Silk Road forums

kmfkewn, I have to respectfully disagree with you here.

Somebody who is a native speaker of the English language knows somewhere between 5000 (Joe average) and 12000 words (if you're a very highly educated person). Let's really stretch it and say there are 20000 words, which is about the contents of a pocket size dictionary.

Then, if you choose a password consisting of 3 English words (ex. stonedskittleleprechaun), then there are 20,000 to the power 3 possibilities (8x10^12). To calculate the bits of entropy, you have to take the 2 base logarithm of that number. That gives 42.9 bits of entropy, which isn't even close to the 80 we wanted.

And then I'm stretching it; in reality it's going to be even weaker. When you ask people to choose a random word, they tend to choose nouns (like you chose "reptile"). And if it's a cluster of words, then people tend to put adjectives before the nouns. Both "correct horse battery staple" and "stoned skittle leprechaun" follow this pattern.

A person's vocabulary isn't that big, and the type and order of the words you choose isn't all that random. So In the calculations I used above, I made some pretty optimistic assumptions for the number of possibilities.

However, if you make a password that consists of random characters, then for each character there are roughly 70 possibilities (26 lower case letters, 26 upper case, 10 numbers and 8 special characters). That means that for each random character, you get the 2Log70 = 6.1 bits of entropy.

This means that a password like:
8wF+2Gzb (7 random characters)
contains 42.7 bits of entropy, and which is just as strong as "stonedskittleleprechaun" (if not stronger).

If you have a password of 15 random characters, then you get 91.5 bits of entropy, which is reasonable. TrueCrypt recommends 20 characters, which gives you 122 bits of entropy in my calculations (it may be slightly more because there are more than 8 special characters). Then you are getting in the range of 128 bits of entropy, which is desirable.

For a service like Silk Road, where the amount of login attempts are limited, these things are not a concern. But if you choose a password for an encrypted volume, you need to take it into consideration.


TL;DR:

CoolGrey's golden rule: for a good password, avoid anything that looks like English.

Cool Grey, I can give sources backing my claims, can you give sources backing your claims:

http://unixhelp.ed.ac.uk/CGI/man-cgi?ssh-keygen+1

well actually I just did part of your job for you as this link says this

Good passphrases are 10-30 characters long, are not
     simple sentences or otherwise easily guessable (English prose has only
     1-2 bits of entropy per character, and provides very bad passphrases),
     and contain a mix of upper and lowercase letters, numbers, and non-
     alphanumeric characters.  The passphrase can be changed later by using
     the -p option.

1-2 bits of entropy per character in English prose, although they suggest not using it.

here is another source that estimates the entropy per bit of English (from wikipedia)
https://en.wikipedia.org/wiki/Entropy_%28information_theory%29

The entropy rate of English text is between 1.0 and 1.5 bits per letter,[6] or as low as 0.6 to 1.3 bits per letter, according to estimates by Shannon based on human experiments.[7]

Shannon, Claude E.: Prediction and entropy of printed English, The Bell System Technical Journal, 30:50–64, January 1951.

I believe that english only levels out to ~1 bit of entropy per character after several characters are used. According to this NIST (draft, although I used to have a non draft copy which was nearly the same if I recall correctly) paper on password strength estimation:

csrc.nist.gov/archive/pki-twg/y2003/presentations/twg-03-05.pdf

password length :: bits of entropy +=

1 - 4
2 - 6
3 - 8
4 - 10
5 - 12
6 - 14
7 - 16
8 - 18
10 - 21
12 - 24
14 - 27
16 - 30
18 - 33
20 - 36
30 - 46

1- 10 character passwords consistent with
curves in Fig. 4 of paper
♦ 10 – 20 character passwords assume that
entropy grows at 1.5 bits of entropy per
character
♦ Over 20 character passwords assume that
entropy grows at 1 bit per character

as you can see the first character gives more entropy than subsequent characters. Their estimator only adds += 2 bits of estimated entropy for having a number, += 2 bits for having a capital and += 2 bits for having a special character. So the difference between abc and A*8 is the second is 6 bits stronger, but between abcd and A##9 the difference is still 6 bits. This isn't the best entropy estimation system in the world, but I have compared outputs using this algorithm with outputs from more algorithms I have been told are more accurate, and really the difference between the outputs is minimal. Thus I consider this to be a good entropy ESTIMATOR whereas the other more complex algorithms are actually entropy calculators I suppose.

with this algorithm, the estimated strengths of the passwords:

8wF+2Gzb :: 36.0
stonedskittleleprechaun :: 41.0
So many things to remember and do I will just make up a sentence then reptile7*  :: 101.5

for an FDE or GPG key you will want to have at least 80 bits of entropy in your password, so only the long sentence would be suggested. For a web based password to a site like SR, you don't really need 80 bits of entropy imo. That NIST paper gives various suggestions of when to use which strength of password.

intellectual superiority of any race over another honestly cant be proven. There are too many variables. A black person could counter your opinion and say they're actually smarter considering the late start they had involving education(slavery), which would also be a good argument. People believe Asians are the smartest, one could simply counter saying that in many of their origin countries they take schooling more serious than alot of Americans, which would extend through family values to Asian families in America. Someone could call many racists southerns shallow minded but once again that's due to an environmental variable. At the end of the day unless you have at least 1200 people of each race that have all of the possible variables the EXACT same, we'll never truly know.

Can height superiority of one race over another be proven? I am pretty sure that black people are the tallest of all people. What is different about intelligence that makes it so that it is the one variable trait of  individual humans that is uniformly distributed across all races? It really isn't a far leap from 'not all races average the same height' to 'not all races perform equally well on IQ tests', and indeed science has shown that both of these claims are true and that the root cause of this is primarily although not exclusively genetics.

Apparently blacks do tend to score above whites on working memory tests though, I see someone cited this claim as originating in Nijenhuis et al., 2004  , however I do not feel like downloading and digging through that pdf to verify the claim. I know that blacks tend to score closer to whites on visuospatial tests though, and these are thought to be much less culturally biased than tests of verbal intelligence. IQ tests are generally based on four criteria, short and long term verbal and visual memory. The scores from each of the subtest categories influences the overall giq (general IQ) to various degrees. Some people might not be able to remember a sentence they just heard, others could remember it enough to repeat it forwards (a test of verbal short term memory) and others enough to repeat it backwards (which would likely test visual short term memory as an efficient strategy would be to visualize the sentence mentally and then read it backwards orally). Some people are able to remember larger sentences than others , others are able to remember smaller sentences than others but for longer, etc. The overall performance on tests like this is used to determine the persons general IQ score.

The point I am trying to make is that it is naive as hell to think that genetics could cause a person to be taller or shorter than another, but that it is entirely culturally determined how many digits from a series a person can repeat backwards before they start to make mistakes or forget, or how well a person can find consistent patterns in series of shapes or numbers.

Actually that's not true. You have a choice right now as to who defends you. If you find the agencies of the US government too overbearing you have the option of immigrating to the country with the protection agencies, freedoms,  foreign policies, and tax policies you find most appealing. There are 195 others to choose from. If you don't find any of them uniquely suited for you guess what? That's the free market. There aren't an infinite set of items to choose from in the free market and never were.

First of all, it is not so simple to just pack up and move to a new country. I would love to be in the Czech Republic as they have much laxer laws than the USA does, but that would entail me learning to speak their language and lots of other things. It is not trivial to change your citizenship. In a free libertarian society you do not need to pick any protection agency! Your comparison of this situation to a free market is incorrect, if it were a free market I would opt out of funding the DEA immediately. I would opt out of funding any agency that enforces drug laws! No nations protection agencies have a package that I would spend money on. I am forced to select one thus I am not in a free market where I could select none. And within the nations there is not a free market or even the option to select from various agencies, there is a single monopoly protected by the federal government, and all of us are forced to fund these agencies and receive even "protections" that we do not desire. Your claim that this is equivalent to a free market shows that you haven't the slightest clue what a free market actually is.

You’re not going to get any argument from me nor probably anyone else in these forums about the futility of the war on drugs. But I recognize that there are trade offs in a representative democracy since not everyone is going to agree with me hence my tax dollars aren’t always going to be spent on things I agree with.

Indeed, and wouldn't you rather spend your money only on the things that you agree with? Why would you desire to be forced into funding things that you disagree with? Are you incapable of making choices on your own? The trade off is your freedom for slavery to the collective! When your money is forcibly taken from you and spent on things you disagree with, even on your own oppression, you are not a free person anymore.

You don’t seem to recognize that in your “free world” you’re going to inevitably run into the same issues. There would still exist a state, be it on a much smaller scale like your neighborhood. There would still be public goods in your neighborhood-state, like common defense, where you’ll disagree with your neighbor on how much needs to be spent and what it should be spent on. If he doesn’t agree with your budget idea and “opts out” on principle of voluntaryism what are you going to do? Force him to pay for something he doesn’t want, but will get as a residual benefit anyway because the rest of you will? But then you’d be doing precisely what you decry the government is doing.

My neighbor can spend what he wants to spend and I will spend what I want to spend. I don't care about neighborhood defense, I care about defense of my own life and property. If other neighbors would like to pool resources so that we can afford more comprehensive neighborhood security, than those who pool money will obtain the services paid for. I will not force my neighbor to pay for defense and I will not pay for his.

Within the system, I have no reason not to believe that once a critical mass of the populace comes to recognize the futility of the WoD that the laws will change ... as they did for prohibition. And again, saying your belief you’re being forced to pay for it in contravention of a free market is just not true. You can move to a country that doesn’t spend tax dollars on wars in the Middle East or has decriminalized drug use. That’s the free market.

Indeed and Jews could have moved from Nazi Germany prior to the holocaust so their extermination is to be blamed only on them. They were free! You understanding of what a free market is is extremely incorrect. Guess what, a critical mass of the population didn't give two shits about drug use until the United States federal government pushed out a bunch of propaganda and conditioned them into accepting that the war on drugs was a good thing and drugs were bad. Look at things like reefer madness ,  do you think the people who made that propaganda thought that it was honest truth? No, people who make propaganda at the highest levels understand that it is false and lies. The government lied to the people to justify imprisoning and enslaving millions of its own citizens for the profit of private interests. They have literally sold us into prison industrial slavery, and no our neighbors did not decide to do this on their own, they were conditioned into it by a group of powerful elites who would profit from our slavery. Democracy is a flawed system, the masses are too easily manipulated for it to be meaningful in the slightest. We will what end the war on drugs when people wake up from decades or centuries of propaganda and lies? And this is your victory of democracy?! So then they can move on to the next behavior that will be demonized and prosecuted, and the new masses will be conditioned by the new generation of propaganda and lies?! Slaves are too valuable for them to simply free us all. Government and democracy ensures an endless cycle of slavery with only details of the slaves backgrounds changing.

No one’s disputing the merits of the efficiencies of the private sector in many areas of industry. What makes you look naive is your anarcho-libertarian infatuation that private enterprise is somehow superior and preferable in ALL instances. Private enterprise on its own has never proven effective in providing for public goods. I’m also surprised to see your use of private vs public education as proof of private sector superiority when that canard was debunked six years ago in a landmark study that found no appreciable differences. While raw scores from private schools were higher they proved a mirage after factoring in socio-economic factors like race, gender, and the wealth and education of the parents.

You will need to clarify for me what exactly public good are in your opinion. In my vision all goods are private, so there is no need to provide public goods and thus your dubious claim that private industry can not provide them is entirely irrelevant. I have attended private and public schools in a similar socioeconomic setting, I can say that in my opinion private education is superior. According to this time article they still found that children who attended Catholic private schools performed better, even when those variables were controlled for: http://www.time.com/time/nation/article/0,8599,1670063,00.html

additionally that study looks dubious and political at first glance, although I have not read it.

So those that can’t afford private schooling must be subject to religious indoctrination at a religious school subsidized by religious charities for the sole purpose of indoctrinating kids into their religion who can’t afford an education otherwise? What a fucked up idea.

So those that can't afford private schooling must be subject to statist indoctrination at a public school entirely funded by gun toting IRS agents extorting money from people, for the sole purpose of indoctrinating kids who can't afford an education otherwise into statism and exposing them early to government propaganda (D.A.R.E immediately comes to mind!) ? That sounds like an awful idea!

Well I guess it’s a great idea unless you or your kid had to go to one. Or until religious institutions empowered by  swelling ranks from the impoverished masses decide to overtake your neighborhood-state and force you to go to one.

Religious people already force me to fund the neighborhood public school, so once again in your nightmare 'free market' society nothing has changed except the name Government and the people in charge.

And this is where I get to say, with good justification, that you are “blinded by your idealistic image”.  Just hoping won’t make these alternatives appear out of thin air when there’s far more incentive for them not to.  Just look at history to see how that shit doesn’t work.

Look where you are typing this!! You are telling me this on a privately owned forum that is dedicated to drug traffickers who participate in the privately owned for profit drug trading market named silk road! This is illegal in every nation state on earth and yet we are still here. Look no further than here to see that even when there are overwhelmingly powerful oppressors, the free market will stand and private providers of security and defense will successfully stand up to them! We have our private security agency right here, and indeed we are successfully protected by it from the unjust laws of society. And now I say that we must also have private law, and the law must be that those who have oppressed us will be brought to justice for their crimes against us.

No reason for private security agencies to compete for your business when they can just collude with the others on where to divide up their territorial monopolies, and then FORCE you to use their business. If they can’t agree they’ll go to war over who gets to enslave you. But to think they’re going to get into a nice and orderly “free market” price war to compete for the chance to sell you their protection services? Pfffft ... dude.

And you describe the situation as it is today. Your biggest criticism of libertarian anarchy is that you are afraid it will become what you have today! And yet you cling to what we have today like a frightened child afraid to leave the perceived safety of his mothers embrace.

That only happens now because there’s a government backed legal framework that deters them from forcing their services on you.

There is only a government backed legal framework preventing other criminals from forcing their services onto us because the government is a criminal organization forcing their services onto us and they do not want any competition to their monopoly!

Worst case? Hardly. I find your idealistic blind faith here so over the top for a minute there I thought you were clowning me. In several thousand years of recorded history there has never once been an even temporarily successful libertarian anarchy.  Yet here you are not only saying it’s possible in spite of a total lack of evidence,  but that only in the “worst case scenario” or IOW, the libertarian anarchic dystopian nightmare, things would look no different than what we have now. Seriously dude? I kind of hope you were high when you said.

In the nightmare scenario that you proposed there is no difference to the scenario of today. Your view of the downfall of anarchy is that it decomposes into the government of today, and you see the government of today as good yet what anarchy will in your opinion turn into as bad. You suffer from cognitive dissonance.

What we have now is not mob rule and to suggest that it is is just ludicrous. The essence of mob rule is arbitrary and unchecked force in complete disregard of individual rights. Our form of government, however imperfect, was designed to protect individual liberty from mob rule.

Non-constitutional democracy is synonymous with mob rule and the constitution of the United States and any government will be interpreted away by the government. We do live in a totalitarian state. I am forced to fund government programs. I am forced to fund the government program that has the purpose of locating and arresting me for having caused harm to nobody. This is oppression! I will be sent to a prison, possibly exploited for labor but certainly will fund the paycheck of prison guards and similar slave holders, thus this is SLAVERY. I am EXTORTED to pay for my own OPPRESSION and I am ENSLAVED by my government and thus my government is a totalitarian state. Ostensibly my government is controlled by the mob, and indeed democracy is mob rule, however there are groups of elites who have mastered the art of manipulating the masses. They can influence the mob to such a high degree that the mob is only a proxy for their own control of the state, it masks the true power holders and tames the people who actually believe they have power over their own lives. These elites are the ones who gain the most from our slavery, they are the reason we are enslaved.

So when you say there’s “very little” that prevents government from arbitrarily raising taxes I’m sorry but that’s just ignorant. There are a confluence of democratic forces that prevent a tax hike that starts with WE THE PUBLIC DON’T WANT TO BE FUCKING TAXED MORE. It’s why the highest income tax rates have dropped from a peak of 92% in 1953 (which sounds a lot closer to your “worst case scenario” of “enormous protection fees”) to the 35% it is right now.

35% a financial slave is still a slave. There are degrees of slavery but freedom is only total.

Because a militia is not a military just like a warlord is not a general. There’s a difference between private and public remember?

The only difference you seem to believe exists between private and public is that public things cannot be bad and private things often are.

But with no legal framework backed by the force of government the CEO of a private security agency might as well be a warlord because there are no commercial laws to govern him.

There are other security agencies to govern him. If he violates the rights of other people who are offered security services through other private services, he will find himself dead.

The DEA is not a band of gun waving robbers. They are an agency of government that is controlled by we the people. It continues to exist because the majority condones and sees value in its existence even if you or I do not ... and their ability to coerce is still regulated by our laws. A band of home invading robbers and kidnappers are not controlled by anyone but are instead laws onto themselves.

The DEA is indeed a band of gun waving robbers, kidnappers, murderers and slave traders. They are protected by a criminal government that is controlled by a group of elite slave traders. It exists in the first place because this elite group of slave traders created propaganda and lies for the purposes of convinced the masses to allow for the slavery of certain minority groups. It continues to exist today because total indoctrination takes huge amounts of time to overcome. The DEA is part of the government and in practice the government is a law unto itself, only in your imagination does your idealistic statist utopia actually exist.

You have been totally conditioned to the point that you see the governments behavior through a distortion, but when you remove the title government you see any organized defense as necessarily being what the government already is and without the distortion!

I think you have a fundamental misunderstanding of what our government is and how it works

What a coincidence I think the same exact thing about you!

If we lived in a totalitarian state governed essentially by mob rule I could see your point

We live in a totalitarian state ostensibly governed by mod rule but actually governed by small elite groups who have mastered the art of controlling large mobs.

that a law enforcement agency that kicks in your door and takes your drugs and throws you in jail are nothing more than paramilitary thugs and thieves.

No intellectually honest person can differentiate in any meaningful way between two different people who kick in a door and take drugs and prisoners. If you can differentiate between two such people, something is very wrong with your thought process.

But we don’t. We live in a representative democracy of a constitutional republic and are therefore responsible for governing ourselves. Government behavior (guided by the laws on the books) is a reflection of our values as a society.

Our values as a society are a reflection of government and religious propaganda.

They might be a distortion because as our societal attitudes evolve it takes a while for the laws to catch up. It’s in this respect that I believe the DEA an antiquated agency and it’s just a matter of time before the majority recognizes its uselessness since we come armed with the facts and empirical evidence on our side.
But for you to advocate that when that day does come that DEA should just be lined up and shot is just insane. You sound like a wild eyed Marxist guerilla during the time of Pol Pot who went on to massacre 2.5 million bourgeois because they just HAD to know they were exploiting the landless proletariat through wage slavery and if they didn’t, well they needed to be made an example of anyway so future generations would know that ignorance was no excuse. So explain to me the difference between you and Pol Pot again?

The DEA agents should be treated as any other robbers and kidnappers would be. To think differently is to say that crimes committed in the name of a state are excusable. So explain to me how you are different from a Nazi war criminal?

Most racist shit I've heard all week >.> Intellect is more correlated with socio-economic factors and has nothing to do with color. The melanin content of an individual is nothing more than a DNA switch, biologically "race" isn't real and that is just a construct to differentiate cultures perpetuated by the ignorant.

Intellect clearly has a genetic component to it, race and genetics are also correlated. Nature or nurture ? Certainly both come into play. There are many different types of intelligence as well. On standardized tests of verbal and visuospatial problem solving abilities there are distinctions to be made between the bell curves of different races. On tests of athleticism there are also different race based bell curves. There is really no real argument against racial differences, they clearly exist and are well documented. I personally think people are different yet they are equal. From what I have seen, there is a lot of overlap between the bell curves of various racial groups on IQ tests, I believe Asians have the highest average intelligence, Caucasians  have the second highest average intelligence but have more individual extremely intelligent geniuses than any other race, and black people average somewhat lower but still with large numbers of very smart people (although they have very few extremely intelligent geniuses). This isn't a racist thought, it is the data collected from IQ testing. It is somewhat controversial though, many claim that blacks are at an unfair advantage when it comes to IQ tests because the IQ tests may not be entirely culturally neutral. I believe this cultural bias is especially true for tests of verbal intelligence, and indeed blacks tend to do better on visuospatial tests.

I just make up and remember a random sentence and then a random word and number.

So many things to remember and do I will just make up a sentence then reptile7*

that is a good password.

stonedskittleleprechaun is also a good password though.

A stronger password is harder to remember, but it's well worth the effort.

That isn't actually true, you should read the previously linked XKCD for an explanation of why. I have read several times that English prose contains approximately one bit of entropy per character. That means the passphrase "So many things to remember and do I will just make up a sentence then reptile7*" contains at least 78 bits of entropy. Since it has a number and special character it is probably contains even more entropy. 2^78 isn't the best you can do (likely either 2^128 or 2^256 depending on the encryption algorithm being used), but it is strong enough that it can be considered as secure enough (I think 2^80 is the minimum suggested bit strength for a strong password to have though).

Honestly even 80 bits is a conservative estimate of the bit strength of that passphrase. One passphrase strength estimation algorithm that is regarded as being  accurate starts out with the initial characters adding more bits of estimated entropy to the overall passphrase than subsequent characters do, only leveling out to 1 extra bit per additional character after 20 or so characters. There are also math formulas for determining the amount of entropy in a given amount of data. I can only imagine that the highly mathematical algorithms for entropy estimation are more accurate than even the good password strength estimation algorithms (which may for example compare your passphrase to a dictionary as one of its criteria for strength estimation, a technique that I don't think would be used with the pure mathematical approach). I think somewhere on the XKCD site he describes the method he used to estimate the entropy of the presented passwords though.

I don't think vendor accounts only would make much of a difference. Picture completely new potential vendor that have never entered SR without knowing and checking nothing by himself, just rumors. Would he pay and Register as a Vendor? He would if he already knew the site and entered or ordered before, or maybe had a friend recommendation, but would he do it blind? Also, I guess that is a band-aid solution. I think the team is trying for figure out a core solution, vendor only is like plan "C" or something.

It is like "Plan that is secure and accomplishes the end goal"