Silk Road forums

I feel like the LE crack down on SR and BTC has already begun in the UK.  It's getting increasingly difficult to get coins from the previously reliable websites (e.g. Intersango, Mt.Gox).  The UK banks which these companies use are freezing their accounts so they can't accept GBP deposits.

Very annoying and causing a lot of people problems.  I think this is the most likely way the SR will come under attack....  via the 'establishment' aka 'financial institutions.'  It's clear that big banks don't like BTC as it's free market private currency which THEY don't control.   I expect these kinds of attack to become frequent as they attempt to stifle the currency we use.   If we can't get coins, we can't use SR.  Simple as.

Anyway, as this thread has an Aussie theme, can anyone on here recommend a reliable source for BTC in Australia, that accepts Aussie bank deposits?   Please PM me if you don't want to post it.  Would appreciate the help.

Cheers
PTF

Online illegal marketplaces have existed for over a decade and they have never shut down all the secure ways of anonymously transferring funds and I doubt they ever will.

Quote from: kmfkewm on September 25, 2012, 07:30 pm

Pecunix is pretty damn secure if you use it correctly.

Perhaps, but then when you consider that the operators of TFM used Hushmail..... Their security setup was a disaster -- I've even seen postings made by people who claimed to know them IRL, and they stated these guys were warned repeatedly that what they were doing wasn't safe, yet they continued to ignore this advice and just merrilly carried on, doing business as usual.

Guru

I don't know them IRL but I did warn them repeatedly that what they were doing wasn't safe. But Pecunix is pretty much like having a numbered bank account. You just need to get an ATM card to cash it out and it is very secure. Some of the biggest vendors in the history of the online scene have used it and none of them have been busted via Pecunix being pwnt, and none have had funds frozen either. You just need to know how to properly take it and cash it out.

Quote from: kmfkewm on September 25, 2012, 08:34 pm

Quote from: apples on September 25, 2012, 08:26 pm

Quote from: Limetless on September 25, 2012, 08:17 pm

Quote from: apples on September 25, 2012, 08:02 pm

so uh why is this all serious business. i think the matter at hand more is why is this dude so fucking lame.

+1, this is basically the point I was trying to address. There was an update on it earlier and they released these pics of him holding hands with her through an airport lol. He was in his work clothes and she was in her school uniform...epic fucking fail. 

hahahahahahaha crime of the fucking century.

kmf stop getting mad because you are an ephebophile. nobody cares

I am not really mad I just think it is so strange that people want to cut someones dick off for fucking someone who is a few months away from the age of consent. Also ephebophilia is largely bullshit as it is attraction to people ages ~15-17 which can not be differentiated from 17+ in many cases (which is what teliophile is, preference for 17+ not 18+ for what it is worth). If you define it as a preference for 15-17 then I would not actually consider myself an ephebophile as I am also attracted to people who are 17+ and do not have an exclusive preference for 17 and under.

u mad
if you weren't there wouldn't be walls of text just like babbling about jailbait vagina and why it's okay or whatever.

Well to be fair they are all in response to walls of text babbling about jailbait vagina and why it is not okay, so maybe everyone else is mad?

Quote from: Limetless on September 25, 2012, 08:17 pm

Quote from: apples on September 25, 2012, 08:02 pm

so uh why is this all serious business. i think the matter at hand more is why is this dude so fucking lame.

+1, this is basically the point I was trying to address. There was an update on it earlier and they released these pics of him holding hands with her through an airport lol. He was in his work clothes and she was in her school uniform...epic fucking fail. 

hahahahahahaha crime of the fucking century.

kmf stop getting mad because you are an ephebophile. nobody cares

I am not really mad I just think it is so strange that people want to cut someones dick off for fucking someone who is a few months away from the age of consent. Also ephebophilia is largely bullshit as it is attraction to people ages ~15-17 which can not be differentiated from 17+ in many cases (which is what teliophile is, preference for 17+ not 18+ for what it is worth). If you define it as a preference for 15-17 then I would not actually consider myself an ephebophile as I am also attracted to people who are 17+ and do not have an exclusive preference for 17 and under.

The mirror doesn't know the difference between the deep web and the dark nets. The deep web consists of all the sites not indexed by search engines like Google. The extremely vast majority of it is not illegal, and boring as fuck. The darknet consists of networks like Tor I2P and Freenet. It is not 100-200 times bigger than the rest of the internet.

Its a crazy world.
I think in a few years its gonna be normal nobody gives a shit anymore then.
They need to cut of his d!@$ and give him life if they find him.
What would u do if it was your own daughter that run away to another country wit a man thats twice here age.
That reminds me of a movie forgot the title about 2friends that go to france and get kiddnapped and one of them
called her father when the kidnapers where in the house and he spoke with them.
Damn good movie anyone knows the title?
Wanna see this movie again..

Do you realize that this girl is a few months away from being completely legal? Do you realize that she is legal in a shit ton of first world countries through out Europe? A couple of years ago she was over a year older than the age of consent in Canada. Wanting to cut someones dick off for fucking her is insanity. I question your mental stability more than that of the man she ran off with. You have been brainwashed by the government. Your attraction to girls who are a certain arbitrarily selected age is almost entirely a socially programmed illusion, biologically you are wired to be attracted to post-pubescent potential mates. You barely need to go back in history at all before it was common and socially acceptable to take wives younger than this girl. Your opinions are entirely a construct of the social environment you have been raised in, they contradict your very biology and indeed are at odds with almost all of history and much of the worlds present beliefs.

Am I the only one who prefers women to girls here? Kmf I gotta say bud it's pretty weird you post in every single thread about stuff like this. Sure you can argue women *can* be fully physically developed by 15, but why? I think it's more so the man is double her age and her teacher that's a bit off-putting for me, but nothing crazy.

Pine, Lim.. FIGHT!!

It is highly doubtful that you can even differentiate between 15 year olds and 18 year olds based on physical appearance so if you are physically attracted to women you are physically attracted to 15 year olds. It is simply a fact of life, the average age that full sexual maturity is reached is approximately 14.5 years. I think it is off putting that he is her teacher as well. I don't judge people who are 36 with 18 year old girlfriends and 15 and 30 is not a big deal either. What is so off putting about it? He didn't force her to do anything did he? What sort of a naive world have you grown up in where you perceive 15 year olds as being little children still?

I'm not saying this is rubbish, I mean we use this technique to obtain nice big encryption keys and so forth just like you say. What I'm thinking is that the things you are referring to there, like mouse positions, microphone input etc, must be deterministic or at least severely contained in nature

They are only deterministic if human behavior is deterministic.

fjf3ef349gf349fjierjferr89dthu5futh54ht4u5gtfrhiu9th8u54htf8u9h544f4utjdewijtriutjeruithd8h84ht87f5r4hy8wthldwhkeriutrthf8888487yt4ewf0ewuf984u8934uf8u8uewifjewqiofjewjfwjfewifh8uewygf847gyreugiehrijzxvbxmbvdhsbubiewrgyh4ryghyuerhgeriugheurhgudsih3g223727832ry7y73yreurhiuwfhiuewhfuiehfhdsdsjnckcdfv;few;ewf]wefe]w]few[f]w\\ewff32u0u89u89u89````9hfewfhewfh89h893hfew9fhewiufhewuhf994rhhegrheiugherugherggkerkrkegirigkriegkiergkiergkrgjiuerhkfduehtwiufth9e47ty43yt745yt4873ty875y87ty54yt75yt754yt48y4t8y8t7y4t758ty57tytrjhgteriugher

do you think an intelligent adversary could guess that I would press those keys on the keyboard? Even assuming that this only contains twenty bits of randomness, which is a very conservative estimate, 96f294735d4ee78d9327680498947e717166da6b03c1c48ff14ddc3d39b54468 would also contain 20 bits of randomness (in fact it probably contains 256 bits of randomness). However perhaps using this source of randomness would remove information theoretic security, I am not certain if the security would then fall to the hashing algorithm which has not been proven as information theoretic. I think I would still feel safe using the sha256 sum of the output produced by my random pounding on the keyboard as a one time pad key. Microphone input can actually be used to generate very secure random numbers, there are some 'true' RNG's which use microphone input to generate 'very high quality' random numbers, but honestly I would feel safe enough pounding on my keyboard for a five minutes and hashing the output with some secure digest.

and as such are in theory replicable by an intelligent enemy with vast resources e.g. my analogy of building an equation the size of a telephone directory to predict coin flipping. If you are able to determine a small enough frame (as in the right set of information as in the Frame Problem), and you know everything there is to know about X situation, then in theory you could produce a vast equation which perfectly predicts coin flipping and thus build a machine to do that job.  I appreciate that by 'in theory', we could be practically talking light years or something, but still, this is a thought experiment.

An adversary who could guess the random keystrokes I just pressed could just as quickly guess a passphrase which is extremely likely to be much less random than that. So I highly doubt that such an adversary is at all realistic.

The reason why this could be important, is that you never know what mathematical breakthroughs could suddenly break our previous assumptions of "sufficiently random".

If we assume that the output I typed contains a single byte of randomness, and I type something 256 times as large prior to taking the sha256 sum of it, I will be extremely confident that unless sha256 is flawed the digest it outputs will be 256 bits of pure randomness. That is the neat thing about distillation of randomness, you can be extremely conservative. As long as the input contains 256 bits of randomness, the output will be 256 bits of randomness. If you assume that pounding on the keyboard for half an hour produces merely 256 bits of randomness (an extremely conservative estimate), then it is a conservative statement to claim that the resulting sha256 hash is a 256 bit random number. 

Or... (time for conspiracy ohwow.jpg theory) it could simply be a case of a clever side channel attack in the far distant future when there is oddles of computational power to spare.

Side channel attacks generally avoid the requirement for oodles of computational power. Here is a side channel attack.

if password == input
  puts "secret message!"
else
 puts "fail!"
end

that (shitty) example is weak to a side channel attack because == short circuits. If the password is "cats" and the input is "cans" the compare will break on the n to t comparison, but if the input is dog and the password is cats then the compare will break on the d to c comparison. An attacker who can measure the amount of time it takes to puts "fail!" can thus determine how many characters of the password they guessed correctly. That is a cryptographic timing attack. Other side channel attacks include power analysis, noise analysis, etc.

So imagine a "secret chip" on every computer there is. It could work by replicating common algorithms standard software on the market uses to obtain large random numbers (literally all the time), and then storing these 'results' in a huge database on every single computer on the planet. This way every instance of a random number generated with whatever computer based input has been stored. I appreciate this is seriously far out and in fact may not be physically possible, but if you've studied the history of cryptanalysis in World War II, you'll know that governments *did* go to extraordinary extremes with respect to their era, albeit not that particular one. I mean if you told any German officer that the Enigma machine had been cracked years ago, he'd have laughed in your face, and probably continued laughing until the day after too, yet it was accomplished. Definitely easier just to key log and nick your passphrase though, lol.

And this secret chip has infinite storage capacity?

For those reading this thread (because kmfkewm probably has already heard about it), there IS a big controversy at the moment over the Huawai corporation (Chinese state company), because many western security people are saying they are putting surveillance systems onto their hardware. Which is a bitch because most of you will have some kind of Huawai equipment on your machines right now. Thing is... it would seem they have been learning those tricks from American corporations... The Economist had an entire magazine dedicated to this subject, so no, it is not science fiction that a State could go to these lengths.

Yes nations are always paranoid about using hardware from other nations.

The current stock market prices of shares, as in right now this very moment in time, are completely random in nature. This is not deterministic.

Neither is the result of me pounding on my keyboard. Also, the result of me pounding on my keyboard is secret, but the stock market is public, hence my dice example (which I ripped off from xkcd).

All the deterministic inputs become part of the price and so only entropy is left, meaning that stock prices will move at random at any given moment. Because of the profit motive, this is never not going to be true, but it is possible to discover information that turns previous 'random' data into a recognizable pattern (and thus make future prediction possible and consistent), but this is not possible here.

The stock market is public, so even if it is random it is a horrible source of entropy.

For contrast, it is almost certainly the case that the majority of people moving their mice about to increase entropy are doing so in similar ways. The space of possibilities might be very large, but that is not to imply people are using, or that their machines are using (e.g. read/writes to memory) the full search space. This is a passive way to obtain randomness, and it may turn out that in practice this is not a very good way of doing so. Perhaps once a person moves a mouse pointer from A to B, they approximately move it back from B to A or thereabouts. So there is predictability there and thus an opportunity for cryptanalysis (and if you think that's over the top, you haven't met any cryptanalysts, you think pine is paranoid, yeeeessh!).

I have absolutely no worry that the timing movement between my keystrokes + timing between mouse movements + direction of mouse movement + screen capture + key strokes + drive access times will not produce sufficient randomness. Especially since it can all be distilled, as the cryptographic hashing algorithms output contains the total amount of randomness present in all of its inputs (up to its output size) so even if each of the sources of randomness result in a few bits, and even if some produce no randomness at all, in the end it can gather up a huge input of all the different sources and then distill it down to its total randomness. Even if pounding on my keyboard produces only ten bits of randomness, I can just keep doing it and after a conservative amount of keystrokes have been gathered hash the total buffer of input and get my randomness as the cryptographic hash output.

I was thinking you (may) share private keys this way! You need to know the algorithm and send your email (using special software that sends at a very exact prearranged time). Then the other person has the timestamp for when the email was sent (not when it arrived, that wouldn't work), and they can use the algorithm to work out the current OTP decryption key in relation to current stock prices at that timestamp (or else I was imagining it to be like some exotic PGP, one key for encryption, that is useless for decryption, and visa versa, but I'm not sure how that would work across time), use it and read the information. This creates an incredibly tight window for an attack.

Need to know which algorithm? Also the attacker would just record the timestamp and check the stock market price at that time. And they would record the transfer of the algorithm as it takes place in the clear. Essentially you suggest that a OTP be based on the publicly viewable possibly-randomness of the stock market, at a precise moment in time that is sent in plaintext between communicating parties. That idea simply will not work. The randomness for the OTP is publicly viewable making it worthless, and your solution for key exchange is actually not a solution at all and consists of doing a plaintext key transfer.

See, you can do things like sampling the atmosphere and so on, but Alice and Bob aren't going to be able to both do that at the same time and come up with the same key without sharing. Sharing bad!

Didn't you just suggest that Alice and Bob share (via plaintext transfer) a moment to gather entropy from the (publicly viewable) stock market?

Anyway... I haven't worked it all out yet as you can see, this is a stupid child implementation, but if you thought about it for a whole year I bet you'd be able to come up with something close to bulletproof.

I doubt it.

Because people don't randomly type on keyboards when even they are trying, thus allowing cryptanalysis heuristics a break, but more pertinently, pine finds it difficult to leave well enough alone

People don't need to type perfectly randomly, they just need to type randomly enough that the entirety of what they type has enough bits of entropy to fill up the output of the hashing algorithm. Conservative estimates put English at having about one bit of entropy per character. You could be ultra conservative and say every four characters have one bit of entropy. Then just type 1,024 characters worth of "random" English words and hash them together. Chances are high that the resulting output will contain 256 bits of entropy, if you use SHA 256 anyway.