Silk Road forums
Discussion => Security => Topic started by: flakjacket1 on March 29, 2013, 12:01 pm
-
Just wondering if its possible to decrypt messages i have sent to vendors.
-
Only if you also encrypted those messages with your key.
-
Only if you also encrypted those messages with your key.
...which for complicated security reasons, could expose your IP address (embedded in your key) and so is not a good security practice according to some security experts. Create an encrypted container on your hard drive (using something like Truecrypt) and save the message there in cleartext before you encrypt it to your addressee.
EDIT: The IP exposure I mentioned is an error. My apologies. There is an exposure problem that can occur when self-signing a key, as far as I remember, though it's not clear that even this is a "real" problem instead of paranoia, but this has nothing to do with encrypting with keys. I'm not entirely clear about the technical details, so I suppose I should have reserved my comments. However I think I'm correct in expecting a courteous response when I ask for clarification. I don't mind being corrected; that's how we learn. So relax. I got my wires crossed, there's no call for hand wringing. 8)
-
Only if you also encrypted those messages with your key.
...which for complicated security reasons, could expose your IP address (embedded in your key) and so is not a good security practice according to some security experts.
That's bullshit.
To OP: No, you cannot decrypt it, only the owner of the key can (that'll be the vendor). That's the point of it all.
-
Only if you also encrypted those messages with your key.
...which for complicated security reasons, could expose your IP address (embedded in your key) and so is not a good security practice according to some security experts.
That's bullshit.
Could someone go into a little more detail as to why it is / isn't safe to encrypt the message to yourself as well? thanks.
-
That's bullshit.
Would you care to elaborate, please?
-
...which for complicated security reasons, could expose your IP address (embedded in your key)
Where are these people coming from with this horribly wrong information? Someone in another thread recommended cashing out BTC by direct bank transfer. No offense, but you all have a lot to learn before you start giving advice in Security.
ladyjane, the only security threat is if your private key is compromised, the adversary could read the messages you sent to others. Of course, he could read the messages they sent and encrypted to you, even when you don't encrypt to yourself, and probably reconstruct the other half of the conversation anyway.
I encrypt most messages to myself so I can remind myself of what I wrote, which I forget sometimes.
-
thanks for explaining it up astor :)
-
Would you care to elaborate, please?
You should understand that it is you who are making claims, and therefore not me, but you who needs to elaborate and defend your claims, when being called on your BS.
Could someone go into a little more detail as to why it is / isn't safe to encrypt the message to yourself as well? thanks.
subductionzone doesn't know what he's talking about. (EDIT: please disregard the following, I learnt that I'm wrong. I hate being wrong... The part about subductionzone not knowing what he's talking about it still true tho) You cannot encrypt you message to yourself 'as well' (you can make a copy of your message, encrypt it with your own key, and save it for later if you don't want to lose it). You can only encrypt it using ONE public key (the one on the vendors page usually). It can be decrypted with the corresponding private key (a key on the vendors harddrive/usbstick/whatever, which no-one else has access too. The private key is protected by a password as well). If you encrypt your message with your vendors public key, only your vendor can decrypt it. If you encrypt it with your own public key, only you can decrypt it. Also, your IP is not 'embedded' in your encrypted message. That's, as I mentioned before, bullshit.
ladyjane, the only security threat is if your private key is compromised, the adversary could read the messages you sent to others.
This is not correct. To read the messages you have SENT encrypted to others (using their public key), you need the receivers private key. With your private key, you can only decrypt the messages which have been encrypted with your public key, which will be the messages you receive, not the ones you sent.
-
ladyjane, the only security threat is if your private key is compromised, the adversary could read the messages you sent to others.
This is not correct. To read the messages you have SENT encrypted to others (using their public key), you need the receivers private key. With your private key, you can only decrypt the messages which have been encrypted with your public key, which will be the messages you receive, not the ones you sent.
Yeah, but we're talking about the case where you also encrypt messages sent to others with your own public key. In that case you can decrypt with them your private key.
You cannot encrypt you message to yourself 'as well' (you can make a copy of your message, encrypt it with your own key, and save it for later if you don't want to lose it). You can only encrypt it using ONE public key (the one on the vendors page usually)
And that's completely wrong. You can add yourself as a recipient, in which case the message will also be encrypted with your public key. You can also add as many recipients as you want to encrypt a message, at least with the reference gpg client you can. Some shitty PGP program you're using might not have that functionality.
Seriously, where are these people coming from? Is this an LE disinformation campaign?
-
Did pine not have a trick on the other thread on how to edit some config file and you could decrypt what you had encrypted to add in or take stuff out? I think I remember reading it and saying hmmm handy to know. Am I wrong?
-
ladyjane, the only security threat is if your private key is compromised, the adversary could read the messages you sent to others.
This is not correct. To read the messages you have SENT encrypted to others (using their public key), you need the receivers private key. With your private key, you can only decrypt the messages which have been encrypted with your public key, which will be the messages you receive, not the ones you sent.
Yeah, but we're talking about the case where you also encrypt messages sent to others with your own public key. In that case you can decrypt with them your private key.
You cannot encrypt you message to yourself 'as well' (you can make a copy of your message, encrypt it with your own key, and save it for later if you don't want to lose it). You can only encrypt it using ONE public key (the one on the vendors page usually)
And that's completely wrong. You can add yourself as a recipient, in which case the message will also be encrypted with your public key. You can also add as many recipients as you want to encrypt a message, at least with the reference gpg client you can. Some shitty PGP program you're using might not have that functionality.
Seriously, where are these people coming from? Is this an LE disinformation campaign?
Fuck. Your right, I can in fact encrypt my message with multiple keys. I apologize for my ignorance.
-
And the +1 goes toooooooooooooooooooooooooooooooooooo.........................
drum roll................
astor!! :P
Peace astor!!
:)
-
I too didn't realise the message could be encrypted with multiple keys, seems as though I am out of luck reading my old sent messages.