Silk Road forums

Discussion => Security => Topic started by: anonypunk on September 16, 2013, 06:53 am

Title: Another PGP question - Problem Solved thanks!
Post by: anonypunk on September 16, 2013, 06:53 am

I have never sent my address unencrypted to a vendor for obvious reasons. I have an order that is being held up by a vendor who cannot understand how to use it properly. He tried to give me his PGP key and I got a PGP message instead. I've explained it as best I can and even sent him Pine's link.

I am wondering how dangerous it actually is to send my address unencrypted (since I don't have his public key) via the message system on SR and also in the address box when I place my order. I have read that they are deleted as soon as the item is marked in transit but how common are man in the middle attacks? This is bugging me b/c like I said I've got an order that's being held up and it's a great deal too! Awesomely nice vendor but I have a hard time trusting people who won't take the steps to be safe. Any help here?

Title: Re: Another PGP question
Post by: GotGas on September 16, 2013, 09:03 am

It really depends on the vendor mate. Remember BlueGiraffe? That's an example of how encryption still doesn't matter as it still ultimately has to be decrypted.

Title: Re: Another PGP question
Post by: Bazille on September 16, 2013, 10:05 am

I don't think MITM attacks are possible with hidden services, unless the Silk Road server got hacked.
Though if a vendor doesn't understand how to use PGP they may have other deficiencies which makes them insecure, because they don't understand the dangers they are facing. So they can get busted more easily.

Title: Re: Another PGP question
Post by: anonypunk on September 16, 2013, 04:23 pm

Yeah I feel the same way Bazille. He said he's using gpg4usb and I have never used that before but was under the impression that it is the same as gpg4win basically. What's the best and most simple tutorial you've seen? Could you link to it or give your own advice? I think that too much info could make it confusing for him.

Title: Re: Another PGP question
Post by: astor on September 16, 2013, 04:40 pm

Here's a simple GPG4USB tutorial: http://dkn255hz262ypmii.onion/index.php?topic=206998.msg1487769#msg1487769

But if this guy is having so many trouble with PGP, you have to wonder how much his other security practices suck.

Title: Re: Another PGP question
Post by: anonypunk on September 16, 2013, 04:57 pm

Hey thanks Astor! I'll send that link to him and hop for the best. If not I just won't place the order.

It pretty much sucks though b/c its a custom listing at a great fucking price. Which also makes me nervous but new vendors are usually pretty cool.