Silk Road forums
Discussion => Security => Topic started by: 328502E on February 11, 2013, 12:12 pm
-
So here at SR security is paramount. We encrypt out address with a sellers public key to ensure that even SR does not have access to our personal information. However, that still isn't completely effective, since SR still intercepts and passes on 100% of our communication with the seller, including initial key swaps.
Now, there are a few ways to protect against Man-in-the-Middle attacks. Some rely on public key servers, some a secret key / password decided on beforehand. Unfortunately, since we first made contact to the seller through SR, none of these are effective. Theoretically, SR could have complete control of all of our communication and access to our personal details.
So I ask you this: what are some possible ways we can protect against this type of attack?
A note to all the normal users reading this: don't worry, SR isn't compromised. The amount of energy required to carry out this kind of attack is likely far too great for a government to want to implement even if they got access to the SR servers. This is just theory talk.
-
Either I m missing something or you are. GPG public keys are listed by the vendors not SR.
Unless SR actively changes a vendor's page and lists another key (which would be noticed eventually) it does't matter where you got the key. It is called public for reason. MiTM attacks happen on unencrypted transmission or encrypted where the attacker has the decryption key, but in our case no one except the vendor has that private key.
You mentioned "initial key swaps" so I think you confused asymmetric with symmetric cryptography.
-
Someone asked a similar question a week or two ago. The threat isn't just that SR would change the key. A vendor's account could be compromised through a phishing attack. In fact, this has actually happened.
The solution to this problem is to distribute your public key as widely as possible and through many independent channels. Make sure all your customers have your key. Some of them will be able to verify your identity.
The vendor who got phished had to prove his identity by posting a signed message to the forum and waiting for a former customer to verify it.
-
Someone asked a similar question a week or two ago. The threat isn't just that SR would change the key. A vendor's account could be compromised through a phishing attack. In fact, this has actually happened.
I think I know which vendor you re talking about astor. But that's irrelevant, a phishing/stealing btc attack as you said, and not a communication interception that OP is concerned about, which is probably referring to LE rather than a a thief.
And the attacker had no reason to change the public key in the page to get addresses because they would be useless to him, so I suppose he didn't. Not that he had to, with so many people not using GPG :D
I agree spreading your key is very important if you re a vendor here, it's an identification tool besides encryption.
-
The solution to this problem is to distribute your public key as widely as possible and through many independent channels. Make sure all your customers have your key. Some of them will be able to verify your identity.
This. By placing the public key in a variety of channels, you make it effectively impossible for a man-in-the-middle attack to succeed.
But if someone's key is only listed in his SR profile and nowhere else, that would be vulnerable to a MITM attack. They could mitigate this by at least posting the same public key (or its fingerprint), in the forums. Even better would be to also have it posted at other (non-SR related) locations.
-
This. By placing the public key in a variety of channels, you make it effectively impossible for a man-in-the-middle attack to succeed.
But if someone's key is only listed in his SR profile and nowhere else, that would be vulnerable to a MITM attack. They could mitigate this by at least posting the same public key (or its fingerprint), in the forums. Even better would be to also have it posted at other (non-SR related) locations.
The problem is that there are no other channels other than SR. When was the last time a vendor sent you his public key along with goodies in the mail? Every single medium prior to giving our address is subject to a man in the middle attack. Even if exchanging keys through another medium were secure (it isn't, since SR controls how that medium is set up), and would be prohibitively time consuming.
What I'm getting at is this: What if SR recognized the posting of public keys, and replaced it with their own public key? They could have a autonomous system do that and be able to sniff in on all our "private" addresses. Is there a system we can implement to get around this, or do we just have to hope it never happens?
-
There are lots of other channels that vendors could use.
http://3suaolltfj2xjksb.onion/hiddenwiki/index.php/Main_Page#Web_Hosting
Freedom Hosting http://xqz3u5drneuzhaeo.onion -- Requires invite, but they are floating around
TorHost http://torhostg5s7pa2sn.onion -- Free if you just want to put up a text file with your key
OnionHosting http://bj6sy3n7tbt3ot2f.onion -- Costs 5 BTC but is your security worth that much?
You can also create a Wordpress.com account over Tor and post your key there, and at some other clearnet blogging service.
Post your key to 2 or 3 of those places before you put it in your profile. Create an account on the forum and introduce yourself, referencing the other places where your key can be found.
-
the solution is right here. You can view these forums without logging in or authenticating. So post your public GPG key. Now come back. Is the key still yours? Yup! So long as the attacker in the middle cannot determine when to MITM from when not to, you can always detect pretty quickly if MITM is happening. At worst they MITM some small percentage of the time, so you don't pick up on it but they still pwn some people. You could make a script that constantly loads the forum post you put your public gpg key in via Tor and see if it ever changes. I have long been a proponent of defeating MITM attacks with anonymity and non-authenticated middles :D.
-
not only that but your script could also see when other peoples keys change as well ;)
-
the solution is right here. You can view these forums without logging in or authenticating. So post your public GPG key. Now come back. Is the key still yours? Yup! So long as the attacker in the middle cannot determine when to MITM from when not to, you can always detect pretty quickly if MITM is happening. At worst they MITM some small percentage of the time, so you don't pick up on it but they still pwn some people. You could make a script that constantly loads the forum post you put your public gpg key in via Tor and see if it ever changes. I have long been a proponent of defeating MITM attacks with anonymity and non-authenticated middles :D.
Just what I was looking for. A great answer...as long as there are some users doing this, everything should be fine. Thanks!