Silk Road forums
Discussion => Newbie discussion => Topic started by: Bennett4545 on May 12, 2013, 07:05 pm
-
I'm getting a little worried about a vender I have set a small order with. It is the first time I have used anyone who didn't have dozens of positive feedbacks. This guy specifically asked in the listing to use a real address and name.
I sent him an address to the public PGP key he listed. He replied in a message, encrypted to my public key, and gave me a new public key to use for him. I replied with my address again, but this time to his new key.
I am now thinking that this is sketchy? Some talks of hacked accounts in some of the other sub-forums. I can't tell if he has changed the public key in the listings. At least I did not use my real address.
Any thoughts for this newbie?
-
I'm getting a little worried about a vender I have set a small order with. It is the first time I have used anyone who didn't have dozens of positive feedbacks. This guy specifically asked in the listing to use a real address and name.
I sent him an address to the public PGP key he listed. He replied in a message, encrypted to my public key, and gave me a new public key to use for him. I replied with my address again, but this time to his new key.
I am now thinking that this is sketchy? Some talks of hacked accounts in some of the other sub-forums. I can't tell if he has changed the public key in the listings. At least I did not use my real address.
Any thoughts for this newbie?
I would be wary of that, but if the new PGP key provided is signed with his former public PGP key then there should be nothing to worry about, presuming that the vendor did not give his private PGP key to anybody else. You would need to know his former public PGP key to be able to verify if the new key is signed with it.
It does seem strange that he could not decrypt the message you sent him, so provided a new PGP key for you to use. I would personally have steered clear of this one, though it may turn out that there is nothing wrong at all and the vendor simply didn't take the precaution of backing up their private PGP key and their PGP program somehow became corrupted.
Just to clarify, other accounts were NOT hacked - they were phished. The vendors in those cases went to a phishing site that was set up to target vendors, entered their login details and PIN and lost control of their accounts as a result.
Please note that Silk Road will NEVER ask you for your PIN, no matter what. Also, please always ensure that you are visiting the correct URL:
silkroadvb5piz3r.onion
Libertas