Silk Road forums
Discussion => Security => Topic started by: aceeca on July 13, 2012, 03:16 pm
-
Is it cool to use privnote.com rather than a public key? It's all I've ever used and haven't had any problems yet.
-
Is it cool to use privnote.com rather than a public key? It's all I've ever used and haven't had any problems yet.
There are some threads in the Security section on just how awful privnote.com is. I wouldn't want to bet my liberty on that site.
-
https://www.igolder.com/PGP/encryption/
You can encrypt to sellers without downloading anything. Just use that.
-
https://www.igolder.com/PGP/encryption/
You can encrypt to sellers without downloading anything. Just use that.
I'd be cautious about any external site taking care of the encryption or decryption process for you.
You're much better off in the long run installing and learning the GPG software.
-
Do you think privnote.com in combination with https://www.igolder.com/PGP/encryption/ would be adequately safe?
-
You being in trouble with the law is at stake.
PGP has never been cracked. As I recall MIT even held a worldwide "contest" with a huge money prize if someone could crack a PGP encrypted message and no one ever could.
Who knows if the same can be said about privnote?
I think the answer is obvious.
-
Do you think privnote.com in combination with https://www.igolder.com/PGP/encryption/ would be adequately safe?
Nope. Both sites have the potential to retain plain text of the messages you create and the igolder.com site could also store your private key and passphrase if you create your keypair there or decrypt messages there.
-
pgp is a cryptographic suite, not an algorithm so there's nothing to crack ;)
Heh. Pedant. :)
-
Wouldn't it be safer to use just plain text over SR rather then privnote?
-
The odds of Silk Road being compromised are low, but non-zero.
low?! are you aware of the vuln history of this site? :P
http://dkn255hz262ypmii.onion.to/index.php?topic=3295.0
http://dkn255hz262ypmii.onion.to/index.php?topic=3304.0
http://dkn255hz262ypmii.onion.to/index.php?topic=3445.0
i've been pentesting the site for $ from admin for a while now and imho it's still held together by baling wire and prayers
Those topics are the perfect example of why EVERYONE should be using PGP/GPG!!!!!!!!!!!!
Thank you
-
Those topics are the perfect example of why EVERYONE should be using PGP/GPG!!!!!!!!!!!!
Exactly!
-
When I open a privnote link in the browser I use for SR it comes up blank and deletes the link. It's a cool idea but a horrible implementation with all the scripting involved among other things listed above.
Any orders placed with a privnote link in the address field get cancelled on my end, it's annoying. PGP is easy enough to implement if you're worried about using plain text on SR, please do.
-
But isn't the plain text address deleted after the sale is completed?
Do not get me wrong, I am not saying to not use PGP.
-
But isn't the plain text address deleted after the sale is completed?
Do not get me wrong, I am not saying to not use PGP.
Yes it is, however, if LE or a hacker were to breach the security of a vendor account they would have full access to your address. If you use PGP to encrypt the address then the vendor is the only one that can view it because he has the key.
It is also noted that SR has had several vulnerabilities in the past. Ones that could have conceivably allowed a hacker, white hat or black hat, to access some information.
It is safer all the way around if buyers use pgp.