January 12, 2013, 06:44 am »
Not wanting to link identities is understandable. I keep a few separate identities myself. ;)

As for the confusion between keys...

Version: GnuPG v1.4.12 (GNU/Linux)

I don't know how you use PGP on Linux, but there's little room for confusion with command line gpg, especially in interactive mode. If you decrypt or verify, it selects the key for you. If you encrypt, it prompts you for the keys to use. The only source of confusion is during clear signing. For that...

Open ~/.gnupg/gpg.conf and find the line that says default-key. Pick the key you use most often and put the key ID there.

When you want to use the other one, use the --default-key argument.

gpg --default-key <my secret identity key> --clear-sign

2319
Security / Re: Why can't PGP be cracked?
« on: January 12, 2013, 06:27 am »
Come to think of it, I've never seen your key, which begs the question, why do you hide it?

You should at least create a "public" key separate from the one you use to make purchases, which you distribute on the forum. Imagine SR goes down one day. Maybe we can find each other and reconvene somewhere else, but the only way we can prove our identity is through our keys.

2320
Security / Re: Why can't PGP be cracked?
« on: January 12, 2013, 06:09 am »
Quote from: 00OOIlI00lO1O0 on January 12, 2013, 06:00 am
keys created online through igolder.com.

Does anybody remember that old TV commercial "you can learn a lot from a dummy".

I have argued that we should hide our PGP versions to increase our anonymity, but now I'm reconsidering.

You can learn a lot about a vendor from their PGP version. Enough to stay away from them. :)

2321
Security / Re: How risky is purchasing BTC via direct bank transfer?
« on: January 12, 2013, 05:45 am »
Quote from: SelfSovereignty on January 12, 2013, 05:33 am
Those coins can't be linked to a purchase; only the SR database can link your purchase back to you -- those coins hit a bitcoin address and bounced right off to another one (SR tumbler).

2) IF the SR server is compromised, then they already have the bitcoin info and buyer information, now they can link it directly to purchases.

2322
Security / Re: How risky is purchasing BTC via direct bank transfer?
« on: January 12, 2013, 05:42 am »
Quote from: DiddleMyThoughts on January 12, 2013, 05:14 am
How about Bitcoinfog? (http://fogcore5n3ov3tui.onion)

Ive personally used them after making three seperate cash deposits at a bank into three separate accounts generated by Bitcoinfog, which then sends them in randomised, time-separated transactions at random intervals/amounts to whichever account(s) you choose.

Here's the deal with mixing services. Yes, Bitcoin Fog uses independent wallets and addresses with zero taint between them. But they have to keep a separate database of accounting details to link the two. You transfer 10 BTC into your account and expect to get 10 BTC back (minus the fee). That transition between addresses is not stored in the block chain, which is good, but it is stored in some separate database under Bitcoin Fog's control. You're essentially putting your trust in Bitcoin Fog that they aren't LE, they are not working for LE, and they delete those database entries after the transactions are done.  Maybe they do, but we can't be sure.

Blockchain.info also has an anonymization service and they claim to delete the database entries after 6 confirmations. Again, maybe they do, but we can't be sure.

The safest option is to transfer through multiple mixing services. The chances that all of them are operated by LE, or are working for LE, or that they save their logs, are much lower that way.

That's for the uber-paranoid. Keep in mind that no SR buyer has been busted through an analysis of bitcoin transactions, and a lot of people are doing direct transfers. Realistically, this is a minor threat, for now.

2323
Security / Re: How risky is purchasing BTC via direct bank transfer?
« on: January 12, 2013, 05:27 am »
Quote from: Olwyn on January 12, 2013, 05:17 am
Worst case scenario, assuming this were to ever happen, what exactly do they gain? I assume they would be able to trail your coins to your SR wallet. Would they be able to see what you purchased, or would they simply see you transferred coins to SR? I'm under the impression that once coins are at SR, they're juggled around so that it's theoretically impossible to see which coins were used to purchase what. Even if they were to see that you purchased illegal substances, addresses are encrypted via PGP, so they wouldn't be able to pin them to a specific address unless someone messed up by saving the order information somewhere along the way.

Long story short: From what I gather, they would only be able to see that you transferred coins to SR, not what you purchased. Correct me if I'm wrong.

That's correct. However, there are two theoretical attacks.

1) Once they have identified you as a person transferring coins to SR, they could blacklist your address and watch for packages coming to it. Of course, this assumes you used an address linked to your identity. Some people are too smart/cautious to do that, but tons of SR buyers use their home addresses, so it makes the attack worthwhile as a cheap fishing expedition. LE is guaranteed to bust some people.

2) IF the SR server is compromised, then they already have the bitcoin info and buyer information, now they can link it directly to purchases.

2324
Security / Re: Are you Paralyzed by PGP? Fear no more! Join PGP Club :)
« on: January 12, 2013, 05:20 am »
@dogcowchair

-----BEGIN PGP MESSAGE-----

hQIMA/+n5QPMklrXAQ//R6dvZKCsFdHkH2rssL8tBXmG03yFg1bDWAMnSpejuOuZ
3elipER3Io/ijH0E99GcapMFEtY/H0j85pDc9OcXtOnVN1p6Jt4ffZFAzWL83EHB
zkeuZc0Dvi6BawLcF31eH1kzQ/aaeM0sSv7rGXEhEUhabMFdm2kDI573iUcJW1+f
MB+RbDGBc/zYLrmT7E1z7tLdQlKji1WJ++YZRgd0BgDV18RnJDGlztB8xnikLtRv
dw6Hwl82E7v0CqUMa5IrpwOd/DxvafxrQLi0erCMLBRNw96aqXBKbrELbU8IgTW8
WgTn53ajcW81elkLnoWeBygAwBqpxUkNt/YZxMdUvvOxIvqmOdBQSj5dVoxU9rxC
F5XSUPDBVpoR+R2onReAnTUZIOFzsXlRyT8ubDhyDT2kkhB6+yboPXS+yMt3biO8
3UaHK0Zmv5l6M41PhmZujV8Ald0qRF81paukxEiFiCfXKv6h4BvcNtQgCy4AD9HU
QN0Gke9SL7ZctFR8rZplDt82yt0EshyivpZNfPjxcg9acGZ+pcU1rrPmyZuUpGB+
u6JYUqaQizc8WKJOPTD6zbQKulRKHlCJZCq9OHFjq8oqbh4mc7nYTQeyN2eLSDcY
owF6lEUJgZFfZ3vtHPkTfLc1vG2bTosS43BOhpCDVvP2fp3lP/LVnGOXQXVAzD6F
AgwDGsrGs31Y8LgBD/0c4ActKZ3nfXYf315e3B8Y7DfcHYZwIId94Fbf6FAzRTUZ
ysTGMNP1yshVYJJNAtFoDxsqGNp5Tzb4KlnsVzX9gkeykgk2G4++R67dSYjYVOm8
M02+B8AtOcwnhLyDHXFQ0Dshxk1O6lYwzdW0Etxz8o7GOD3Af2PnkHkV5u8ERnRY
KvCODgHMM0PHkhie1B9nRLdoG+FfrGYjFt8Ci9SL3m2yTpAgc2FjoCP5GKD3bRsY
sJ4wZ4gu9x6ChUMjQQjTqT5UdoIlcLaJaT++pOgpn8/kF4RNUYGIrV1hNVUZDAsc
lVnqP0VdhIIn1PKlWZoI+tPhD7f6bfQGvNOr+5RN8Jw9lwFnNkPBSZ1cSEat5Hkw
uiUTonQfl3B1o0/OXcDq/Yussn/TCLCsP0nUzNVMtEXjKzC6X+pG3VuxZ5bjipVR
aLXsLBSlY4B/Vmt+Pa9MLAKTmH8c8YaDPdDhU5s8pL56fe6Kjq78m/toixTGbGfJ
TV/7gUqmicVFt11VDruIxT4Z7lCGT/UF9AREKF/RyXhKvbGMT93I2w9b4Nsx2j52
PeeBV1bFD+qKKkBTTUMl506EqGsaJS6lihqlXUvUDHs5KXdx0r0hoHnpzq5tj1nC
43r0OPhlY8QGr8LHb7pKb2e3tdPcVkC6JEy9W2hFlggOkV7unYGuB5Rn3UdAhtLA
MwF+w2cpkqf330h+0MwwFGMveLHwD1DZGTxOSYxBjWdvO784Xbt7UI2DFzItLrSc
bYqbDQ/NQ0z8eTuzHZy4LXrjDjpsAUh2RgrOsMfWpwujJ9kItBQ+ZVNzgKOle0Yn
WX7TtMWlHi5mnRyfl06NBQWvkmt/15SMZ6FJGLautTPSBEPEqjmFUDcPAZk5aym8
mBvf92oGD8cx7fS5kLoz1JI3rg5bNoAF8ey3G5puyLBTcNr7+gYw8vR04dVFONfb
GJsVebJkZFH17sTUeUbCALxLS+fT7MepAUvJBPkhf1QZikREWdT49BzxSXeiD2cC
ae+2TA==
=c7Mx
-----END PGP MESSAGE-----

And yeah, that was your own key before. :)

2325
Security / Re: Are you Paralyzed by PGP? Fear no more! Join PGP Club :)
« on: January 12, 2013, 05:08 am »
@dogcowchair

gpg: encrypted with RSA key, ID 7D58F0B8
gpg: decryption failed: secret key not available


Whose key did you use to encrypt that? It's not mine, Nightcrawler's, or Pubb's. We post the most here.

Again, grab my key from the link in my signature and encrypt your message with that. :)

Pages: 1 ... 153 154 [155] 156 157 ... 208