Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - astor

Pages: 1 ... 180 181 [182] 183 184 ... 208
2716
Security / Re: Help with GPG on Linux
« on: December 28, 2012, 12:05 am »
In the file manager, right click on the file and select Properties, then go to the Permissions tab and check "Allow executing file as program".

Alternatively, open a terminal

cd /path/to/folder
chmod +x filename

Edit: BTW, every Linux discro comes with gpg by default. You don't need to download GPG4USB, but I'm sure it's easier to use than command line gpg.

2717
Silk Road discussion / Re: i cant find the URL address to get into SR
« on: December 27, 2012, 11:58 pm »
http://silkroadvb5piz3r.onion/silkroad/home

vb5 piz 3r
vb5 piz 3r
vb5 piz 3r

Memorize it. :)

2718
Security / Re: Storing TrueCrypt Salt on Separate Encrypted Drive
« on: December 27, 2012, 10:57 pm »
You seem to know what you're doing, so let me ask your opinion.

I believe that encrypted volumes (files, partitions, external media) are not as safe as full disk encryption. Information about the contents of those volumes can leak onto the unencrypted drive. In your example, playing FreakyPorn.avi with VLC would put the path of that file in the Recent Media list. At least with VLC you can disable it, but with a lot of programs you can't. So if you open WhistleBlowerEvidence.doc, the path to that will be in Recent Documents in Word. That's just one way data can leak. Browsing the FreakyPornPics folder with a file manager can put thumbnails on the unencrypted drive. That is why I don't believe encrypted volumes are safe, and I prefer FDE.

2719
Silk Road discussion / Re: Don't Waste money on "Speeding up Tor" Piece of Advice for us TOR users.
« on: December 27, 2012, 10:48 pm »
I would be careful about this. The Tor Browser Bundle includes Torbutton, which does a lot of stuff to enhance your security. Click on the onion icon in the TorBrowser toolbar -> Preferences -> Security Settings, and take a look at all that stuff (but don't change any of it).

Does OperaTor do that for the user? I don't know.

2720
Security / Re: How to use Bitcoins
« on: December 27, 2012, 10:36 pm »
How to buy bitcoins depends on what country you live in.

https://en.bitcoin.it/wiki/Buying_Bitcoins_%28the_newbie_version%29

In the US, cash deposit at a bank to BitInstant, which transfers it to your bitcoin address, is the most popular way.

2721
Security / Re: Are you Paralyzed by PGP? Fear no more! Join PGP Club :)
« on: December 27, 2012, 10:33 pm »
@synthex

-----BEGIN PGP MESSAGE-----

hQIMA/Wvqq2zTv0HARAAiUZ/f1ZoAtzYEnYCCcgYl0v57IBaJmy30gJpswMyjxY9
WB/yOBkbHszXqiF9i12tTc6UGeYIcbJ+1oCPO0Mgg0k5cXTiopqw1rIEqqXpKMs0
TuFw8iy17p9EPaDGqXOzo8CHoYIgCAww/vvsrw26h+iwmJK+pSTIewQF0rZXPl9R
siyTeLt71ZaQcPGStrFm6TQEnHNkx7kYr34hETxWT67yrlVok0HQjPAONz8Km6Nn
K8HDELFcf0WWaLj2Kf2JJVrugIptHEMBdMixlI9CBChbv9e5PgrUywM9Bcj0NPq4
VCXnUh5FtFSQeudwhHa4VjCAT28eU1+sZdzmczhgSfx026INAn3Gcal1+OspdfOp
epf+dc/pz9SZAZGiFzrim+kb0KwpehkJ58HM8Whc3XNBfa1IIsjiNi0zpHfpwfaz
N13hAFhiOiQGDaIglF9+ud+SZrH55h70WeeW35K3RUw9ytcXvOf2eLemG87DkQ5m
pAQPQgKkAnbGbqV0fkQJcHdhtOd6RNzRrWpCYiN9YCn96WE7/3r8VmdGiqz3JrlG
N6H76ya2pthfLqzcEhnTgUZCNKNWCxRI3CvlO/81czct70zYSQ9PFeuxPhYfCuvy
cSf6yTKLy04t8V/VrFFD+79RmZccKS8+wQQQkvLP+j9mwr1PNZQNWJkvwbVYgkjS
mQFXENiQhHvM2/u92Ma4SFBUEECLVF8Xd+/mFAWvb+E8tRahEFxMTDoR71vXjV/H
vF2nhHLfqVhtYxeJb6vPzkEgUSG8LmBy/lO88rwW1WdeyG1jKUJYqkute+f358MQ
yiuhEl6jzsATdUEl07ewIQVBTJaboqbJbei4rQCriH9g4kjq8w5ktok1dLn+4RAV
+TDdv5ZVoaQiOA==
=6IEj
-----END PGP MESSAGE-----

2722
Security / Re: Storing TrueCrypt Salt on Separate Encrypted Drive
« on: December 27, 2012, 10:30 pm »
Quote from: truVeel on November 13, 2012, 07:05 pm
EDIT:
I did some more thinking and if I'm going to go through all of the trouble of modifying the header, I should really just go for the master key. If I copy the master key data, store it somewhere else and then overwrite the data on the TC container with random data, the TC container wil be unopenable. Only a full crack of the encryption scheme would do the trick.

That's what I was going to suggest as I was reading the first part of your post. Why not store the encryption key on a USB thumb drive? I believe TC already has a tutorial for that, or you can find them on the internet.


Quote from: truVeel on December 27, 2012, 07:43 pm
I decided to go for the first 131072bytes of the TrueCrypt container (the whole header). I have successfully cut the header off and pasted it back on. There was no loss of data. When the header was cut off, TC could not decrypt the container.

Are you using dd to make a bit for bit copy? And how are you "removing" it, just zeroing it out?


Quote from: truVeel on December 27, 2012, 07:43 pm
Additionally, I tried creating two containers with different passwords and put container1's header on to container2 and vice versa. Container1's password then was accepted by container2. However, since the data in container2 was encrypted with a different key than that which was included in container1's header, the data was not decrypted and TC returned an error stating that a filesystem had to be specified.

This brought up some interesting ideas.

If no filesystem is specified during the creation of a TC container, the empty space will be filled with random data. To a third party, this random data is indistinguishable from encrypted data.

Let's say we have two TC containers, tcc1 and tcc2.
The passwords and master keys are wholly different from each other.
tcc1 contains encrypted data. It's pw is: USEFUL
tcc2 contains only useless, random data. it's pw is: CRAP
When the pw USEFUL is used on tcc1, the data is decrypted, the filesystem is mounted and the data contained can be used as needed.
When the pw CRAP is used on tcc2, TC tries to decrypt the data, but since there is no filesystem or any usable data, an error returns stating that a filesystem must be specified.

Now if we replace tcc1's header with tcc2's header, tcc1 will now be decrypted with the pw CRAP. TrueCrypt will accept this pw and believe that it is correct, however when the data is decrypted, the master key will be incorrect and so the data will appear to be useless, random data. TC will return an error stating that a filesystem must be specified. We know that there actually is good data stored there, but TC doesn't. It bcomes hidden by attaching the wrong header.

If we do the same thing for tcc2, it will be decrypted using the pw USEFUL. Again, TC will accept the pw and believe it to be correct. Since the data appears to be random (and actually is this time) the same error will return stating that a filesytem must be scpecified.

I see this method as another layer of deniability and/or secrecy.
Say I have some old hdd's laying around. I want to overwrite the old data on them. The data is mainly some freaky porn that I used to be in to but now I'm not and I don't want my wife to see it one day and think that I'm still in to that stuff. So I use TrueCrypt to make the whole drive into a TC volume. When it asks for a password to use, I just mash the keyboard a few times because I don't need to rememebr what I enter. I'm just trying to overwrite old data. So I continue with the wizard and when it asks what filesystem I want, I specify 'None'. Again, I do this because I am just using TC to overwrite old data. At the end of the process I have a hdd filled with random data and a TC header on the front. If the correct pw was ever somehow enetered, TC would return an error stating that a filesystem must be specified.

Now let's say I take a hdd and use TC to turn the whole thing into an encrypted volume but this time I actually want to store my SR and BTC info on it. I go through the volume creation process, remember the pw I enter and specify a filesystem. Now I have a useable TC volume where I keep my secret data. If I put a different header on there, then it would be impossible to tell whether this drive has real data or if it's just another old hdd that I have laying around.

There are a few other variations on this, but you get the idea.

That's pretty advanced. :) I assume you'd write a script to automate switching the headers before and after use.

2723
Security / Re: Are you Paralyzed by PGP? Fear no more! Join PGP Club :)
« on: December 27, 2012, 10:18 pm »
Quote from: synthex on December 27, 2012, 10:01 pm
someone wanna message me? im a little confused about this and want it to go smooth for my first buy (-:

@synthex

-----BEGIN PGP MESSAGE-----

hQIMA/Wvqq2zTv0HAQ/+KcwEZ+zfRCz5fxMa+I6lO76Vf1IQRD/BFoycgQtmyObs
FYFUC21UKmv92XqwYpxzGnWB97ToxH1ZwzzUtQG0gyGBe3BQ5xUNF4iqN13XiD52
w+mFi4rC5oSnG9grzZxwYim9Saf/I99gfH3uQ4RfT5D138Z3/rmbAaeIPlSxBYvq
Qj78nt6VI1IK1cPSh67YQpdyLNPtk1ztvIPE75aSXIV7Db7UaQIK28ZLfUF7jEdg
AIUXvO5DAocL+r18B7A/mNYeu5QR4AZLPo4WgOng8lA6cml2yxv9/esYEyIA79F2
KpBBSr8WmOaFeyaawPx4NjIGduLMupnUYs864zr6EA1FhHAup08QD6wXKq5wWNAs
bc/sK6yNGQOOFzE65uS0yuAH4eX7+gnFbGt0ZzIHLrZGMkTj+CB4vXexHsVIAgD1
e5aXb7VNUHkr8uSclrMrQtTbhZiA/uIypbsPlu9HzQknLIW5NPwMoExkvzye94Ow
4ovagi5O3auESSOxWDfG1qmoH7vv0oKWozOwmDFNR3bXTtz8aYuG8/gzUwbIUKKe
jzmYhgMt3yiWeniJt8YAhOdujn2jXLKJyFVhZKg6IlrQ9dt7UEgfGzHxcMyhdggG
FSYAUTg0OjXbaq7EKpB85PA5ubjiZefJGmlZKxhmp3wcS9CxaVacM0Plg9N8rJLS
wDIBJZbdjj/MQSVZnlVmHw9UOA5tP9kNkDf9V3G7e8S5u9c+4G/U/oZqzFecjBs0
YUSQXxg/sJnkuV3vyr78ZjD8KosPwInyQa8wQoEjTX1uyaBoEGyAw9hUgg2BMeDi
ztLcHJxJNkHgRZ1jBXr38lkT+SDKRMbl4QpVNN4Tr7KXRfm1sYRmDlPb2NtPsbpB
wVe2IlJ4w8DOicTfZ/pLFlwCdyYOybp8+BisvYF2s0v3ELiuFyhmdg3K9if09qWV
2D9M2RNdgfPie2sgEfBhaX4OlzKgrQwsa2AJm9C88XubZBwUFd6PlIZmCegPalek
w+XxUg==
=6BeI
-----END PGP MESSAGE-----

2724
Security / Re: Are you Paralyzed by PGP? Fear no more! Join PGP Club :)
« on: December 27, 2012, 10:16 pm »
Quote from: ptc99 on December 27, 2012, 07:02 pm
First off, thanks to all for this thread. I am NewFish here, and a little confused bout pgp. Can someone send me a quick msg and I will respond. Wanted to work it out here b4 I place my first order.
thanks

@ptc99

-----BEGIN PGP MESSAGE-----

hQEMAx353Mztf2EUAQf7BLeddRtsOgOvit24QCqobQiiQWNIiDnoTni4Y0DAxqIK
qxw+7G82FnXHeP8LBryBruBWPm4jjpN+A80EbLX3L6qHxoi7oXPVPN1o8EX75u2o
SpLm8HLLValbWciwUg4UZzYMmjIyOXvTH3JJiA2j4JjuyBbKtOFiU0Fze4jJRtZo
6qzermp9//BYinKx8d29QksD4ElR9HTT/pvXqukGpoDAU4oPbFszSUO0B5Jg3o9U
iJy4OD3BpsMB621MDhB+4gjBD8Fd/oYay+kqUf6QJOqvzIupa7YclYhjDyjkP2ZB
NB9qBsCt3Jtj7s0QOTjf6teZIj+XXBXoOPfMMZkeZNLAMQEXkxoEghiTIbvsQ64H
uE49Mbh5eznTzD37E+tzKX9h2OuHbJW9QZTyuApuWx/se+obXFHBH51kJGufxI7m
oju4/Di8Hcq6fUSOsn0DXMnzfEkH9q8NgPFMh0/+xxypns2RfQAqIaa8GuGS+JGJ
R9nZyhjmvodur2EXMxgXRB9O8OZyDYjq1Rb1lz4D1ybKbC2XE/OqNXf2qnMEXEc3
O8IzIEdu/MaoQ/SStVwLrbx95dEnpMQrJKARh+wwJgULS1cVzxHWwrLeLY/Ejnej
JAM/Lsdf5zHY6Y09skrIAK7wojPp3DziOTTrDH9fZefN77I=
=B9kj
-----END PGP MESSAGE-----

2725
Off topic / Re: Gays on SR
« on: December 27, 2012, 11:10 am »
Sorry I hijacked this thread. Carry on :/

2726
Silk Road discussion / Re: bloody hell the bitcoin spams are back again
« on: December 27, 2012, 10:51 am »
There are lots of effective ways to fix it, policy wise. Admins could rate limit accounts with fewer than 100 posts to one new thread every hour. Admins could create a Newbie section where accounts with fewer than 100 posts (or some amount of time on the forum) could exclusively post. That's how bitcointalk.org does it.

Our problem is that nobody is watching the asylum and nobody cares. It took forever just to get the captchas.

2727
Off topic / Re: MDMA: a drug that no one should go near
« on: December 27, 2012, 10:02 am »
Quote from: BlarghRawr on December 27, 2012, 09:07 am
The jews support atheism?

Wow. That totally supports the "joywind is a schizophrenic"-theory.

Is atheism an issue?

He should read some of my posts on the subject.

http://dkn255hz262ypmii.onion/index.php?topic=95493.msg682916#msg682916

BTW, that was afucking struggle to find. :)

2728
Silk Road discussion / Re: BUSTED THREAD!!! Please contribute
« on: December 27, 2012, 09:00 am »
Quote from: Razorspyne on December 27, 2012, 08:34 am
Someone was jailed in U.K.for 9 months if memory serves, for not revealing their encryption key. There was no "reasonable beyond doubt" and they jailed him on suspicion and not proof. (Glad I don't live U.K..) And as suggested above, corrupt cops (most of them are) will assault a suspect into revealing it. (Which is why everyone hates them so much.)

Most countries don't have protections against self-incrimination. UK is one of them. You can get up to 2 years for refusing to provide a password. The 5th Amendment is an awesomely antiquated tool, in that, unlike ECPA, it provides more protection than modern government and LE would allow. Let's face it, if the US constitution were written from scratch, there would be no 4th and 5th Amendments. But we have it, and the lower courts have gone about 50-50 so far on the issue of whether providing a password is self-incriminating. I believe it will go to the Supreme Court at some point. Hopefully we'll win.

2729
Off topic / Re: MDMA: a drug that no one should go near
« on: December 27, 2012, 08:51 am »
I read through his comment history. Obvious troll is obvious. Don't waste your time feeding it.

2730
Off topic / Re: MDMA: a drug that no one should go near
« on: December 27, 2012, 08:33 am »
It's always the Jews with the conspiracy theorists.

Most of it actually comes from the Netherlands.

BTW, how did you know he was on MDMA?

Pages: 1 ... 180 181 [182] 183 184 ... 208