Silk Road forums
Discussion => Security => Topic started by: zalaan on July 09, 2012, 02:43 am
-
Hi all,
Am a N00b to SR and I have another question about using PGP encryption of messages sent via Silk Road's messaging system as opposed to just typing them in plain-text and relying on Silk Road's encryption. I've searched previous topics but haven't found an answer / clarification yet...
So when PGPing, I construct the message to be encrypted on my own computer (eg question to seller, or shipping address info etc), PGP encrypt it with the recipients public key, cut+paste the resulting encrypted text block from my computer into the SR message system and hit send.
The recipient then copies the encrypted text block from their Inbox on Silk Road to their computer, decrypts it with their PGP program and private key and then has access to read the message i send them.
This means that even though no plain-text version of the message is sent via SR message system, the unencrypted plain text message is potentially now stored in two places: on both the buyers and sellers computers. Even deleting those files doesn't guarantee removal of the information from their storage device (which could later be undeleted)...
Why is this considered more secure than just sending the message via SR in plaintext, where it is stores in just one place and relying on SR's encryption and automatic deletion of shipping address info when a transaction is completed?
thanks,
Z
-
I am far from being an expert, but I'll try to answer this.
You are correct in how the PGP message system works. Using PGP encryption just adds an extra layer of security to the whole process. As far as I know the plaintext is not stored on either computer, unless the user chooses to save it as such. Even in that case, that file can be deleted in such a way as to guarantee the removal of any practical chance at "undeletion".
-
@AnotherPlebe yep i agree that secure file deletion is possible, but i think it usually requires the user to know to perform it - its not automatic. SR's message system (or at least the part buyers type their shipping info into) is deleted by default (if i understand the buyers guide correctly)...
-
Why is this considered more secure than just sending the message via SR in plaintext, where it is stores in just one place and relying on SR's encryption and automatic deletion of shipping address info when a transaction is completed?
Relying solely on the SR message system means having absolute faith that there is not some (as yet unknown) flaw in the system that can be exploited. Since SR is a closed system there is no way to independently verify that it does what it claims it does.
Using PGP/GPG adds a layer of encryption that has been independently verified over a couple of decades.
The existence plain text, either at the sender's end before encryption or at the recipient's end after decryption, is the biggest risk of including PGP/GPG in the process. That said, the plain text sent through the message system is still displayed at each end and thus exists in some form at some time. It may, for example, be temporarily cached in the Tor browser.
To securely handle the plain text at each end, I recommend at least using an encrypted volume or partition (e.g. TrueCrypt or similar) in which to perform all the encryption and decryption functions. Probably in conjunction with a program like shred to guarantee the deletion of the file.
If both buyer and vendor maintain proper information security protocols for plain text data, whether that be encrypted with GPG or not then your concerns should be minimised. GPG solves one problem and I'm a big advocate for it, but it does not solve all the problems.