Quote from: Guru on July 20, 2012, 07:10 pmQuote from: zalaan on July 20, 2012, 02:26 pmhttp://silkroadvb5piz3r.onion/silkroad/user/0c4c79df2fLast seen two days ago. Mebbe he's gone on holiday, mebbe he's outta gear and swamped with orders and msgs, mebbe he got busted, mebbe he was a UC scoping out how SR works. Mebbe he was too popular, his transaction count too high, decided to re-brand under a fresh new vendor name and start over... Or mebbe he just finally saw the light and found Jeebers... Mebbe we will never know.... Shame.People better hope he didn't get busted, because to put it mildly, his security was worthless. For starters, he posted his PGP PRIVATE key on his vendor page, something he could have caught with a little proofreading. On top of that, I warned him in a SR message a little over three weeks ago. My message warned him to replace his key because he he had posted the secret key instead of the public key, that this was bad for him, bad for anyone encrypting to him and I recommended switching to GPG instead of using BCPG.This is his response: "ive used random letters as the cypher so it doesnt matter who looks at it as its not words pertaining to me used to create the key"I followed up by sending him a copy of the public version of his key (obviously I've had a copy of his secret key for more than three weeks) and warned him again, this time about the key size. There was no response and he deserves to go to prison for stupidity, just as long as he doesn't take anyone with him.Quote from: Guru on July 20, 2012, 07:10 pmUnfortunately, he's not the only offender on here. There are multiple vendors with equally weak keys, and even others who have posted private keys. It's not only important for vendors to know how to properly use PGP/GPG, the buyers should be equally as informed. I don't expect either vendors or buyers to become crypto experts, but a certain level of competence is necessary. After all, your asses are on the line. Exactly.