Quote from: zalaan on July 21, 2012, 02:10 amQuote from: Guru on July 20, 2012, 07:10 pmPeople better hope he didn't get busted, because to put it mildly, his security was worthless. For starters, he posted his PGP PRIVATE key on his vendor page, something he could have caught with a little proofreading. ....Even the strongest encryption is useless if you are:- saving the decrypted content to a file. Deleting that decrypted file alone doesn't remove the information from your storage device. Sure you can use a secure wipe program after deleting, but how many buyers/sellers here guarantee that they do *and actually do it*?For POSIX compliant systems, including Linux and OS X, srm is a good choice (see: http://srm.sourceforge.net/). Not sure what the best choice for Windows is these days, although srm should compile under Cygwin.Quote from: zalaan on July 21, 2012, 02:10 am- using cut+paste of the decrypted info (eg) to paste into Word for windows (or whatever) to print out the address label. The info may get saved in the word processors auto-save file, or its temp file, or the printer spool file, or your operating system's swap file - any number of places you might not know about that a forensics investigator would find...Which is why vendors should always use systems that are installed on encrypted volumes/drives at the bare minimum.Quote from: zalaan on July 21, 2012, 02:10 amThis is a problem for all SR users. While *I* might be doing the right thing, there's no guarantee the *other* party is... :(That's always the risk of dealing with another unknown party.