DPR's New PGP Key

[Dread Pirate Roberts]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


Please all find my new PGP key attached below. Replace the old key and use this with immediate effect.

New Key Fingerprint: 5A48F5D050E9905262B4799DCCB238E47CFEDFBC

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJSsqJ5AAoJEPMoGw8w0+tz1jgP/jeixSrY/mpuXOocF4QBKYkt
wCPrR0BIentVjmjzAikIqR5+VqK9iOWX1xZYFxAq+ZbkKzoOYphbg4tidTYQ6LT4
dlq+fRUOlfhLnokQsu38v4VMOeg1WsY5Ix3WnlyAJUrg7pkLsD2hdQB+wgfEiY+S
Y8N34qR17FMujoxJzavr6wx0oHm8Zba9jJAstiiabRlID9b/2Jp9ClfK0baKS8Vx
LqOO+j/z8Zw7XVnnjOAOnhMzNyqkYgVv4gm785fFeWNEIRZASdUIL4P1h0W1LH+4
iXbOyiLfElajRj2bfDmazXF2bKaojRCTOiVaTJSRhBMfvLq/DRdm3gF1ktjhLJdd
+p293j28oaaVdak56MdEpriN67NdY4drpGcmHyKSPrGTHfx6ZlRA7Ghl3enhbCFP
8IjYAMGVpZRR9/1xO/YUh+OwFzGTJQVNGjyey8clLa0jX5aOZV10R6JVkninYOYI
KrcqZSeDhlu5ZQ/ofZhQK4e2d9EOKemF/YFrm2I/79ksuLYM5Onk1VaPqIZjaqFz
b67676fTpqvWMRuokM4+QNkDyGX+TdB56w22HXmUjG0h9cUbyq52O1BTxYMKF538
sgWWTex/IJoI/MayakFW2ZmxUPaT9zojXt5qagJQ/yXmLnJr65mKX/1IzXPQ9MFE
xKbODP1/N8+nmsm2UZPZ
=vfUM
-----END PGP SIGNATURE-----



-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFKyn+YBEADFg1+IOgZmYcjwnkN0CKqdFwo1RzQeNoTuwmw3W2PNfWW/1KoY
XOwLWyHHBllibAF08Cva71lw8hI2/rvWxYhTno/QdZ/VP2JoocGtY+xRVXECCK0q
Xjg5CBCISYP23JoorPQPxSN7y2iwVdL9SSBF7yNebWj6K7439bw45OQox8autNa2
jSva1HUkABZz1sy3KXlsj+leDrLPiK3HprFhQp6bvk8AEnp+f1xZ2eNr0EmZQc0x
OYlaOJlj6MrnYdsHExowhwRvl3AzTHhG6yWPHi1R/ug5khA7lZNqRhXXSpW8I/9l
NJL9lwzcF6LClxHbwIb5PipsbJda2SG55mFJUZRv6qrp6WlngTMv2wCGrKr4mHCy
smsd1WjEgHXjPCQ8oZI2rxSXlXUEcpFC+AQN+UzWSKAo1tZhCvkLDqEyl13LvhU1
NsisU74ZcJSiW5Hqf8jVXLT+l93NkEIu3EjmCZeNORZOxhW9Uj5RzSwgPZqDrJEC
yZrKXBlPnb36Y5vY+M+gleFsP1ZPXvr+li8R6eTfL5NDhGdVEMX6fe6CuBkeWQMv
Y62FWxy2RSd2UYKDzczk6UomVjJmTc1T+JhmXrjiJnfiUL4jEvOHuos6g45CH2rw
6TTleXk1YJEYvh8RtvcPxHYHfj+QY/+//H9r5KnkesX3kuN19GBfd/BLswARAQAB
tC1EcmVhZCBQaXJhdGUgUm9iZXJ0cyA8c2lsa3JvYWQ2b3dub3dmay5vbmlvbj6J
Aj0EEwECACcFAlKyn+YCGwMFCQHwnJoGCwkIBwMCBhUIAgkKCwMWAgECHgECF4AA
CgkQzLI45Hz+37xTlg/8Cy5Pzc5VK7Yvg1I1/OnRsX4Tf5hV1w7c92m94BiXrfQV
xMY4hakFlmdSTg863v61YBMK3coKc45b/v/Bokjn23HFyUfYg09vQS1v2VZ3P63k
oNM+nerY5O4JQuO8H+ZaCl1/7xm7fVdg/yPEGMeEfbycSyHai5BZthBjakouvO4n
Zl1gu6WjJW0vJc+1pZCKgARy1FzGB/X9hvliyD+1PuTMC715QgmnQGCi03LMNb5n
YNFEqrExv6tZRea4FRA+u0OxnQmvOZYqia+UiYdRhhel128UjksTewUzzkQU/b3k
ObkvWw5MpFZOanP4y2KpQlwp9L1x1DpZfKPhEH9Hoqq6WFuTe+sGxPAdXkVOayyy
4iGt14xFDufUTRWAuj+rRvGKp9rt2zm4lxkaua2BhKGyR4KEwfywPHUlgERX7Ihi
Cp6XwNA+ke0fpuJegejbqPkesfEa6E3HrOaBiAlvjyHjwqPo0zy94ZDCl1P6s3hX
/SXcWRQEJUzjTnOe97mXr+lGSg2zoerD87zoIt9W9awiK23x8lfKdXLSlF7obuCX
JFgVJWgJRfMvMZniDWR6fr+hazAkC7a55Grg0EX4amkgO04i7BVhbNFB1Fwn0V4f
opbpXherz6sIcimRUJFasyLnAY+jThd/2VvJdY/NMnYEc6oeCvlg1JvbmA+Bbau5
Ag0EUrKf5gEQAKqWMqKGc9CpMmOZx2WRNs4+80n+9dMeg5GuSNPP6P2lEXNf2lYB
s5uytdB8osT+HGxORxbfiwLowN3Iv0J+MC3udvdFWsIf06ZHoysTU/4ffbyRTdg4
s7QzzTK5HGPdtM5KWW3F1hwVzwbQBi353FyD+vMDomUFpKE04WMmm+WzTBkO+SJJ
s0UTdDcdGaTRwx9Jnp4Ut4TteFBiPwV46oJeTQ0hqgHmTdt8Q8VACzy/vEUT2G9P
llqe/LFeqMzTqWFyXlUfsx7soeSh/+g2SyKh7h1S57E4cawymyxDLxXaHUO3Sd25
uuauYadLvOWxvN2WAkPegpcwvy2aSMlGlbiOwGMF3qEyhqc4Ci7UWSdVAlSFbn4I
Ol8CLxueP0F2/0asJjx3iAcGh2HWFPZRotbEgIn+cvykTeUvIZd3DbP8XYBQvfXa
0ykozBABMR3+qiOzL1Jll3r3OKL46Qxt36uIIGPMXOgoXMWryfLWohCmAXAP6OEb
FeGbFwMOnw7dXFiu43wsj83K+LIh+8QcfZlNDpN1bs6jH1czD3uB7kytMF5Zv8KM
nA/x/DIx2nRfoRRaNrBgpnNesXC2Y8ufhbCQk6HzwXlN5KcmWuTV197QPfTJPsbo
MuBBNsHdC7t6qERmKbgqJIdhqCREqHFjh37VqUPvP5t6OhbTCnnoYf65ABEBAAGJ
AiUEGAECAA8FAlKyn+YCGwwFCQHwnJoACgkQzLI45Hz+37yoixAAs3kAotMZ9ILm
npU2CwAUIfETSMqf7w8JeyzX01HvydO6XOOAy1BMgtcxuY/L64DFzHQ7sMGiDDQ0
7jEed6YG/SusNgctlva8FzEKtH9lM8aKD9+HKih10b8opIpn8l0ffSql0W+jrlvB
Mxe7JshTl8HRKd3fKnTzfcCjmBF4wfkUeauu7vbtvtF0+vCt4IstF62PG0c25fnU
2faAh4LVpQgAtOEzT7D3QticqfHGP3u8EQYFUKGCkzV8TYW6ZXIzbGuMS46LbNbt
kPmebV8xJ+6PQp7WpdubzbxwUEvA29YHRYUlj4GZpoH9i33SW4Q4BJ/qsj+5N4Fv
IBeNh5XnvozicBGyhJ8Kr58XhxnXbO9jvfvEk4eFtU/5mOl4jRC/7dCFQNivb8/z
iAYLiAxPb4grS1ScDk+SpAGm/K4XpETLSj461aGjm+kbNSAIHMiJzzccCceXjk2R
BON6NrTqyvL1PowsMcXsP/z3GKqhOMxeW4J6Sct5QOrBkKM9XNPg52tA+tYFLvlZ
YDBQPOpeqa0rcTJQ6TwcqIt7jwFZbgJXoigjm3U0w3GRF7SBZJljfAeA2Uv9Fo6b
YtOiQCJ+WuF78/9Pkx2DmrR97awsa+2F1KzGaRK3arUClH3qxYof9yoh9vYA5FSq
knMWzEmq90TVXa/r9A5vupzTCxz1XwM=
=tv2s
-----END PGP PUBLIC KEY BLOCK-----

[jakeyblues1987]

its prolly smart to change your pgp key every few months

[deathpick]

F1RST P0ST

[lithonius]

Three cheers for Bob!

[Yoda]

Verifies.

[Herby]

is this what would happen if the feds had bob?

[Cornelius23]

is this what would happen if the feds had bob?

Why, if they had his old private key?

[Painless]

?   How would you confirm DPR hasn't been compromised?

[StevieHyperD]

He signed it with his old key, if he had been comprimised it would make no sense to create a new key if they already had his old one. Having said that I don't see why he is creating a new one, unless he fears he may have potentially compromised the old one. They are both 4096bit so no obvious increase in security.

[Painless]

I'm still confused. I'm pretty new. So your saying he'd need access to his old key to sign? Why not encrypt the new key using old key to prove that its him. Or is that what the signature proves?

[Painless]

In other words, why is this any different?

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJSsqJ5AAoJEPMoGw8w0+tz1jgP/jeixSrY/mpuXOocF4QBKYkt
wCPrR0BIentVjmjzAikIqR5+VqK9iOWX1xZYFxAq+ZbkKzoOYphbg4tidTYQ6LT4
dlq+fRUOlfhLnokQsu38v4VMOeg1WsY5Ix3WnlyAJUrg7pkLsD2hdQB+wgfEiY+S
Y8N34qR17FMujoxJzavr6wx0oHm8Zba9jJAstiiabRlID9b/2Jp9ClfK0baKS8Vx
LqOO+j/z8Zw7XVnnjOAOnhMzNyqkYgVv4gm785fFeWNEIRZASdUIL4P1h0W1LH+4
iXbOyiLfElajRj2bfDmazXF2bKaojRCTOiVaTJSRhBMfvLq/DRdm3gF1ktjhLJdd
+p293j28oaaVdak56MdEpriN67NdY4drpGcmHyKSPrGTHfx6ZlRA7Ghl3enhbCFP
8IjYAMGVpZRR9/1xO/YUh+OwFzGTJQVNGjyey8clLa0jX5aOZV10R6JVkninYOYI
KrcqZSeDhlu5ZQ/ofZhQK4e2d9EOKemF/YFrm2I/79ksuLYM5Onk1VaPqIZjaqFz
b67676fTpqvWMRuokM4+QNkDyGX+TdB56w22HXmUjG0h9cUbyq52O1BTxYMKF538
sgWWTex/IJoI/MayakFW2ZmxUPaT9zojXt5qagJQ/yXmLnJr65mKX/1IzXPQ9MFE
xKbODP1/N8+nmsm2UZPZ
=vfUM
-----END PGP SIGNATURE-----








    -----BEGIN PGP PUBLIC KEY BLOCK-----
    Version: GnuPG v2.0.22 (MingW32)

    mQINBFKp5SY NOT DPR KEY BEACZz6gHWrMrRIvr84KrmJrZCp3I0PSGyW8ZvZlzyey98/8dSFmJ
    LKSzIG0XMgE/6vKoytQSFiyVyVROgZUSmhqr7QO/IxTFoa7xEoBRmQAwVFhkC2O7
    JV5XoJzprpCDvFU80QxoIqLGZq9YfV7wyroiwQnDuSU/q5UymECESAnZeTmvWS45
    0MC7bDmZZAJ0FZcl+NdephgVhfR1L0jvHgof
    8+EOvXzEuTmYbcA2AIoO9Mhi1jjlsrli6gw9GFRpBpmGxS+IvNoTP7SI746Ns69L
    fYdw7RSMcLYxSwG3PUkB0IYW7bf4zg7qo7dX5WTex0XlLhRsN0K9GI6UgD9TTI67
    P4xwoFqppDdFDYpLb/0RJ6ZeKdwpdlYszFc4zOWIrNmOKH6+7FJL966AlAv9giXw
    eY/2YJqZFlPTQujW9q1K8J+Hc4XYjK6r6EzjQouVn4JI5zbwpHOVnkkVzf0Av3vK
    aHXpzTqWZfvTaRLxC4qiEGK32NaUG/1lRipnweDrEhE0yWK7+mNF2qUa3ayon9OT
    p5plWnbNzsiNpQc/5PDfcquGjzYoGDdX0CwM3gOxiDSvg3nnIDDoHLOGyvyo4eJt
    hhbTxQNPWfrBgbOg7GrrSkk1tfgSjMDPLAjGj5wX/32lWkutQVgWjNL3JQARAQAB
    tCBwYWlubGVzcyA8cGFpbmxlc3NAcGFpbmxlc3Mub3JnPokCOQQTAQIAIwUCUqnl
    JgIbDwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEDjd0M+k8mERSnAP/27b
    KdphZ9rtHB2jOLmm8bBNi5mAQ9uALNzEbEuRu4/sobjtuDvN0gsZ/Ikd6WVCBxJx
    1IRERERM5L3wKexZatzQtKWqu6YoiAJpQBSLOOkXb9bRzpdBNBvfgCSg4//YLRsz
    gT2uMSz/IdNtTabhntQcm+Qs1eFBE0kxp5whfzJEx5mtV86il0bzkSvxmhrIYIqP
    EbA5ApXixEVw4RVgVnQ+khi3osmme7q88+02zN1IbfH/AqHHLdIMm+C83xRRpLti
    D9KuNYq0XsmnPgjm5rfRVsQCqA73BIXrttspOyEU1RDibm6mV+aMVYhQCyjLX3df
    5TjJ9FtKfI0aAzs+2zqTCdzzucrojfW9O0YJcaYTwnmMgHFFK0/+xbmJrwRxu6lq
    MP1e2xcCa5gjYeaVXA2X4wBwpUp6yZ5dGPquDwfcwnpbujkoViBvOaWGAiTgkRBf
    hN7GsPaupXT3e34AmoSIoaao2VZY7YBl7dIVGXe8sTgzKj+8aEfELqUzh1TjNXsp
    d3AvzKL/85BEfve1Ukz590WNluhG0ZoUf1KXdP2o9EsACBaMKsr+AdJPBCY8iq4r
    Ch34QHzlap3J+vhZQm6Lxd0j/yWp90O2UHcEVE6VZOsZjBoQ+upUWUUNVmK17ClI
    XXr1ZHGipCdOIvF+HdyQCl9mbYBOYM5SIgPgy8cK
    =sMD2
    -----END PGP PUBLIC KEY BLOCK-----

[Cloquet]

Why not encrypt the new key using old key to prove that its him. Or is that what the signature proves?

Yes, that's the purpose of signing. No idea why DPR switched though.

[StevieHyperD]

I'm still confused. I'm pretty new. So your saying he'd need access to his old key to sign? Why not encrypt the new key using old key to prove that its him. Or is that what the signature proves?

You can be reasonably sure its authentic because he signed the message at 7.38, and posted at 7.45. Although I agree signing the key would be better proof. But note he does include the key fingerprint as part of the signed message.

[Yoda]

I'm still confused. I'm pretty new. So your saying he'd need access to his old key to sign?

Yes.  He would need control of the old key.

Why not encrypt the new key using old key to prove that its him. Or is that what the signature proves?

Because DPR knows that placing his key inside the signature would create a shit-storm of people not being able to copy his key due to the way pgp handles encrypting dashes.  People would be freaking out wondering why they cant import his new key, and conspiracies would erupt that DPR is now an alien or something.  Encrypting his new fingerprint is enough.

Let me demonstrate with my key... try and import it:

Code: [Select]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFKj6AcBEACwGOg13QJFbL0zoQdmicWGEDP8xQtm+AYUAa3An1vCJ4PFPr/p
DjWLeyg5d8KWrmcKgjyZACacI8TAAg61WsuQLeR10Ocx3iNTJIcoRMqmQB7YrbBS
extI3gVv053DvS0kzY4WALpfRCRB+DP8OCSTjhJTjsV7I2dYBCOTzTJTQeDwCtdQ
qmkxAqRGWFERpY8p8i1insDZl400rDdVPrPHzecyJ9ulU+wxX79w5C+uSexq6c4g
2d1gNoKXwY30NtLQuH0wdHUYdkU5Td7qLLvr09QkF/zZ3Mq4Sz3UAQ/nhzvo8kHE
dfKwrs3ekGymVwbPHUDLl8uK+TJxIMnSgZrrvTyFswzR8g3irhXoK8qwLoYbXHHX
aQqjxBgo8m4o/cVhn0AVduoC3NCGfobbzIgTNO95jyb0JNWJkxvp0ZtRWuI7pW8i
ULhzxCYxKTy0qPWxENxdlj7y0QSKgplfamO0lx6QLBQE6ht0wLLKn2/OJp5mDheq
aKHrF8znYgR01+5lU8lG/ErA4mivfp25S2OV5gWBTp3qeoity9nQ7V1T24K5bhg1
i4kZuhBnoscvF6vlLN6InW3OKVhCo2YYrzX2y1ndTKsdRKP7hzK9YDGId9/nAVRp
rq8C5ZF4YWLHi9pwjb3sCBLOpmyPGQrvUQ7h3UzZ2ms21v4VHtyplH1BlQARAQAB
tBRZb2RhLSA8WW9kYUBEYWdvYmFoPokCNwQTAQoAIQUCUqPoBwIbAwYLCQgHAwIG
FQgCCQoLAxYCAQIeAQIXgAAKCRCDvMnoMWn2V2D+D/0U6asGBxE3bIWLd5p1Q5sj
RO3/iOnCbgyP7Etav/HHXkTyCFkmcUcc/zgT3J5x/aOmQcbQl0gcI6f50PItBjeL
p4C1i0KhBrm+j98Di2YwHBpmwbKD+8NBSQFO6v5QbyzbbEw43eTDf1qxF0Y83m0j
9ii5GgS2SeESD6mqU+oiBfBLW4M1An8cX5HhYeo26DecgcXoliRopKqIvIn/Gt5P
h32hR4uIK1JczbIrNuabNI+zFY4t8DcoxTd5Q/1t5dArid+8dp/FD325eHblc4Bi
njxST4xRN9Ci74OF87n4WEAPfz1bEVpqzrCTD0zuCKoBhiMl5L102HQVTg776yEn
QGwLNjaBLAPyFnsOHBVl/0th2sHFDXMo1ZXeJhZV4G6mR7cY2V1ELAGnP+jJzvJY
00dzGDee7IKskiGmRCexHTqbO8eKSv0aGxzaQziqV92UPr6fECrgzFr38gOUImwm
aSN+2K86k0HYNjyEgVTKpnUOCH9LL69rYbdmjISiM1pMChFfR/fNGoT07F4g+q0I
/r7C17hQY0CeAoo541PkNFflt4CeI+nnEf0h96BEVlTLpuPnWeIU3uP7gsxAqVLO
GT4V5NxG++JG9yV7MYN4wNpN/0IwwFDz3ymsr4XCldsVTvyfR19o7+O26WO6HpEt
79CqcAe4jIwwGLltM7ubs9HFYMVeARAAAQEAAAAAAAAAAAAAAAD/2P/gABBKRklG
AAEBAAABAAEAAP/bAEMACAYGBwYFCAcHBwkJCAoMFA0MCwsMGRITDxQdGh8eHRoc
HCAkLicgIiwjHBwoNyksMDE0NDQfJzk9ODI8LjM0Mv/bAEMBCQkJDAsMGA0NGDIh
HCEyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIy
MjIyMv/AABEIADwAPAMBIgACEQEDEQH/xAAfAAABBQEBAQEBAQAAAAAAAAAAAQID
BAUGBwgJCgv/xAC1EAACAQMDAgQDBQUEBAAAAX0BAgMABBEFEiExQQYTUWEHInEU
MoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVGR0hJSlNU
VVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmq
srO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8/T19vf4+fr/
xAAfAQADAQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJCgv/xAC1EQACAQIEBAMEBwUE
BAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXx
FxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqC
g4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV
1tfY2dri4+Tl5ufo6ery8/T19vf4+fr/2gAMAwEAAhEDEQA/APf6KKKACisXXfFW
keHVAvrn9+w+S3jG6R/TC/1OBXPeLfHl54f03TbhdKeOS7k3FJ2GUjUjIbHRiD05
x9eKznVhFNt7HXQwOIryjGEfi26XtvY7uiubvfGdppTWj6naXNraXaK0d0V3IpIz
tfHKt+B+vXG/bXMF5bpcW00c0LjKSRsGVh7EVSkm7IxnQqQipyWj2fQloooqjIK5
3xp4mTwt4fkuwA1zIfKt0PQuR1PsOv6d66KvGPjPds+t6dZ7jtitzJtxxlmI/wDZ
awxNR06bktz1MmwccZjYUp/Du/Ra/iavw18OSanM3i7WZDdXMrn7MZDuIIOC59+M
AdsfSqfxK02+0b5rUrNpWoXiztBKSxjuACSBz91uT+Hbitn4QarHceG5tNMn7+1m
LBCedjcgj2zu/wAmqHxl1RY4dL06NlMnmG5cd1wML+eW/KuZqCwvN/Vz24TxDz10
mtE7JdFFaq3a2+n6nXaR4VX+wbq311vtt3qR8y9LH5Q2OAvptGACPT6Y890fU7z4
beMn0O+uPN0mZwc9lDfdkHoexHseuBXrul38WqaTa38TAxzxLICD0yOR+HSvnnx1
qses+MdQu4JPMgDCOJs5BVQBkexIJ/GnimqcYzjuZ5FTqY2tWw9de41quz2VuzXT
yR9I0Vi+Ebxr/wAI6Tcu5d2tkDsepYDB/UGtqu6Lukz5erTdObg907fcFeSfGjTZ
S+m6oq5iAaBzj7p+8v5/N+Vet1Q1nSLTXdJn069TdDKMZHVT2Ye4NZ16ftKbiduV
4z6li4V3st/R6M+Z9M1a/wBGu/tWnXT28+0rvTuD1Bz1qO9vbnUbyS7vJ3nuJDl5
HOSa1PEvhTU/C96Yb2ItCx/dXCD5JB9ex9qw68GSnH3JH6vQlh61sRSs7rdb27X/
AENSy8R6xpunzWFnqE0NrNnfEp4ORg49PwrNRGkdY0Us7EBVAyST2poBYgAEk8AC
vWfhz8Pp4rqLXNZg8sJh7a3f727s7DtjsPx4xzdKnOtJRW35HLj8ZhsupSrNJSfT
rJ/11PStDsG0vQNPsJCC9vbpExHQkKAa0KKK99Kysfkk5OcnJ7sKKKKZJHPBDcwt
DPEksTjDJIoZSPcGuZuPhx4TuZC7aSiEtuPlyOg+mAcYrqqKmUIy+JXNqOJrUf4U
3H0bX5GNpXhPQdFkMmn6ZBDJ/wA9CC7D6FiSK2aKKaioqyIqVZ1Jc1Rtvz1Ciiim
Qf/ZiQI3BBMBAgAhBQJSo+hsAhsDBgsJCAcDAgYVCAIJCgsDFgIBAh4BAheAAAoJ
EIO8yegxafZXnEcP/R9KQ7vpF4c9Zrf1emx/SKkBSCCadTbjTjWVCxLEAnW2w6iO
Y+z5CLMz8+6Om99rfQGxo3fbFNKvRM4CxvzvwaX5pAvuT//kR5O4wSFWsmzWq3k2
xJ6oUj1nfRUPjMHIwIESdov2yhjIOCGNxI6cXdyIHBKV0U63I3E/lsTHObrsuvod
ZTuOFkhwxx+39zpz/5RIpPpn+zuBGiwxJkfu9V7MrjyxSIxPnJmCDRol67M1G+XM
nu/cJLwu/syNakYggttzlAB8rfc8vTIJeMwnuPlJneGvMFyCQgzNFjvVDrX1cTi1
FryKNqBmqikVi57tDYKGgiPn+QJMyo5Ff1GDLvQEz/UD00kyaxfktSO6yPYc/rE8
WU0TDJLbzRGTZrHUJLriUnn4JA0NNA2qEDGY+cFWEKdIT3QVujzy2+owVpaSiumD
aToMo2BcAB6SieVMAOorjLsgesmsoL1RHdTJHNFg2eOC1pkT5NwRBjVWc+FMfRH5
gfoPVc4sFHssPAixNZCI7JXcVL0xMeX9Hub1BR0glF5sdisMsaePQR8G098ixebl
y+lSyllcRh/62NyOpLbR9wUIICOennsYYcgVE2KmcLqnN1cB5yZTjAfDo85aryWE
S7u8s2OVGX6CiR5wEoaSv7UyW/8bu9zo2VgFGZtU/X8j2iEuvT3PEb05ANHKuQIN
BFKj6AcBEADLB7Xf354NEoPQvulSVUSdm6DoL/p5oGrOUTF58UE6NDuqe0P2Wne1
kehcen+gAhV9W0QTNWbZXvscQVIjNi40feJYYjTFX8xtG4XgjAkdMjVOYfK/tYPI
BCFxAXO+UAebMrK+yhZEbV+tAa+YPuTaenZOiTYw5F1x9Mx8GRU/A8QjSZLDiWP6
Z5Nhm7RDQPGTkZtg9lGv5TRPE+jDB5/XITLqRCF2qLhWYXRhlKFoa1FtsexVlJ8P
725am7aSNkUxHhcbb9gS7Y5QIdo/MeIqs75aM1bqbtFW4+Uh0K5EeYkL1BrFRqTC
Ga6SFbPi5SasL02baael1BiDv6dFRp8Brd8o05QIjuGMtDjCkQs2g9y3BCwI3sJc
vSAZ7VCAixdktIgF12LpEflXbHQnoS7GcsLry6A7/gRciKpGhzVUp6+cHwXP/dr0
xsBvbXfWFxCa6fQL/3ID1yuZhFL5y42oNnmXo93GIYXZQ2yWAUiL0qz988xmc12/
WpM1JCt92tf8xDQSGsl4EgZo1GczA2Z8TFvOVFUaDcZJ94bPyS55mISXu3mWpa1h
rWEHljU0MlhlMox6n7neilWGjA8D1ZE7WDafF8ESS8VMwHI6RmI8yrrSZJlB2jbJ
VDobRs1lPxRtsL28xzdZVBP7G4POq6a0NGU5Q5+bt2XMqQVIfpI4EQARAQABiQIf
BBgBCgAJBQJSo+gHAhsMAAoJEIO8yegxafZXd6gP/j20bwTUFZYoubZ0ZU+QV9MU
hH5xG6AiKGOs0JhRxUsrQvETp0aJfGsZlHIRq9073F00aieDTyIyzeC2ygXiGsvB
esFsYLoP3j+xTHc+KilALjSZQEfPEcpNNLroJSkUFwpAbKPBRVg7Wcrv/NQT6g0W
sHcv7ekG79D9OY5qoVnYlq5+3TE2GgJFNAs/uBEY3rdwF+tYNjalmjiga20R4xzP
Er/fD7foMQRnlT51z+pUJuV3WFW1HlhI1tq3FPyGGDS9ysH9IM3U8+msvmpZaJDo
e4mGEce23MVDwm259mxudx/DulfFaAXtBfpq2F83lGMnHBWC+IaT5utobLyQkqIH
vCq0fOeE1tkm3oJq25mcodFOHj+pHQpUOOkqT/6Ipdr11aQI2e2w8pZpUQ9oUuiz
gPhoFTG9kJgQuT4YvaHOVPEuRbCsyYjlPIdjyV1TP7kvuNF1dBVY+9pDCERdS6Aj
FV8NsJdgJvzdh89CJZADrMa8uzlPDjW7y4HtT3F2HIs+KLOChrwhih2yqaJ8fbWR
mafag+yrgKAEcR2KSzh2rzbB3+PS1rpnugaXkFsrF2DPCl+3p15bIn0G0GjthVpd
3qpCu/ESr1B5647eSCR2eDN8wWr7ju6h/yU6plbP9jzYdY4BI0P6Tr/q40RyHQLO
eOmV9qOURN7ZoZG7CjMQ
=tozc
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJSsx+3AAoJEIO8yegxafZXAP0P/Ak7O+YICMCQEiwCt5yONtht
GRBb1NFIFDaD5BgjNt8uNnjjyDW41Vxps+Zrc9ge89CqKtVpZnahjxMitTRpxHG7
doRZG0eFWHe764o3YQEtTzii88I3HPeVMeLYPBPZKmFVCleEzJJl21RJh1l4bnXh
bn3imJGPfkcfj8MXhspr0iIDjtlMM73yJBxwwHin9QSshuYl2RNc1rQbEgycD0aI
fLUTFx5K5O83Gz9erhSDCAbWXvCsw1zYIm0VsZMHaWVCEQ5he1DygVRVM1kGK+PQ
odOYDxEkYDIlZTXGwYoyPae1Z2EOO9I35l2B0dQEbhDCzKgWEaZM0RjeMfyzekp7
2duBvUzExBnf7Gaj16094UMpfdklNVgOxfqYXaISU3z3/SEf9XiXptl7PInq/3Ry
hNOg3gZFs3Q3VkiJBCPYli+d9AsCrHQkrsIH9PydmU6yLEt3gzgablfkLwdYoC1O
3IJNWBDPYFNeCMBtPvr3jp4zgQSuSAJG6hiG6/C5uTL9SurYypOPSBWXI94HgRph
KbPqpsAYVZph8wOulWycvCRHUKdX2AknomXpkmcqS18GIp1tccfr0H38nKN9ezYb
WcGYhTO4aEGKyAOOApHa9TVS/O4t5n3duM9hoAbD8g9pQAaP9Pg232d5+TBQO9BZ
xPBm80W/4oo6iu8otNYy
=REbD
-----END PGP SIGNATURE-----

Note the extra dash then space before each line.

- -----BEGIN PGP PUBLIC KEY BLOCK-----

- -----END PGP PUBLIC KEY BLOCK-----

[Dr. Chem]

Admins changing keys always causes a little bit of paranoia. But I mean everyone trusted this DPR even though we all knew it wasn't the former DPR, so why have doubts now?

Lol...

If you guys want to get all "foil-hatted" I'll throw mine in:

*puts on foil hat*
Wait?! Why is DPR talking about himself in a third person on the subject header. "DPR's New PGP Key"?!! Surely, this is an obscured message from DPR that this isn't really him!!!!? And by really him I mean the new him not the real him because the real him is in jail! So The new real him is telling us the new key is not really the new him but another him, right?!
*removes foil hat*

[Painless]

I understand the format issues and confusion but it would establish a hard record. And, I believe, an indisputable proof of identity.

So the new key was made incorporating his signature which is somehow verifiable?
 So an archived copy of Hus signature should be used to verify, not the one posted.Right?

[Yoda]

I understand the format issues and confusion but it would establish a hard record. And, I believe, an indisputable proof of identity.

Using his fingerprint, he does that.

So the new key was made incorporating his signature which is somehow verifiable?

It verifies but I think you misunderstand things. 

So an archived copy of Hus signature should be used to verify, not the one posted.Right?

No.  That wouldn't work.   You misunderstand things... go play around with your pgp program.

[Painless]

Thx for the attitude. I'm trying to learn here.

My point is what's stopping whoever from changing their signature and then making a new key then posting them both(like here) as proof of ID?  Like if LE did compromise DPR's account and change all references to his original key and replace it with this new one. Hypothetically, right?

And if you tell me I misunderstand again, go ahead and shove it.  OK?

[Tessellated]

The sig on the new key is valid. The new key is as valid as the previous one.

[supercanuck]

I was confused too.  But now I understand. Thanks guys.

[Painless]

Well I don't have an off site copy of His signature from before today and I don't trust any of you so I'mgoing to assume the worst. Thanks.


OK. I think I've got it. Being as DPR has control over the content of the sites LE could change the old DPR key and the only way to verify that did not happen is to reimport the old key and make sure it imports with no changes made. That way I know the old certificate is good. Then verify the old key and new key with signature. Right?

[Tessellated]

Well I don't have an off site copy of His signature from before today and I don't trust any of you so I'mgoing to assume the worst. Thanks.

If you did not have a copy of his previous key then there is no need to assume anything, you never had his cryptographic identity.

[Dr. Chem]

Well I don't have an off site copy of His signature from before today and I don't trust any of you so I'mgoing to assume the worst. Thanks.

Probably the smartest thing I've seen all day. But Indeed having a copy of the signature, fingerprint, etc of admins and mods is a good practice. I was going to "WTF you" about it, but reading all of your posts and seeing that you're trying to learn, makes sense.

[peer2fear]

Well I don't have an off site copy of His signature from before today

That's your own fault.

gpg: Signature made 12/19/13 02:38:33 using RSA key ID 30D3EB73
gpg: Good signature from "Dread Pirate Roberts"

The signing verifies and the fingerprint matches the new key.

[Loki]

themarketplaces's admin changed his pgp key at the same time DPR did.

[Painless]

It is my fault. I never grabbed his key or signature. I guess if enough people verify with no issue, then I can somewhat put my mind to rest. I wish this was stressed more. Maybe a sticky in the noob thread?

And thx for the - karma. I guess you guys were just born with the gift of pgp. I was not. So I guess I deserve the negs.

[lovefortree]

wonder why he needed to change it? :0

[Painless]

themarketplaces's admin changed his pgp key at the same time DPR did.

Weird. They must be the same guy
N
Like Satan....and Santa...

It's the ssame fucking letters! It's the same fucking guy!!

J

Verified: Satan and Santa use same pgp key.

[Yoda]

Thx for the attitude. I'm trying to learn here.

My point is what's stopping whoever from changing their signature and then making a new key then posting them both(like here) as proof of ID?  Like if LE did compromise DPR's account and change all references to his original key and replace it with this new one. Hypothetically, right?

And if you tell me I misunderstand again, go ahead and shove it.  OK?

Attitude???  Huh?

Well fuck me for trying to explain things to you.

Read this: 
http://gnupg.org/gph/en/manual/x135.html

(and if you still don't understand, direct your insults/bitching at them)

[nicedayproject]

hah, does it even matter if DPR is LE? Like someone mentioned before, we shouldn't be trusting each other or anyone anyway. As long as the site remains functional, then we're good. If LE took control of it and wanted to extract info, we wouldn't know about it anyway (like we didn't last time).

[BlueBox]

Thx for the attitude. I'm trying to learn here.

My point is what's stopping whoever from changing their signature and then making a new key then posting them both(like here) as proof of ID?  Like if LE did compromise DPR's account and change all references to his original key and replace it with this new one. Hypothetically, right?

And if you tell me I misunderstand again, go ahead and shove it.  OK?

Attitude???  Huh?

Well fuck me for trying to explain things to you.

Read this: 
http://gnupg.org/gph/en/manual/x135.html

(and if you still don't understand, direct your insults/bitching at them)

+1 for trying to help, getting insulted for it, then gracefully bowing out.

[Cornelius23]

Attitude???  Huh?

Well fuck me for trying to explain things to you.

Read this: 
http://gnupg.org/gph/en/manual/x135.html

(and if you still don't understand, direct your insults/bitching at them)

+1 for trying to help, getting insulted for it, then gracefully bowing out.

Indeed, although I have to wait a while before I can give Yoda another +1.

[El Presidente]

Why not encrypt the new key using old key to prove that its him. Or is that what the signature proves?

Yes, that's the purpose of signing. No idea why DPR switched though.

We can only wonder - http://silkroad5v7dywlc.onion/index.php?topic=9735.0

Maybe he was worried that somebody heard his keys jangling

[SunshineDaydream]

Thx for the attitude. I'm trying to learn here...............
And if you tell me I misunderstand again, go ahead and shove it.  OK?

Attitude???  Huh?
.......................

+1 Yoda - Always there to help.

[SupremeTeam]

Done

[Navudenas]

Why the change Captain?

[Nightcrawler]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


Please all find my new PGP key attached below. Replace the old key and use this with immediate effect.

New Key Fingerprint: 5A48F5D050E9905262B4799DCCB238E47CFEDFBC

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJSsqJ5AAoJEPMoGw8w0+tz1jgP/jeixSrY/mpuXOocF4QBKYkt
wCPrR0BIentVjmjzAikIqR5+VqK9iOWX1xZYFxAq+ZbkKzoOYphbg4tidTYQ6LT4
dlq+fRUOlfhLnokQsu38v4VMOeg1WsY5Ix3WnlyAJUrg7pkLsD2hdQB+wgfEiY+S
Y8N34qR17FMujoxJzavr6wx0oHm8Zba9jJAstiiabRlID9b/2Jp9ClfK0baKS8Vx
LqOO+j/z8Zw7XVnnjOAOnhMzNyqkYgVv4gm785fFeWNEIRZASdUIL4P1h0W1LH+4
iXbOyiLfElajRj2bfDmazXF2bKaojRCTOiVaTJSRhBMfvLq/DRdm3gF1ktjhLJdd
+p293j28oaaVdak56MdEpriN67NdY4drpGcmHyKSPrGTHfx6ZlRA7Ghl3enhbCFP
8IjYAMGVpZRR9/1xO/YUh+OwFzGTJQVNGjyey8clLa0jX5aOZV10R6JVkninYOYI
KrcqZSeDhlu5ZQ/ofZhQK4e2d9EOKemF/YFrm2I/79ksuLYM5Onk1VaPqIZjaqFz
b67676fTpqvWMRuokM4+QNkDyGX+TdB56w22HXmUjG0h9cUbyq52O1BTxYMKF538
sgWWTex/IJoI/MayakFW2ZmxUPaT9zojXt5qagJQ/yXmLnJr65mKX/1IzXPQ9MFE
xKbODP1/N8+nmsm2UZPZ
=vfUM
-----END PGP SIGNATURE-----



-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFKyn+YBEADFg1+IOgZmYcjwnkN0CKqdFwo1RzQeNoTuwmw3W2PNfWW/1KoY
XOwLWyHHBllibAF08Cva71lw8hI2/rvWxYhTno/QdZ/VP2JoocGtY+xRVXECCK0q
Xjg5CBCISYP23JoorPQPxSN7y2iwVdL9SSBF7yNebWj6K7439bw45OQox8autNa2
jSva1HUkABZz1sy3KXlsj+leDrLPiK3HprFhQp6bvk8AEnp+f1xZ2eNr0EmZQc0x
OYlaOJlj6MrnYdsHExowhwRvl3AzTHhG6yWPHi1R/ug5khA7lZNqRhXXSpW8I/9l
NJL9lwzcF6LClxHbwIb5PipsbJda2SG55mFJUZRv6qrp6WlngTMv2wCGrKr4mHCy
smsd1WjEgHXjPCQ8oZI2rxSXlXUEcpFC+AQN+UzWSKAo1tZhCvkLDqEyl13LvhU1
NsisU74ZcJSiW5Hqf8jVXLT+l93NkEIu3EjmCZeNORZOxhW9Uj5RzSwgPZqDrJEC
yZrKXBlPnb36Y5vY+M+gleFsP1ZPXvr+li8R6eTfL5NDhGdVEMX6fe6CuBkeWQMv
Y62FWxy2RSd2UYKDzczk6UomVjJmTc1T+JhmXrjiJnfiUL4jEvOHuos6g45CH2rw
6TTleXk1YJEYvh8RtvcPxHYHfj+QY/+//H9r5KnkesX3kuN19GBfd/BLswARAQAB
tC1EcmVhZCBQaXJhdGUgUm9iZXJ0cyA8c2lsa3JvYWQ2b3dub3dmay5vbmlvbj6J
Aj0EEwECACcFAlKyn+YCGwMFCQHwnJoGCwkIBwMCBhUIAgkKCwMWAgECHgECF4AA
CgkQzLI45Hz+37xTlg/8Cy5Pzc5VK7Yvg1I1/OnRsX4Tf5hV1w7c92m94BiXrfQV
xMY4hakFlmdSTg863v61YBMK3coKc45b/v/Bokjn23HFyUfYg09vQS1v2VZ3P63k
oNM+nerY5O4JQuO8H+ZaCl1/7xm7fVdg/yPEGMeEfbycSyHai5BZthBjakouvO4n
Zl1gu6WjJW0vJc+1pZCKgARy1FzGB/X9hvliyD+1PuTMC715QgmnQGCi03LMNb5n
YNFEqrExv6tZRea4FRA+u0OxnQmvOZYqia+UiYdRhhel128UjksTewUzzkQU/b3k
ObkvWw5MpFZOanP4y2KpQlwp9L1x1DpZfKPhEH9Hoqq6WFuTe+sGxPAdXkVOayyy
4iGt14xFDufUTRWAuj+rRvGKp9rt2zm4lxkaua2BhKGyR4KEwfywPHUlgERX7Ihi
Cp6XwNA+ke0fpuJegejbqPkesfEa6E3HrOaBiAlvjyHjwqPo0zy94ZDCl1P6s3hX
/SXcWRQEJUzjTnOe97mXr+lGSg2zoerD87zoIt9W9awiK23x8lfKdXLSlF7obuCX
JFgVJWgJRfMvMZniDWR6fr+hazAkC7a55Grg0EX4amkgO04i7BVhbNFB1Fwn0V4f
opbpXherz6sIcimRUJFasyLnAY+jThd/2VvJdY/NMnYEc6oeCvlg1JvbmA+Bbau5
Ag0EUrKf5gEQAKqWMqKGc9CpMmOZx2WRNs4+80n+9dMeg5GuSNPP6P2lEXNf2lYB
s5uytdB8osT+HGxORxbfiwLowN3Iv0J+MC3udvdFWsIf06ZHoysTU/4ffbyRTdg4
s7QzzTK5HGPdtM5KWW3F1hwVzwbQBi353FyD+vMDomUFpKE04WMmm+WzTBkO+SJJ
s0UTdDcdGaTRwx9Jnp4Ut4TteFBiPwV46oJeTQ0hqgHmTdt8Q8VACzy/vEUT2G9P
llqe/LFeqMzTqWFyXlUfsx7soeSh/+g2SyKh7h1S57E4cawymyxDLxXaHUO3Sd25
uuauYadLvOWxvN2WAkPegpcwvy2aSMlGlbiOwGMF3qEyhqc4Ci7UWSdVAlSFbn4I
Ol8CLxueP0F2/0asJjx3iAcGh2HWFPZRotbEgIn+cvykTeUvIZd3DbP8XYBQvfXa
0ykozBABMR3+qiOzL1Jll3r3OKL46Qxt36uIIGPMXOgoXMWryfLWohCmAXAP6OEb
FeGbFwMOnw7dXFiu43wsj83K+LIh+8QcfZlNDpN1bs6jH1czD3uB7kytMF5Zv8KM
nA/x/DIx2nRfoRRaNrBgpnNesXC2Y8ufhbCQk6HzwXlN5KcmWuTV197QPfTJPsbo
MuBBNsHdC7t6qERmKbgqJIdhqCREqHFjh37VqUPvP5t6OhbTCnnoYf65ABEBAAGJ
AiUEGAECAA8FAlKyn+YCGwwFCQHwnJoACgkQzLI45Hz+37yoixAAs3kAotMZ9ILm
npU2CwAUIfETSMqf7w8JeyzX01HvydO6XOOAy1BMgtcxuY/L64DFzHQ7sMGiDDQ0
7jEed6YG/SusNgctlva8FzEKtH9lM8aKD9+HKih10b8opIpn8l0ffSql0W+jrlvB
Mxe7JshTl8HRKd3fKnTzfcCjmBF4wfkUeauu7vbtvtF0+vCt4IstF62PG0c25fnU
2faAh4LVpQgAtOEzT7D3QticqfHGP3u8EQYFUKGCkzV8TYW6ZXIzbGuMS46LbNbt
kPmebV8xJ+6PQp7WpdubzbxwUEvA29YHRYUlj4GZpoH9i33SW4Q4BJ/qsj+5N4Fv
IBeNh5XnvozicBGyhJ8Kr58XhxnXbO9jvfvEk4eFtU/5mOl4jRC/7dCFQNivb8/z
iAYLiAxPb4grS1ScDk+SpAGm/K4XpETLSj461aGjm+kbNSAIHMiJzzccCceXjk2R
BON6NrTqyvL1PowsMcXsP/z3GKqhOMxeW4J6Sct5QOrBkKM9XNPg52tA+tYFLvlZ
YDBQPOpeqa0rcTJQ6TwcqIt7jwFZbgJXoigjm3U0w3GRF7SBZJljfAeA2Uv9Fo6b
YtOiQCJ+WuF78/9Pkx2DmrR97awsa+2F1KzGaRK3arUClH3qxYof9yoh9vYA5FSq
knMWzEmq90TVXa/r9A5vupzTCxz1XwM=
=tv2s
-----END PGP PUBLIC KEY BLOCK-----

What you need to do is to sign your new key with your old key. The command
to do this is as follows:

You just need to enter Command Mode and enter the following commands from
the prompt.

gpg --default-key <Old Key>  --sign-key <New Key>

pub   4096R/30D3EB73 2013-10-07
uid       [ unknown] Dread Pirate Roberts
sub   4096R/28820345 2013-10-07

pub   4096R/7CFEDFBC 2013-12-19 [expires: 2014-12-31]
uid       [ unknown] Dread Pirate Roberts <silkroad6ownowfk.onion>
sub   4096R/F6F90F3C 2013-12-19 [expires: 2014-12-31]

Given that the above are your keys, the command you would use is as follows:

gpg --default-key 0x30D3EB73 --sign-key 0x7CFEDFBC

You will be prompted for your passphrase, and confirmation before the
signing operation is completed.

For most intents and purposes, generating an entirely new key is overkill.
This usually leads, as you may have already seen, to a multitude of
questions about why you did this.

I'm not entirely certain what your motivation was to generate a new PGP key,
however, if your goal was to prevent the potential future decryption of
already-existing message traffic, generating a new key is not necessary --
all that is necessary is to generate a new encryption sub-key, and expire
the old sub-key. Finally, you need to delete the private half of the now-
deprecated encryption sub-key, and ensure that all backups of that sub-key
are also destroyed.

One of the advantages of doing that is that you don't need to throw-out the
baby with the bathwater -- you can still keep the signing half of the key,
that you used to sign messages with, only the sub-key used to encrypt
messages will be changed.

If you expire, and later delete the private half of the encryption sub-key,
then there are NO circumstances under which you can be compelled to decrypt
traffic encrypted using that sub-key. The only way for anyone to access
such traffic would be to:

1) Find a copy of the private half of that sub-key backed-up and stashed
   away somewhere; or

2) The Feds would have to factor your 4096-bit PGP encryption sub-key. This
   is considered infeasible at the current time, ever for such large, well-
   funded entities as governments.
   
I'll get into the topic of forward secrecy in another post, as I'm feeling
under the weather right now, and need to lie down.

Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key Fingerprint = D870 C6AC CC6E 46B0 E0C7  3955 B8F1 D88E BBF7 433B

Security is a bit like religion... some things have to be taken on faith.
Where security differs from religion is that security is NOT retroactive.
Unlike Christianity, where you can come to Jesus, be 'saved' and have all
your sins washed away, with security you can adopt Tails or PGP, and be
secure from that point forward, but rest assured that your previous sins
(security failings) WILL come back to haunt you and bite you in the ass.
The original DPR is the poster child for that, right now.

Folly, thou conquerest, and I must yield!
Against stupidity the very gods Themselves
contend in vain.      --Friedrich Schiller

[Painless]

I just read the inigo shit. I hope I was wrong about all this, but it doesn't look good.

[Baraka]

This new key combined with the news about the arrests makes me really paranoid. Paranoid enough to think that maybe LE has seized control of SR2 completely and has issued this new key just to quietly smoke out more people. I hope I'm wrong but TonyTheTiger said that after he was arrested LE showed him a lot of shit from the site which is supposed to be private. I don't know if he's right either but if he is then everything has been compromised. I hope I'm wrong about all this. 

[Cornelius23]

This new key combined with the news about the arrests makes me really paranoid. Paranoid enough to think that maybe LE has seized control of SR2 completely and has issued this new key just to quietly smoke out more people.…

How would that work?

[Baraka]

LE could have gained control of the current DPR's account then issued their own key in his name. But I hope that's just me being paranoid.

[Cornelius23]

LE could have gained control of the current DPR's account then issued their own key in his name. But I hope that's just me being paranoid.

The only way to sign the message which contained the fingerprint of the new key would be to use the old private key.

[Nightcrawler]

LE could have gained control of the current DPR's account then issued their own key in his name. But I hope that's just me being paranoid.

The only way to sign the message which contained the fingerprint of the new key would be to use the old private key.

Indeed.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


Please all find my new PGP key attached below. Replace the old key and use this with immediate effect.

New Key Fingerprint: 5A48F5D050E9905262B4799DCCB238E47CFEDFBC

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJSsqJ5AAoJEPMoGw8w0+tz1jgP/jeixSrY/mpuXOocF4QBKYkt
wCPrR0BIentVjmjzAikIqR5+VqK9iOWX1xZYFxAq+ZbkKzoOYphbg4tidTYQ6LT4
dlq+fRUOlfhLnokQsu38v4VMOeg1WsY5Ix3WnlyAJUrg7pkLsD2hdQB+wgfEiY+S
Y8N34qR17FMujoxJzavr6wx0oHm8Zba9jJAstiiabRlID9b/2Jp9ClfK0baKS8Vx
LqOO+j/z8Zw7XVnnjOAOnhMzNyqkYgVv4gm785fFeWNEIRZASdUIL4P1h0W1LH+4
iXbOyiLfElajRj2bfDmazXF2bKaojRCTOiVaTJSRhBMfvLq/DRdm3gF1ktjhLJdd
+p293j28oaaVdak56MdEpriN67NdY4drpGcmHyKSPrGTHfx6ZlRA7Ghl3enhbCFP
8IjYAMGVpZRR9/1xO/YUh+OwFzGTJQVNGjyey8clLa0jX5aOZV10R6JVkninYOYI
KrcqZSeDhlu5ZQ/ofZhQK4e2d9EOKemF/YFrm2I/79ksuLYM5Onk1VaPqIZjaqFz
b67676fTpqvWMRuokM4+QNkDyGX+TdB56w22HXmUjG0h9cUbyq52O1BTxYMKF538
sgWWTex/IJoI/MayakFW2ZmxUPaT9zojXt5qagJQ/yXmLnJr65mKX/1IzXPQ9MFE
xKbODP1/N8+nmsm2UZPZ
=vfUM
-----END PGP SIGNATURE-----

gpg: Signature made Thu 19 Dec 2013 07:38:33 AM UTC using RSA key ID 30D3EB73
gpg: Good signature from "Dread Pirate Roberts" [unknown]
gpg: WARNING: Using untrusted key!

pub   4096R/30D3EB73 2013-10-07
      Key fingerprint = 78F5 E03A 2E1D 9614 1ACB  08E1 F328 1B0F 30D3 EB73
uid       [ unknown] Dread Pirate Roberts
sub   4096R/28820345 2013-10-07

pub   4096R/7CFEDFBC 2013-12-19 [expires: 2014-12-31]
      Key fingerprint = 5A48 F5D0 50E9 9052 62B4  799D CCB2 38E4 7CFE DFBC
uid       [ unknown] Dread Pirate Roberts <silkroad6ownowfk.onion>
sub   4096R/F6F90F3C 2013-12-19 [expires: 2014-12-31]

      Key fingerprint   =    5A48 F5D0 50E9 9052 62B4  799D CCB2 38E4 7CFE DFBC
      New Key Fingerprint: 5A48 F5D0 50E9 9052 62B4  799D CCB2 38E4 7CFE DFBC
     
Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key Fingerprint = D870 C6AC CC6E 46B0 E0C7  3955 B8F1 D88E BBF7 433B

Security is a bit like religion... some things have to be taken on faith.
Where security differs from religion is that security is NOT retroactive.
Unlike Christianity, where you can come to Jesus, be 'saved' and have all
your sins washed away, with security you can adopt Tails or PGP, and be
secure from that point forward, but rest assured that your previous sins
(security failings) WILL come back to haunt you and bite you in the ass.
The original DPR is the poster child for that, right now.

Folly, thou conquerest, and I must yield!
Against stupidity the very gods Themselves
contend in vain.  --Friedrich Schiller

[Defcon]

LE could have gained control of the current DPR's account then issued their own key in his name. But I hope that's just me being paranoid.

If LE had his old key, they would just continue using it.

I can confirm that DPR is indeed the same DPR, and has been verified using several alternate methods which staff keeps private for obvious reasons.

[supercanuck]

The captian is hiding in the galley.  I dont blame him.  scary shit.

[zazu]

I remember Astor saying Tor is compromised as their last message and left, never to be heard from under that nym again.  LE seemingly able to arrest at will.  Talk of ''fighting to the death'' seems very noble, but the notion of spending the rest of your life in prison is very real for the figureheads.  I don't know how many people are involved in the making of the site/forums, none of us do but can we be certain that not one is LE?  A site started by by IRL friends with the expertise and based in a foreign country with no extradition to give this a fighting chance.  These busts are probs LE's way of hoping they can get one of their guys in now.   

[Baraka]

Ok. But the timing of the new key and comments from TonyTheTiger and his arrest aren't helping. Now there's chatter that Libertas was coerced into doing the DEA's bidding. All I know for sure is my fucking head is spinning 

LE could have gained control of the current DPR's account then issued their own key in his name. But I hope that's just me being paranoid.

If LE had his old key, they would just continue using it.

I can confirm that DPR is indeed the same DPR, and has been verified using several alternate methods which staff keeps private for obvious reasons.

[Baraka]

Bullshit on both counts. There is no evidence that Tor is compromised. If I'm wrong then show me.

LE making arrests at will?? Use your head. SR had hundreds of thousands of buyers and countless sellers. Yet how many busts in total have the feds made so far? 12 maybe? It's still a really low number. Watch your ass for sure but don't give LE credit that they don't deserve. Fuck em.

I remember Astor saying Tor is compromised as their last message and left, never to be heard from under that nym again.  LE seemingly able to arrest at will.

[Nightcrawler]

I remember Astor saying Tor is compromised as their last message and left, never to be heard from under that nym again.  LE seemingly able to arrest at will.  Talk of ''fighting to the death'' seems very noble, but the notion of spending the rest of your life in prison is very real for the figureheads.  I don't know how many people are involved in the making of the site/forums, none of us do but can we be certain that not one is LE?  A site started by by IRL friends with the expertise and based in a foreign country with no extradition to give this a fighting chance.  These busts are probs LE's way of hoping they can get one of their guys in now.   

I liked Astor, I thought he was a good guy, and knew his stuff. However, we disagree on the subject of Tor. Bruce Schneier is working as a consultant to Glenn Greenwald, so Schneier has seen the Snowden documents. Schneier has stated publicly that he thinks the NSA can't break Tor, that it's a thorn in their side, and that they absolutely hate it. Given that Schneier has forgotten more about crypto than I'll likely ever know, I'll go with his opinion, as opposed to Astor's.

Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key Fingerprint = D870 C6AC CC6E 46B0 E0C7  3955 B8F1 D88E BBF7 433B

Security is a bit like religion... some things have to be taken on faith.
Where security differs from religion is that security is NOT retroactive.
Unlike Christianity, where you can come to Jesus, be 'saved' and have all
your sins washed away, with security you can adopt Tails or PGP, and be
secure from that point forward, but rest assured that your previous sins
(security failings) WILL come back to haunt you and bite you in the ass.
The original DPR is the poster child for that, right now.

Folly, thou conquerest, and I must yield!
Against stupidity the very gods Themselves
contend in vain.      --Friedrich Schiller

[The Jigsaw Puzzle]

I remember Astor saying Tor is compromised as their last message and left, never to be heard from under that nym again.  LE seemingly able to arrest at will.  Talk of ''fighting to the death'' seems very noble, but the notion of spending the rest of your life in prison is very real for the figureheads.  I don't know how many people are involved in the making of the site/forums, none of us do but can we be certain that not one is LE?  A site started by by IRL friends with the expertise and based in a foreign country with no extradition to give this a fighting chance.  These busts are probs LE's way of hoping they can get one of their guys in now.   

Today's arrests have absolutely nothing to do with the security of the Tor network. How can you protect yourself against someone flapping their gums to LE when the FBI use the possibility of a reduced sentence as a bargaining tool to negotiate a plea deal for Ross and a chance of some freedom in your twilight years. Ross saw the writing on the wall and had second thoughts to pleading not guilty to all charges.

[pK]

LE could have gained control of the current DPR's account then issued their own key in his name. But I hope that's just me being paranoid.

If LE had his old key, they would just continue using it.

I can confirm that DPR is indeed the same DPR, and has been verified using several alternate methods which staff keeps private for obvious reasons.

And who are you?

[nathan.burnett]

Nightcrawler, have you ever considered publishing any documents on security, you appear to be very knowledgeable to the subject and you are very easy to understand?
I have seen posts all over the forums from you and I have managed to learn something new from every one of them

[Trevor]

LE could have gained control of the current DPR's account then issued their own key in his name. But I hope that's just me being paranoid.

The only way to sign the message which contained the fingerprint of the new key would be to use the old private key.

they could have taken old DPR's private key and used it to make the new key for whatever reason. who knows?

Clearly LE has compromised DPR's old private key and they're just changing it to let us know what they're up to. SMH do you even realize how fucking stupid you sound.

[This_is_not_NCA]

LE could have gained control of the current DPR's account then issued their own key in his name. But I hope that's just me being paranoid.

The only way to sign the message which contained the fingerprint of the new key would be to use the old private key.

they could have taken old DPR's private key and used it to make the new key for whatever reason. who knows?

Sure and they could run this site, they could be you and so on. Saying that this something the feds would do is simply wrong.

Re-keying in the event of a potential compromise is a very prudent and wise move. It should illustrate that DPR isn't taking chances where he doesn't have to. It is a question of better safe than sorry.

There are absolutely no questions in my mind of authenticity as the message was signed by DPRs old key. His new key is as much DPRs as his old key was.

[plutopete]

This new key combined with the news about the arrests makes me really paranoid. Paranoid enough to think that maybe LE has seized control of SR2 completely and has issued this new key just to quietly smoke out more people. I hope I'm wrong but TonyTheTiger said that after he was arrested LE showed him a lot of shit from the site which is supposed to be private. I don't know if he's right either but if he is then everything has been compromised. I hope I'm wrong about all this. 

Tony the Tiger wasn't arrested, he was quoting a post supposedly made in the vendors roundtable and subsequently deleted. That post made reference to LE knowing about a dispute and this indicates the info is from SR1 as the resolution centre isn't yet working on SR2.

[Hiniguel]

hah, does it even matter if DPR is LE? Like someone mentioned before, we shouldn't be trusting each other or anyone anyway. As long as the site remains functional, then we're good. If LE took control of it and wanted to extract info, we wouldn't know about it anyway (like we didn't last time).

Exactly - If the site remains up, and functional - I'll still vend here.


Use 4000+bit PGP, never leak anything personal. Only use vendors you know are legit.


The site would work fine even if run by LE if everyone stuck to that!

[wretched]

This may have been discussed before, but
I find it a bit strange that 19/12/2013 DPR changes his key, then 20/12/2013 news of 3 more arrests of mods and admins of SR (and SR2, but I haven't been around enough to know for sure their status here) seems a coincidence, but just plain strange timing.

[plutopete]

This new key combined with the news about the arrests makes me really paranoid. Paranoid enough to think that maybe LE has seized control of SR2 completely and has issued this new key just to quietly smoke out more people. I hope I'm wrong but TonyTheTiger said that after he was arrested LE showed him a lot of shit from the site which is supposed to be private. I don't know if he's right either but if he is then everything has been compromised. I hope I'm wrong about all this. 

Tony the Tiger wasn't arrested, he was quoting a post supposedly made in the vendors roundtable and subsequently deleted. That post made reference to LE knowing about a dispute and this indicates the info is from SR1 as the resolution centre isn't yet working on SR2.

This is NOT true! TonyThe Tiger posted it himself over on BMR-Forum:

------------------------------------------------------------------------------------------------------------------------
TonyTheTiger Today 00:03 (edited by TonyTheTiger Today 00:06)

    Sr. Member
    Offline

Guys I was arrested yesterday and out on bond now. But something is fucked! I know I’m risking more warning you guys and my attorney doesn’t even want me on the internet but you guys need to know this. When I was in the interview room they showed me all sorts of shit that they should not know or have access to including conversations I’ve had with buyers and even [the Silk Road 2.0 administrator known as the Dread Pirate Roberts]. I don’t fucking understand.. and when I was in there I was at a loss for words. Something is definitely wrong and they have the ability to see things on here only mods or admins should like [bitcoin] transfers and a dispute I had
---------------------------------------------------------------------------------------------------------------
Thread:
http://fec33nz6mhzd54zj.??/viewtopic.php?id=17421
Holy shit................
pathfinder13

It was a quote from a post on TM, Tony the Tiger just posted it on BMR forums without explaining that it was something he'd found elsewhere

[Drugs]

And i'm sorry but where have the insertions come from [in the square brackets]

[lightshinesthrough]

And i'm sorry but where have the insertions come from [in the square brackets]

From the Tiger's imagination is my guess... he is something of a troll over there.

Earlier when that post was made by someone there was no mention of SR2...  I guess the trolls are ready now to release their balls of fire .

As far as I can put together what's been out so far, this is all about the investigation of SR1. Unfortunately some SR1 mods were also mods here, so there's a spill over... Hopefully it truly is so that nothing is compromised now with SR2.

And to the person wondering about DPR changing key. My guess is that he already sensed something alarming on 19th. Even if some were officially booked by police on 20th, it doesn't mean that they couldn't have been taking in already on 19th.
And in case your fear is that DPR is somehow compromised, believe me LE would not change his key, they would just continue to use it if in power of it. The change was signed by DPR. . .
Or arrests/key could be crazy coincidence, but I believe it's more likely that there is connection to these things ...

[Baraka]

+1

Thanks for clarifying. That wasn't made clear when I saw it posted.

This new key combined with the news about the arrests makes me really paranoid. Paranoid enough to think that maybe LE has seized control of SR2 completely and has issued this new key just to quietly smoke out more people. I hope I'm wrong but TonyTheTiger said that after he was arrested LE showed him a lot of shit from the site which is supposed to be private. I don't know if he's right either but if he is then everything has been compromised. I hope I'm wrong about all this. 

Tony the Tiger wasn't arrested, he was quoting a post supposedly made in the vendors roundtable and subsequently deleted. That post made reference to LE knowing about a dispute and this indicates the info is from SR1 as the resolution centre isn't yet working on SR2.

[Cornelius23]

I can confirm that DPR is indeed the same DPR, and has been verified using several alternate methods which staff keeps private for obvious reasons.

And who are you?

The other administrator:

Defcon is an administrator here and does not work in any public roles, he/she is one of the staff on Silk Road you generally do not see as all their work is directly with me and other staff only.

[SunshineDaydream]

+1 Defcon for quietly helping to keep the ship afloat.

[Liveincontainer]

Just a thought about the replacement of the key.
I seem to remember to have read that some of the statements made by DPR1 on SR1 was not always made by him personally, but by other staff members who would also post statements in his name/on his behalf.
Maybe this was also the case for DPR2 - where several of his closest staff shared the DPR2 PGP key to sign messages and/or decode messages. And since some of these members now are arrested/on the run, this key was now potentially compromised and had to be replaced.

But what do I know.

LiC

"Leave no customer behind"

   

[zazu]

Bullshit on both counts. There is no evidence that Tor is compromised. If I'm wrong then show me.

LE making arrests at will?? Use your head. SR had hundreds of thousands of buyers and countless sellers. Yet how many busts in total have the feds made so far? 12 maybe? It's still a really low number. Watch your ass for sure but don't give LE credit that they don't deserve. Fuck em.

I remember Astor saying Tor is compromised as their last message and left, never to be heard from under that nym again.  LE seemingly able to arrest at will.

There are many exploits/vulnerabilities that may force a person using Tor to reveal their identity unknowingly.  With a concerted effort from LE to find the identity of any user on here using Tor, eventually it seems they can and will.  Not a problem with Tor itself but by using Tor there are vulnerabilities that can reveal your identity.  I am using my head.  Obviously LE aren't going to waste their time with every buyer and seller or even a minority of them.  Key figures have been picked off though and there is no denying that.

From the start of this site I questioned why we were using the same mods/ why they were using the same names.  Imo they all went down with the old SR and SR2 is about starting fresh.  Especially considering Ross knew their IRL identities according to the interview he gave about his vetting process.

[Baraka]

There is no indication at all so far that any of the new busts have anything to do with Tor being exploited. They're either due to real life shit leading to their arrests or DPR snitched. For all our sakes I hope it's the former.

[lithonius]

Why did DPR then sign a message the following day after making this post, with a different signature than he pasted here to have us all use with "immediate effect"?

DPR profile (look at 'recent posts'): http://silkroad5v7dywlc.onion/index.php?action=profile;area=showposts;u=1

Message is question, with different signed message than what's been discussed here, posted a day after on December 20th: 
http://silkroad5v7dywlc.onion/index.php?topic=10153.msg185256#msg185256

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Silk Road has not been compromised even if the allegations are true. Neither had access to sensitive material. I will make an announcement later to address the concerns this has raised.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJStEgqAAoJEMyyOOR8/t+867AP/RpjCq1B3WSYgnscbZU+UZOy
K0AGMM7tmu1DV1pr2S379YjVxQeUWeTbwDYhaYcWkDBDshnlpSd97fwAL1YVrBQx
jWE08tyo1sd1v5F/HajCx0DC2L5NeqD4UTDd6Dl2AOeBI4pZ+Ah/Q4VoB9cOBQGw
lSbjBY2U4redqBeRd1mFR8N+f3XmxYXzmB4Mf8ddvQkl62HmkwRwA27uUExt73uj
f3/EYVc/XjPgKG345S8yUwcGxLQcfoRM7UosbSGeEaDvvWjfZ6qQw4p7CbqIimHu
IOT6dhFcPmoVdiZGDvjtM3jXfF2sTi5mclGp/4axsrvOWZlCbrobE9EuJnGvscU4
ekU90vtcviES9XEJAr9XGOGgzY/OBf1xpj0iRY7rBDHUqA/FjfSULxqanZYhh0Wn
webHldrjylBRKM0PsnQdPn1CVGj8ThwB6SLfd0WEN1FEQt0hXP3uK1zDOri/fIcJ
Pnvf3jxYNcw9Q+2OW6QpZ/7t+S2E0yiifbNCobAMI18mrynuw3pk/xumg6t2WF/j
YHRpbTfFCCsbiPwR8P9CcUNQ5Iqcc2ewq4GOPx053aL/Vo/nfPdu/9hrRpfF3U5E
J7rFvAStaejxH7/vNxZRrTTiwrrc6njsFJHXWVAJjd+fHLI1efptbc8Kzwms9Yl0
0nzLjAJPFZOv6y7gP8tG
=lDZd
-----END PGP SIGNATURE-----

[pathfinder13]

Why did DPR then sign a message the following day after making this post, with a different signature than he pasted here to have us all use with "immediate effect"?

DPR profile (look at 'recent posts'): http://silkroad5v7dywlc.onion/index.php?action=profile;area=showposts;u=1

Message is question, with different signed message than what's been discussed here, posted a day after on December 20th: 
http://silkroad5v7dywlc.onion/index.php?topic=10153.msg185256#msg185256

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Silk Road has not been compromised even if the allegations are true. Neither had access to sensitive material. I will make an announcement later to address the concerns this has raised.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJStEgqAAoJEMyyOOR8/t+867AP/RpjCq1B3WSYgnscbZU+UZOy
K0AGMM7tmu1DV1pr2S379YjVxQeUWeTbwDYhaYcWkDBDshnlpSd97fwAL1YVrBQx
jWE08tyo1sd1v5F/HajCx0DC2L5NeqD4UTDd6Dl2AOeBI4pZ+Ah/Q4VoB9cOBQGw
lSbjBY2U4redqBeRd1mFR8N+f3XmxYXzmB4Mf8ddvQkl62HmkwRwA27uUExt73uj
f3/EYVc/XjPgKG345S8yUwcGxLQcfoRM7UosbSGeEaDvvWjfZ6qQw4p7CbqIimHu
IOT6dhFcPmoVdiZGDvjtM3jXfF2sTi5mclGp/4axsrvOWZlCbrobE9EuJnGvscU4
ekU90vtcviES9XEJAr9XGOGgzY/OBf1xpj0iRY7rBDHUqA/FjfSULxqanZYhh0Wn
webHldrjylBRKM0PsnQdPn1CVGj8ThwB6SLfd0WEN1FEQt0hXP3uK1zDOri/fIcJ
Pnvf3jxYNcw9Q+2OW6QpZ/7t+S2E0yiifbNCobAMI18mrynuw3pk/xumg6t2WF/j
YHRpbTfFCCsbiPwR8P9CcUNQ5Iqcc2ewq4GOPx053aL/Vo/nfPdu/9hrRpfF3U5E
J7rFvAStaejxH7/vNxZRrTTiwrrc6njsFJHXWVAJjd+fHLI1efptbc8Kzwms9Yl0
0nzLjAJPFZOv6y7gP8tG
=lDZd
-----END PGP SIGNATURE-----

If I --verify this msg it tells me it's the correct sig of DPR'S new generated Key.
What do you mean?

pathfinder13

[lithonius]

Why did DPR then sign a message the following day after making this post, with a different signature than he pasted here to have us all use with "immediate effect"?

DPR profile (look at 'recent posts'): http://silkroad5v7dywlc.onion/index.php?action=profile;area=showposts;u=1

Message is question, with different signed message than what's been discussed here, posted a day after on December 20th: 
http://silkroad5v7dywlc.onion/index.php?topic=10153.msg185256#msg185256

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Silk Road has not been compromised even if the allegations are true. Neither had access to sensitive material. I will make an announcement later to address the concerns this has raised.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJStEgqAAoJEMyyOOR8/t+867AP/RpjCq1B3WSYgnscbZU+UZOy
K0AGMM7tmu1DV1pr2S379YjVxQeUWeTbwDYhaYcWkDBDshnlpSd97fwAL1YVrBQx
jWE08tyo1sd1v5F/HajCx0DC2L5NeqD4UTDd6Dl2AOeBI4pZ+Ah/Q4VoB9cOBQGw
lSbjBY2U4redqBeRd1mFR8N+f3XmxYXzmB4Mf8ddvQkl62HmkwRwA27uUExt73uj
f3/EYVc/XjPgKG345S8yUwcGxLQcfoRM7UosbSGeEaDvvWjfZ6qQw4p7CbqIimHu
IOT6dhFcPmoVdiZGDvjtM3jXfF2sTi5mclGp/4axsrvOWZlCbrobE9EuJnGvscU4
ekU90vtcviES9XEJAr9XGOGgzY/OBf1xpj0iRY7rBDHUqA/FjfSULxqanZYhh0Wn
webHldrjylBRKM0PsnQdPn1CVGj8ThwB6SLfd0WEN1FEQt0hXP3uK1zDOri/fIcJ
Pnvf3jxYNcw9Q+2OW6QpZ/7t+S2E0yiifbNCobAMI18mrynuw3pk/xumg6t2WF/j
YHRpbTfFCCsbiPwR8P9CcUNQ5Iqcc2ewq4GOPx053aL/Vo/nfPdu/9hrRpfF3U5E
J7rFvAStaejxH7/vNxZRrTTiwrrc6njsFJHXWVAJjd+fHLI1efptbc8Kzwms9Yl0
0nzLjAJPFZOv6y7gP8tG
=lDZd
-----END PGP SIGNATURE-----

If I --verify this msg it tells me it's the correct sig of DPR'S new generated Key.
What do you mean?

pathfinder13

Thanks for the clarification! That's why I came into this thread and not create a new one, because I was just curious not speculating

[whom]

You change your key when either:
1. You believe your private key may have been compromised, or
2. You have a technical reason (expiration, key size, etc) to do so.

The most logical explanation is that a copy of DPR's private key was probably in the possession of one or more of the individuals arrested.

If that happens to be the case, that would have some interesting side effects:
1. An adversary with the original key could make a NEW, NEW key, signed by the original (but not with the new key that started this thread), claiming to be the One True DPR.    However much you do/don't trust the original key in this thread, the first new, signed key wins all ties.  If the adversary manages to post a new signed key first, sucks to be you.  That's why protecting private keys is important.
2. Obviously, any PGP messages encrypted to DPR's old key would be decryptable by anyone with his private key.
3. An adversary could manufacture DPR-created/signed messages using the old key all day long.

[zazu]

There is no indication at all so far that any of the new busts have anything to do with Tor being exploited. They're either due to real life shit leading to their arrests or DPR snitched. For all our sakes I hope it's the former.

It is possible DPR may be in the process of a plea bargain.  ''Real life shit?''  What does this mean?  You think they all simultaneously made an error to get caught?  These guys should and most likely were taking advanced security precautions.  Ross's mistakes came early on but shows mods may also make mistakes.  However, I think it is highly unlikely all of them did which leads me to believe they were targeted into revealing their real identities whilst using Tor.  With the money and resources LE have I believe they could uncover the identities of quite a few people over time. 

[Baraka]

Edit: I guess all this is moot now. DPR2's account looks to be compromised just as my paranoid mind originally suspected. That means there's a decent chance SR2 is compromised. Tormarket is down as this moment too.

Batten down the hatches people. Because a long storm might be just about to hit.

+1

That's it. Somehow their real life identities or physical locations were compromised. They were tricked by at least one agent just like DPR was. Human intel by building trust with them over time. That's what I call real life shit. Another piece of the puzzle is the SR server image. Over time a lot of juicy messages could have compromised all of them. How many people encrypt every PM? You already know the answer to that.

However, I think it is highly unlikely all of them did which leads me to believe they were targeted into revealing their real identities whilst using Tor.

[zazu]

I think SR2 was flawed from the start and aat least people havn't lost as much money as last time.  SR is dead.  Leave the name for the history books and start over.  The set up of this site was childish, taunting LE and antagonising them with media articles etc.  This DPR seemed young and slightly arrogant.

The mods should have gone down with the last SR.  It seems stupid they would continue to take the risks after SR1 was busted considering Ross knew their IRL identities.  You could call it brave and determined.  I don't trust St Exo and somethnig told me he had a part in SR2.  His affiliation to a vendor offering fake college degrees on SR1 has always worried me.  Additionally his bulk weed business which he stated would be delivered by private couriers rather than RM that never took off.  This St Exo seemed young, immature and a bullshitter.  A bit like Limitless.

However, I then started reading his more recent posts about opsec and he seemed a lot more intelligent and at odds with the above character.  He may have nothing to do with SR2 and I know many people trust and respect him a lot.  We all have our opinions and this just happens to be mine.

His money laundering business then some interview he gave with a reporter in London about this disussing his dad's accountancy background also worried me.  Does this guy really have anything to do with SR 2? I am just curious if other people thought this as I am only going on the aforementioned threads and then seeing him become one of SR's security experts to disappearing when SR2 was starting.  I have nothing against the guy, just confused about what he has written.   

[Richard Nixon]

I think SR2 was flawed from the start and aat least people havn't lost as much money as last time.  SR is dead.  Leave the name for the history books and start over.  The set up of this site was childish, taunting LE and antagonising them with media articles etc.  This DPR seemed young and slightly arrogant.

The mods should have gone down with the last SR.  It seems stupid they would continue to take the risks after SR1 was busted considering Ross knew their IRL identities.  You could call it brave and determined.  I don't trust St Exo and somethnig told me he had a part in SR2.  His affiliation to a vendor offering fake college degrees on SR1 has always worried me.  Additionally his bulk weed business which he stated would be delivered by private couriers rather than RM that never took off.  This St Exo seemed young, immature and a bullshitter.  A bit like Limitless.

However, I then started reading his more recent posts about opsec and he seemed a lot more intelligent and at odds with the above character.  He may have nothing to do with SR2 and I know many people trust and respect him a lot.  We all have our opinions and this just happens to be mine.

His money laundering business then some interview he gave with a reporter in London about this disussing his dad's accountancy background also worried me.  Does this guy really have anything to do with SR 2? I am just curious if other people thought this as I am only going on the aforementioned threads and then seeing him become one of SR's security experts to disappearing when SR2 was starting.  I have nothing against the guy, just confused about what he has written.

I was thinking the same thing.

Either Stexo is stupid for giving that interview, especially if it was the truth.

The Mods from the previous site appear to be young... They could have stayed on because of greed.

Noone should have had to been arrested or on the run from the begginng.

I havent placed a single satoshi on this site because I was hoping if it could make it a whole 6 months then it would be alright...

But by Mods getting arrested and what appears to be DPR on the run, I have lost any faith I had in this being a successful website.

I may be wrong and DPR may not be on the run but simply going over any possible security breaches in regards to the latest arrests... But only time will tell.

[zazu]

There is so much money to be made and this short term profiteering will attract the wrong type of people banking from the Silkroad name.  There are some very good people as well and the fallen mods each brought their own attributes.  There will now be the inevitable scramble to grasp a piece of the pie and divisions of profit.

As a customer I will stick around and place some orders eventually using pgp knowing I will only lose a small amount fo money.  But to vend kilos of mdma to the US from Europe?  I can't see how they would risk so much money in escrow.