Silk Road forums
Discussion => Security => Topic started by: summer on February 01, 2013, 01:32 am
-
Isn't distributing the public key on the same channel where you use it defeats it's purpose?
If the forum falls into bad hands, and these hands want to pown a member, they can change the post that contains his/her public key, or change the signature that contains a link to the post that contains the member's key to an other key, and do a MitM?
People who imported the key before the forum got pownt will have the proper key, but still it would be better to put the key to some other place.
-
That is true, which is why signing your PGP key is useless. An attacker can create his own key, sign it, and replace yours.
The solution to this problem is to distribute your key to as many places (and people) as possible and let everyone know about it. The attacker probably can't pwn every distribution channel, so majority wins.
You can find my key in these places:
http://dkn255hz262ypmii.onion/index.php?topic=174.msg668472#msg668472
http://32yehzkk7jflf6r2.onion/astor.txt
http://25vuwfdig7yt44qo.onion
If one of them is ever different, the outlier is a forgery. There are also plenty of people on the forum that you check with at this point. If an attacker pretends to be me, a few of the many people who have my key will notice. The only time you should trust a new key claimed to be mine is if it is signed with the old key.
-
That is true, which is why signing your PGP key is useless. An attacker can create his own key, sign it, and replace yours.
The solution to this problem is to distribute your key to as many places (and people) as possible and let everyone know about it. The attacker probably can't pwn every distribution channel, so majority wins.
You can find my key in these places:
http://dkn255hz262ypmii.onion/index.php?topic=174.msg668472#msg668472
http://32yehzkk7jflf6r2.onion/astor.txt
http://25vuwfdig7yt44qo.onion
If one of them is ever different, the outlier is a forgery. There are also plenty of people on the forum that you check with at this point. If an attacker pretends to be me, a few of the many people who have my key will notice. The only time you should trust a new key claimed to be mine is if it is signed with the old key.
Good info!
-
There was a vendor whose SR and forum accounts got hacked about a month ago. He created a new forum account and several of us said that he had to prove his identity, because the alt account could have been the hacker too. He signed a message and we waited for some of his customers who would already have his key to verify it. I don't know what the resolution of that was, since nobody came forward after several hours and I didn't keep track of the thread.
The problem in that situation was that he wasn't a big time vendor and didn't have enough customers with his key to immediately verify his identity, but you can see that the solution is to distribute your key and trade keys with as many other people as possible. A top vendor would have been verified quickly and easily.
Thousands of people have DPR's key, so it's basically impossible to impersonate him short of stealing his private key.
-
This is interesting.
Thank you for the advice.
-
A valid concern, to be sure. But don't fear it too much. Remember that when you reveal sensitive information on SR, you are encrypting it with the vendors public key, not your own. And the only one who knows his private key is him. So unless it's a sting operation somehow, you should be fine. Then again, maybe I'm the one who is confused and I need to pay better attention. At any rate, stay alert and suspicious.