Silk Road forums

Discussion => Security => Topic started by: malcontent344 on December 26, 2012, 06:30 am

Title: I'm a little worried about my safety
Post by: malcontent344 on December 26, 2012, 06:30 am
So I was trying to get some questions answered by a vendor called "La Fuente" about whether or not I could use a p.o. box with his service. He responded with a simple, "send me your pgp key, thanks." I didn't really think anything of it, so I gave him my personal key, along with my encrypted shipping address. Now looking back on things, the whole thing seems kind of sketchy. Why would he want my pgp key before I even ordered anything from him? Could this be some sort of trap to attempt to incriminate me as soon as I order? I'm worried.
Title: Re: I'm a little worried about my safety
Post by: deleted on December 26, 2012, 06:38 am
exchanging PGP information is common practice, he needs it in order to send you any encrypted messages. maybe he didn't want to communicate in plaintext? whatever it is, your situation has nothing to do with TOR or SR being compromised, you have nothing to worry about.
Title: Re: I'm a little worried about my safety
Post by: malcontent344 on December 26, 2012, 06:40 am
Ok, thank you very much. I get pretty paranoid about this kind of stuff and overthink things. Hopefully everything will work out.
Title: Re: I'm a little worried about my safety
Post by: outoftheblocks on December 26, 2012, 06:43 am
He has had a LOT of sketchy activity around him as of late. He has shipped with Signature Required, and a lot of people have said things about his practices. Also a 93 rating is not promising.
Title: Re: I'm a little worried about my safety
Post by: biteme on December 26, 2012, 06:18 pm
If the vendor simply asked for your PGP Key, no big deal. Another person needs your PGP Key in order to send you an encrypted message. This is how you would be able to have an encrypted conversation.

No why on earth would you have sent the vendor your shipping address before you placed an order and if the vendor didn't ask for it? That seems like a mistake.
Title: Re: I'm a little worried about my safety
Post by: HOUSE on December 26, 2012, 06:36 pm
As others have said, your public PGP key is not a secret, hence the name. It is needed so that people can send you encrypted messages which only you can decrypt, using your secret, private key.

No offense intended here, but you should know these things. Don't be a noob - educate yourself before diving head first into things which can get you in trouble.
Title: Re: I'm a little worried about my safety
Post by: Krazys on December 26, 2012, 08:44 pm
Bunch of things, especially as a new buyer, you can do to be safe. You are already doing more than many people that shop on the road. Using encryption and the forums; check!

Stick with established venders that have a great rating. Find someone that will work with a new person and not require FE. If you can't then  buy a very small amount to start with. Venders with a >99% rating are not going to get a bit review to rob you of 5 bitcoins. Practice safe TOR web use and money transfer methods.
Title: Re: I'm a little worried about my safety
Post by: astor on December 26, 2012, 09:07 pm
Yes, start with small orders. There's a psychological benefit to that too. A lot of new buyers freak out about getting busted on their first few orders. It takes time and successful deliveries to build confidence that the system works, remarkably well actually. Remember, you know you have a package of contraband coming, but the postal employees don't. All they see is an ocean of packages. Small orders are less likely to be detected and less likely to be followed up with controlled deliveries or letters.
Title: Re: I'm a little worried about my safety
Post by: Nightcrawler on December 26, 2012, 10:03 pm
So I was trying to get some questions answered by a vendor called "La Fuente" about whether or not I could use a p.o. box with his service. He responded with a simple, "send me your pgp key, thanks." I didn't really think anything of it, so I gave him my personal key, along with my encrypted shipping address. Now looking back on things, the whole thing seems kind of sketchy. Why would he want my pgp key before I even ordered anything from him? Could this be some sort of trap to attempt to incriminate me as soon as I order? I'm worried.

What I find somewhat troubling in what you have described is the fact that you said you supplied him with your "personal" key, as well as your shipping address.

Supplying a vendor with your shipping address, unless it is in connection with an order, is a mistake.  It might also be helpful to describe what you mean by your "personal key."
I hope it did not have any of your real information on it.  If you are dealing with someone untrusted, my inclination would be to provide them with a throw-away key, generated for just  that purpose.

While vendors are not supposed to retain buyer information, there is no way to ascertain that they comply with this practice. Even if they do delete your address information, do they also prune their PGP keyrings, removing buyers' keys, after the conclusion of the transaction? Bear  in mind that, if a vendor were to be busted, their PGP keyrings would reveal who they have been doing business with.

NC
Title: Re: I'm a little worried about my safety
Post by: La Fuente on January 01, 2013, 08:02 am
So I was trying to get some questions answered by a vendor called "La Fuente" about whether or not I could use a p.o. box with his service. He responded with a simple, "send me your pgp key, thanks." I didn't really think anything of it, so I gave him my personal key, along with my encrypted shipping address. Now looking back on things, the whole thing seems kind of sketchy. Why would he want my pgp key before I even ordered anything from him? Could this be some sort of trap to attempt to incriminate me as soon as I order? I'm worried.

Hi malcontent,

Don't worry man - you're safe with me. I ask everyone for their public key (which is the one you sent me) so we can communicate securely. I also ask because it shows that a customer is cautious and conscientious regarding their security. You can always contact me if you have any concerns.

Saludos,
LF
Title: Re: I'm a little worried about my safety
Post by: La Fuente on January 01, 2013, 08:10 am
He has had a LOT of sketchy activity around him as of late. He has shipped with Signature Required, and a lot of people have said things about his practices. Also a 93 rating is not promising.

Have I? Please elaborate. There doesn't seem to be a lot of substance here.
Title: Re: I'm a little worried about my safety
Post by: Nightcrawler on January 01, 2013, 11:11 am
So I was trying to get some questions answered by a vendor called "La Fuente" about whether or not I could use a p.o. box with his service. He responded with a simple, "send me your pgp key, thanks." I didn't really think anything of it, so I gave him my personal key, along with my encrypted shipping address. Now looking back on things, the whole thing seems kind of sketchy. Why would he want my pgp key before I even ordered anything from him? Could this be some sort of trap to attempt to incriminate me as soon as I order? I'm worried.

Hi malcontent,

Don't worry man - you're safe with me. I ask everyone for their public key (which is the one you sent me) so we can communicate securely. I also ask because it shows that a customer is cautious and conscientious regarding their security. You can always contact me if you have any concerns.

Saludos,
LF

Good on ya. +1

NC
Title: Re: I'm a little worried about my safety
Post by: fuckingACE on January 01, 2013, 05:45 pm
If the vendor simply asked for your PGP Key, no big deal. Another person needs your PGP Key in order to send you an encrypted message. This is how you would be able to have an encrypted conversation.

No why on earth would you have sent the vendor your shipping address before you placed an order and if the vendor didn't ask for it? That seems like a mistake.
Are you Trashbox... Why 2 nicks?
Ace
Title: Re: I'm a little worried about my safety
Post by: ChiEfsMokemLoT on January 01, 2013, 06:29 pm
So I was trying to get some questions answered by a vendor called "La Fuente" about whether or not I could use a p.o. box with his service. He responded with a simple, "send me your pgp key, thanks." I didn't really think anything of it, so I gave him my personal key, along with my encrypted shipping address. Now looking back on things, the whole thing seems kind of sketchy. Why would he want my pgp key before I even ordered anything from him? Could this be some sort of trap to attempt to incriminate me as soon as I order? I'm worried.

What I find somewhat troubling in what you have described is the fact that you said you supplied him with your "personal" key, as well as your shipping address.

Supplying a vendor with your shipping address, unless it is in connection with an order, is a mistake.  It might also be helpful to describe what you mean by your "personal key."
I hope it did not have any of your real information on it.  If you are dealing with someone untrusted, my inclination would be to provide them with a throw-away key, generated for just  that purpose.

While vendors are not supposed to retain buyer information, there is no way to ascertain that they comply with this practice. Even if they do delete your address information, do they also prune their PGP keyrings, removing buyers' keys, after the conclusion of the transaction? Bear  in mind that, if a vendor were to be busted, their PGP keyrings would reveal who they have been doing business with.

NC


this is the problem I see with PGP I mean it's kind of a false protection why don't we use torchat once you shut the window down that data is completely gone forever 100% unretrievable by anybody on this planet.

I mean it's the exact same thing as sending them your PGP key no matter what they have to decrypt it to read the information and then either print that out or write it down to be transferred to package so there is no difference in using torchat except torchat is better you do not have a PGP program on your computer that would raise suspicion in the eyes of the authorities and no leftover data that can be retrieved what so ever as far as they know you just have a regular chat program and if you keep torchat and the Tor bundle on a USB drive then there is absolutely no data on your PC to raise suspicion.
Title: Re: I'm a little worried about my safety
Post by: TrashBox on January 01, 2013, 10:45 pm
If the vendor simply asked for your PGP Key, no big deal. Another person needs your PGP Key in order to send you an encrypted message. This is how you would be able to have an encrypted conversation.

No why on earth would you have sent the vendor your shipping address before you placed an order and if the vendor didn't ask for it? That seems like a mistake.
Are you Trashbox... Why 2 nicks?
Ace

NO!! The pic is a stock pic from this site. It's actually of Jewel (you know the singer from the 90s). 
Title: Re: I'm a little worried about my safety
Post by: skitzo on January 01, 2013, 11:56 pm
Quote
this is the problem I see with PGP I mean it's kind of a false protection why don't we use torchat once you shut the window down that data is completely gone forever 100% unretrievable by anybody on this planet.

I mean it's the exact same thing as sending them your PGP key no matter what they have to decrypt it to read the information and then either print that out or write it down to be transferred to package so there is no difference in using torchat except torchat is better you do not have a PGP program on your computer that would raise suspicion in the eyes of the authorities and no leftover data that can be retrieved what so ever as far as they know you just have a regular chat program and if you keep torchat and the Tor bundle on a USB drive then there is absolutely no data on your PC to raise suspicion.

interesting...any more about this?
Title: Re: I'm a little worried about my safety
Post by: La Fuente on January 02, 2013, 02:45 am


this is the problem I see with PGP I mean it's kind of a false protection why don't we use torchat once you shut the window down that data is completely gone forever 100% unretrievable by anybody on this planet.

I mean it's the exact same thing as sending them your PGP key no matter what they have to decrypt it to read the information and then either print that out or write it down to be transferred to package so there is no difference in using torchat except torchat is better you do not have a PGP program on your computer that would raise suspicion in the eyes of the authorities and no leftover data that can be retrieved what so ever as far as they know you just have a regular chat program and if you keep torchat and the Tor bundle on a USB drive then there is absolutely no data on your PC to raise suspicion.

Hi.

There is big difference between PGP and TorChat. Without question PGP is more secure. This is because you and you alone generate/store a private key to encrypt and decrypt messages. You don't have to transfer your private key over data lines, and you never have to reveal it to another party (unless compelled by force). Your public key, also generated and distributed by you, allows another person to encrypt messages to you but not decrypt them. Simple and elegent - you are in charge of your secret code.

TorChat, on the other hand, generates their own key pairs (I assume, I'm not a programmer) much like hushmail and privnote. You do not retain a private key and thus cannot know with certainty whether it has been or is compromised. More than this, you don't know for certain who developed it, and for what true purpose.. Yes yes, I realize the website states that it was torproject, however these are but words on a page which could be published with little or no effort by anyone.. Without first hand knowlege, and/or sophisticated knowledge of the program, I cannot prove that TorChat is nothing more that a means to gather unencrypted intelligence from persons using the deep web. As you can see, it is TorChat which is the false security. The same goes for PrivNote, and I'm sure everyone is aware that Hushmail handed over emails that were believed to be sent by some other market. It was easy - they had the key pair - the agencies need but ask.

You mentioned using a boot drive (which is a good idea) for Tor, etc.. But I'm not following. So TorChat is just as safe or better than PGP because it wipes all the traces and you can use a bootable drive? Use a bootable linux. There's a bunch of them and linux stuff is free. It also has PGP preinstalled. Don't buy one, ever - I would strongly suggest building your own. I would also suggest a second drive for your encryption tools and conviguered without web access. This precaution is so internal survailence apps - like keyloggers, etc. - can't relay info through an open line.

There's other stuff (removing your hard drive before booting to your virtual system, for instance) but the main point stands. PGP is safe because you generated and retain the private key. But it is only secure if you are secure. Other programs like TorChat...whose to say. Not a risk I'd take if it was a serious matter.

Saludos,

LF 
Title: Re: I'm a little worried about my safety
Post by: ChiEfsMokemLoT on January 02, 2013, 03:10 am
you need to re


this is the problem I see with PGP I mean it's kind of a false protection why don't we use torchat once you shut the window down that data is completely gone forever 100% unretrievable by anybody on this planet.

I mean it's the exact same thing as sending them your PGP key no matter what they have to decrypt it to read the information and then either print that out or write it down to be transferred to package so there is no difference in using torchat except torchat is better you do not have a PGP program on your computer that would raise suspicion in the eyes of the authorities and no leftover data that can be retrieved what so ever as far as they know you just have a regular chat program and if you keep torchat and the Tor bundle on a USB drive then there is absolutely no data on your PC to raise suspicion.

Hi.

There is big difference between PGP and TorChat. Without question PGP is more secure. This is because you and you alone generate/store a private key to encrypt and decrypt messages. You don't have to transfer your private key over data lines, and you never have to reveal it to another party (unless compelled by force). Your public key, also generated and distributed by you, allows another person to encrypt messages to you but not decrypt them. Simple and elegent - you are in charge of your secret code.

TorChat, on the other hand, generates their own key pairs (I assume, I'm not a programmer) much like hushmail and privnote. You do not retain a private key and thus cannot know with certainty whether it has been or is compromised. More than this, you don't know for certain who developed it, and for what true purpose.. Yes yes, I realize the website states that it was torproject, however these are but words on a page which could be published with little or no effort by anyone.. Without first hand knowlege, and/or sophisticated knowledge of the program, I cannot prove that TorChat is nothing more that a means to gather unencrypted intelligence from persons using the deep web. As you can see, it is TorChat which is the false security. The same goes for PrivNote, and I'm sure everyone is aware that Hushmail handed over emails that were believed to be sent by some other market. It was easy - they had the key pair - the agencies need but ask.

You mentioned using a boot drive (which is a good idea) for Tor, etc.. But I'm not following. So TorChat is just as safe or better than PGP because it wipes all the traces and you can use a bootable drive? Use a bootable linux. There's a bunch of them and linux stuff is free. It also has PGP preinstalled. Don't buy one, ever - I would strongly suggest building your own. I would also suggest a second drive for your encryption tools and conviguered without web access. This precaution is so internal survailence apps - like keyloggers, etc. - can't relay info through an open line.

There's other stuff (removing your hard drive before booting to your virtual system, for instance) but the main point stands. PGP is safe because you generated and retain the private key. But it is only secure if you are secure. Other programs like TorChat...whose to say. Not a risk I'd take if it was a serious matter.

Saludos,

LF 

you need to read more about tor chat first this it has been around for 4 years been tested by anyone who is anyone in that field pasted with flying colors with torchat you CAN NOT BE FORCED TO RELEASE YOUR KEY FOR THERE IS NO KEY
Title: Re: I'm a little worried about my safety
Post by: kmfkewm on January 02, 2013, 04:12 am
Everyone who uses Torchat runs as a hidden service. Essentially it is like Alice is a hidden service and Bob is a hidden service. When Alice communicates with Bob she sends her messages to his .onion address, and when Bob sends messages to Alice he sends them to her .onion address. This sort of hides the encryption being used from the user, because unlike GPG where you need to manage your keys and ciphertexts and such, you are just piggy backing on the encryption already provided by Tor. Torchat is sort of neat in that by having everyone run as a hidden service, there is no fixed middle point server that your communications go through (as compared to IRC for example).

I have two primary issues with Torchat. The first issue I have with it is that I saw one of the Tor developers comment that the code is buggy. I have not audited the code myself so have no comment, but I am inclined to believe them. Torchat is not part of the Tor project. My biggest issue with Torchat is that everyone runs as a hidden service. Hidden services do not have as strong of anonymity as normal clients do. Everyone running as a hidden service is a Bad Idea, and this design choice is enough to make me suggest strongly against using Torchat.

Additionally, it is not technically correct to say that Torchat has no key. It is just that the keys are managed by Tor, since Torchat provides encryption by piggy backing on Tor as I already mentioned. The real difference you guys are talking about is not so much between GPG and Torchat but rather between the general way that RSA is used and the general way that ECDH is used.

The use model for RSA is generally that Alice and Bob each have a long term public/private keypair. When Alice wants to send Bob an encrypted message, she encrypts her plaintext with a symmetric algorithm, something like AES-256. The randomly generated key used to symmetrically encrypt the message to Bob is then asymmetrically encrypted with Bobs public key. Upon receiving the ciphertext, Bob enters his password to decrypt his symmetrically encrypted private key. He then uses his private key to decrypt the encrypted session key, and then uses the decrypted session key to decrypt the symmetrically encrypted ciphertext back into the plaintext. 

(EC)DH is generally used a bit differently. It is a secret sharing algorithm. Imagine Alice and Bob both have long term ECDSA keypairs. These are used for signing messages. Alice and Bob exchange public ECDSA keypairs so they can verify plaintexts from each other in the future. When Alice wants to send Bob an encrypted message, she generates an ephemeral ECDH keypair and sends the public key to Bob. Now Bob generates an ephemeral public keypair and sends his public key to Alice. Alice uses her ephemeral private key and Bobs public key to derive a shared secret, at which point she can securely overwrite her private and even public ephemeral keys. Now she uses her ECDSA private key to sign her plaintext. She then uses the shared secret to symmetrically encrypt the signed plaintext and then she sends it to Bob. Bob uses his ephemeral private key and Alice's ephemeral public key to derive a shared secret as well, and due to the properties of (EC)DH his secret will be the same as Alice's (it is a SHARED secret after all). Now Bob uses this secret to symmetrically decrypt the ciphertext, and then uses Alice's public ECDSA key to verify that Alice actually sent the message. He can then securely erase his public and private ephemeral ECDH key. New ephemeral ECDH keys are generated on a message by message basis. This is a cryptosystem that uses ECDH to achieve forward secrecy, which is a pretty common way of using ECDH, although the same thing can also be done with RSA and ECDH can also be used with long term non-ephemeral keypairs.

So it isn't that there is no key, it is just that the key is deleted as soon as you are done with it. It isn't even really a fundamental difference between RSA and DH , it is just the way the systems that use these ciphers are generally constructed. OTR is one example of a system that uses DH in such a way. Tor is another.
Title: Re: I'm a little worried about my safety
Post by: kmfkewm on January 02, 2013, 04:19 am
The primary thing to note is that with long term keys (the way RSA is generally used, ie: with GPG the way it is usually used) if Alice has her private key compromised, all intercepted ciphertexts ever sent to her that were encrypted with that private keys corresponding public key can be decrypted. The way that (DH / ECDH) is usually used (ie: Tor, OTR), intercepted ciphertexts become impossible to decrypt with traditional (non-quantum) computing power as soon as the private keys are erased, which happens every time a new message is sent.
Title: Re: I'm a little worried about my safety
Post by: Nightcrawler on January 02, 2013, 05:44 am
The primary thing to note is that with long term keys (the way RSA is generally used, ie: with GPG the way it is usually used) if Alice has her private key compromised, all intercepted ciphertexts ever sent to her that were encrypted with that private keys corresponding public key can be decrypted. The way that (DH / ECDH) is usually used (ie: Tor, OTR), intercepted ciphertexts become impossible to decrypt with traditional (non-quantum) computing power as soon as the private keys are erased, which happens every time a new message is sent.

Fair enough, but we're talking apples and oranges here.  In Torchat, two parties must be onllne at the very same time, in order to be able to carry out key negotiation. PGP has no such requirement, being originally designed to deal with email, which by definition is stored and/or forwarded. If one desires maximum anonymity, one can resort to nymservers and anonymous remailers, e.g. Mixmaster.

Forward secrecy would be a great addition to PGP,  although I'm given to understand that it is non-trivial to implement.

In the meantime, one can periodically delete/replace the private halves of one's PGP encryption sub-keys, which will have the same effect, except that there will be a longer period of time and more traffic potentially exposed to key compromise during that period. If the replacement period is relatively short, e.g. 10 days or so, any traffic compromise would be minimal. Naturally, this would work best when two parties are communicating, as they can pass updated keys to each other.

It would still be workable even for a vendor; a vendor could place an updated key on his page, and instruct his client to update the key PRIOR to sending him any messages.
(Whether buyers would possess the necessary discipline to follow these instructions is another matter, however.)

NC


Title: Re: I'm a little worried about my safety
Post by: kmfkewm on January 02, 2013, 06:18 am
I never argued in favor of Torchat I am actually quite against it :P. Currently all end user implementations of DH with forward secrecy that I am aware of require both users to be on at the same time, however this is not an underlying requirement of the system it is merely how it has been implemented so far. The same exact thing can be done with RSA, you just exchange a brand new keypair with every person you communicate with, and you delete it after each message, and with each message you send a new public key for the next message to be encrypted to. It really isn't anything to do with DH or RSA, it is just the DH cryptosystems I have seen tend to go towards this approach and the RSA implementations I have seen tend to go towards long term keys. Of course an end user actually juggling so many keys is pretty much impossible, systems like this need to be built right into the software like with OTR. Right now there is a system being developed that is similar to Mixminion but more secure from long term intersection attacks, fully internal without any reliance on E-mail addresses, with encryption like OTR built into it and supporting group communications. It will be pretty interesting I think.
Title: Re: I'm a little worried about my safety
Post by: ChiEfsMokemLoT on January 02, 2013, 06:37 am
I never argued in favor of Torchat I am actually quite against it :P. Currently all end user implementations of DH with forward secrecy that I am aware of require both users to be on at the same time, however this is not an underlying requirement of the system it is merely how it has been implemented so far. The same exact thing can be done with RSA, you just exchange a brand new keypair with every person you communicate with, and you delete it after each message, and with each message you send a new public key for the next message to be encrypted to. It really isn't anything to do with DH or RSA, it is just the DH cryptosystems I have seen tend to go towards this approach and the RSA implementations I have seen tend to go towards long term keys. Of course an end user actually juggling so many keys is pretty much impossible, systems like this need to be built right into the software like with OTR. Right now there is a system being developed that is similar to Mixminion but more secure from long term intersection attacks, fully internal without any reliance on E-mail addresses, with encryption like OTR built into it and supporting group communications. It will be pretty interesting I think.

everything you have said makes sense and clearly you know a lot more about it then me.

But if every time you place an order could you use a different tor chat id just make a new account every time would this not stop any attack unless customer or seller is already under investigation At that point PGP would not matter. And i would think not having it would.

The cops now what PGP is and what it is used for on SR my point is not to give them any reason to suspect a connection between me and SR
hence torchat and Tor bundle on a encrypted usb thumb drive read only so no hacking.

would this work????
Title: Re: I'm a little worried about my safety
Post by: Nightcrawler on January 02, 2013, 07:30 am
I never argued in favor of Torchat I am actually quite against it :P.

I never said you were in favour of it; you actually stated earlier that you weren't in favour of it -- a position I wholeheartedly agree with.

Currently all end user implementations of DH with forward secrecy that I am aware of require both users to be on at the same time, however this is not an underlying requirement of the system it is merely how it has been implemented so far. 

Ok, I wasn't aware of that.

The same exact thing can be done with RSA, you just exchange a brand new keypair with every person you communicate with, and you delete it after each message, and with each message you send a new public key for the next message to be encrypted to. It really isn't anything to do with DH or RSA, it is just the DH cryptosystems I have seen tend to go towards this approach and the RSA implementations I have seen tend to go towards long term keys. Of course an end user actually juggling so many keys is pretty much impossible, systems like this need to be built right into the software like with OTR. Right now there is a system being developed that is similar to Mixminion but more secure from long term intersection attacks, fully internal without any reliance on E-mail addresses, with encryption like OTR built into it and supporting group communications. It will be pretty interesting I think.

Generating new public keys for each message seems like overkill to me. You would almost be better off using a random physical process (e.g. dice with diceware) to generate strings that could be used with conventional encryption.  You could still use public keys for signing, to assure that the messages were not tampered-with in transit. That way you wouldn't have to clutter-up your keyrings with a ton of one-time public keys, or spend time pruning said keys from your keyring.

NC
Title: Re: I'm a little worried about my safety
Post by: kmfkewm on January 02, 2013, 09:11 am
Generating random session keys for each message isn't the problem, the problem is how to transfer them between Alice and Bob without an attacker in the middle being able to determine them, and without an attacker in the middle being able to stockpile ciphertexts that they can later demand the key for. Managing it yourself with something like GPG is pretty much out of the question due to the fact that it wasn't really designed for that sort of communication, you would need some specialized software program. GPG allows for secure transfer of session keys, but essentially everyone uses it with long term keys because it doesn't aid end users in using ephemeral keys. Right now the only software programs I know of that allow for ephemeral keys / forward secrecy use DH or ECDH and they are Torchat and OTR. I like OTR, I dislike Torchat primarily due to the fact that it makes you run as a hidden service. That said nothing prevents someone from making a OpenPGP compliant program that makes this sort of system easy to manage, although it would be easiest if it doesn't require the user to actually handle keys themselves at all (like OTR, where you never have to type in a password, load someone elses public key or look at your own public key, because the software does all of it for you. Another example of software like this is Tor, and Torchat due to the fact that it piggybacks on Tor for encryption).

See with GPG Alice and Bob exchange public keys and use them in the process of encrypting messages for each other. The public and private keys stay the same for long periods of time and large volumes of messages. Since the same private key is used to decrypt the session keys on dozens or even hundreds of messages, the compromise of one long term private key can be used to decrypt all of the ciphertexts that were encrypted to it. With OTR, a new ephemeral public key is generated for each message and after Alice sends the message (and for Bob after he decrypts it) the ephemeral keys are securely overwritten. This means that an attacker who stockpiles a thousand ciphertexts will never be able to get the keys to decrypt them because the keys are destroyed immediately after they are used. Furthermore, unless Alice or Bob are malicious and running malicious clients, even they will never see the ephemeral public keys used or know the session keys, because OTR handles all of that for you.
Title: Re: I'm a little worried about my safety
Post by: Nightcrawler on January 03, 2013, 08:24 am
Generating random session keys for each message isn't the problem, the problem is how to transfer them between Alice and Bob without an attacker in the middle being able to determine them, and without an attacker in the middle being able to stockpile ciphertexts that they can later demand the key for. Managing it yourself with something like GPG is pretty much out of the question due to the fact that it wasn't really designed for that sort of communication, you would need some specialized software program.

No argument with you here. The problem is that the specialized software of which you speak hasn't been developed yet (at least to my knowledge.)

GPG allows for secure transfer of session keys, but essentially everyone uses it with long term keys because it doesn't aid end users in using ephemeral keys. Right now the only software programs I know of that allow for ephemeral keys / forward secrecy use DH or ECDH and they are Torchat and OTR. I like OTR, I dislike Torchat primarily due to the fact that it makes you run as a hidden service. That said nothing prevents someone from making a OpenPGP compliant program that makes this sort of system easy to manage, although it would be easiest if it doesn't require the user to actually handle keys themselves at all (like OTR, where you never have to type in a password, load someone elses public key or look at your own public key, because the software does all of it for you. Another example of software like this is Tor, and Torchat due to the fact that it piggybacks on Tor for encryption).

What you're describ9ing is the ideal situation; unfortunately, we have to deal with what we have, i.e. PGP/GPG in their current incarnations.

See with GPG Alice and Bob exchange public keys and use them in the process of encrypting messages for each other. The public and private keys stay the same for long periods of time and large volumes of messages. Since the same private key is used to decrypt the session keys on dozens or even hundreds of messages, the compromise of one long term private key can be used to decrypt all of the ciphertexts that were encrypted to it.

I fully understand the problem; the question is what to do about it, given the limitations of the currently-available software. The best solution I can come up with, off the cuff, is for the parties involved to periodically revoke and destroy the encryption sub-keys, and replacing them with new ones.

Each party will have to determine for themselves what a proper key period is. If need be, encryption sub-keys could be changed/destroyed on a weekly (or even daily) basis, dependent on the message volumes involved. Once the private half of the encryption sub-key is destroyed, even the original owner cannot be coerced into decrypting traffic encrypted with it. 

With OTR, a new ephemeral public key is generated for each message and after Alice sends the message (and for Bob after he decrypts it) the ephemeral keys are securely overwritten. This means that an attacker who stockpiles a thousand ciphertexts will never be able to get the keys to decrypt them because the keys are destroyed immediately after they are used. Furthermore, unless Alice or Bob are malicious and running malicious clients, even they will never see the ephemeral public keys used or know the session keys, because OTR handles all of that for you.

Unfortunately, no similar facility is built into widely deployed software like PGP/GPG.

NC
Title: Re: I'm a little worried about my safety
Post by: jonesycat on January 09, 2013, 04:53 am


this is the problem I see with PGP I mean it's kind of a false protection why don't we use torchat once you shut the window down that data is completely gone forever 100% unretrievable by anybody on this planet.

I mean it's the exact same thing as sending them your PGP key no matter what they have to decrypt it to read the information and then either print that out or write it down to be transferred to package so there is no difference in using torchat except torchat is better you do not have a PGP program on your computer that would raise suspicion in the eyes of the authorities and no leftover data that can be retrieved what so ever as far as they know you just have a regular chat program and if you keep torchat and the Tor bundle on a USB drive then there is absolutely no data on your PC to raise suspicion.

Hi.

There is big difference between PGP and TorChat. Without question PGP is more secure. This is because you and you alone generate/store a private key to encrypt and decrypt messages. You don't have to transfer your private key over data lines, and you never have to reveal it to another party (unless compelled by force). Your public key, also generated and distributed by you, allows another person to encrypt messages to you but not decrypt them. Simple and elegent - you are in charge of your secret code.

TorChat, on the other hand, generates their own key pairs (I assume, I'm not a programmer) much like hushmail and privnote. You do not retain a private key and thus cannot know with certainty whether it has been or is compromised. More than this, you don't know for certain who developed it, and for what true purpose.. Yes yes, I realize the website states that it was torproject, however these are but words on a page which could be published with little or no effort by anyone.. Without first hand knowlege, and/or sophisticated knowledge of the program, I cannot prove that TorChat is nothing more that a means to gather unencrypted intelligence from persons using the deep web. As you can see, it is TorChat which is the false security. The same goes for PrivNote, and I'm sure everyone is aware that Hushmail handed over emails that were believed to be sent by some other market. It was easy - they had the key pair - the agencies need but ask.

You mentioned using a boot drive (which is a good idea) for Tor, etc.. But I'm not following. So TorChat is just as safe or better than PGP because it wipes all the traces and you can use a bootable drive? Use a bootable linux. There's a bunch of them and linux stuff is free. It also has PGP preinstalled. Don't buy one, ever - I would strongly suggest building your own. I would also suggest a second drive for your encryption tools and conviguered without web access. This precaution is so internal survailence apps - like keyloggers, etc. - can't relay info through an open line.

There's other stuff (removing your hard drive before booting to your virtual system, for instance) but the main point stands. PGP is safe because you generated and retain the private key. But it is only secure if you are secure. Other programs like TorChat...whose to say. Not a risk I'd take if it was a serious matter.

Saludos,

LF

...says the guy who ships via private courier.