Silk Road forums

Discussion => Security => Topic started by: wretched on September 01, 2012, 10:45 pm

Title: TorBox qestion
Post by: wretched on September 01, 2012, 10:45 pm
I am thinking about giving Torbox a try, after I had some issues with OpenBSD as my Tor VM. I was able to get it working after some long hours, and honestly I don't remember what all ended up needing to be done to get it working. Now I find myself ready to upgrade my computer once again, and thought I might as well start from scratch (hopefully getting things to work first time out of box) I realize I could just back up my current set up and put it on the new system, but since I don't remember how I fixed the issues all those months ago when I finally got it working, I would like to use something I am more familiar with. That isn't to say that I am able to audit someones implementation, but I am relatively comfortable using Ubuntu (although I personally prefer Debian.

But back to the point, do any of the REAL tech people have an opinion of their out of the box solution for VM isolation (the only opinion I have personally is that I dislike their use of 32 bit OS) and also, would kmf, shannon, or someone similar be willing to work with me to either use their out of box gateway image and a Debian workstation, or help me build my own either by helping with the issues I originally had with openBSD, or building a Debian set up.

Also, I am having a gpg issue that I can't seem to get past, and I feel like a complete noob with something that I feel should be simple, I had this working before I started using multiple VMs (the problem isn't related to the VMs. I cannot seem to get clearsigned messages to use anything but the SHA1 algorithm. I have found and edited what I believe to be the gpgconf file, but nothing seems to change via command line signing or using kleopatra and I am stumped.

 
Title: Re: TorBox qestion
Post by: bluemustache on September 03, 2012, 12:10 am
I've just spent a better part of the day setting up a debian vm with tor and gpg.  If you want I can write up an abbreviated step by step guide.  Setting up two vms sounds like a hassle to me.  So I'm not going to to do it, but if I really wanted to be paranoid, I would do it the torbox way.  However if you're not all that familiar with linux, TorBox sounds like a great solution.

The other option you could consider would be Tails by the torproject.  The disadvantage of that is nothing is persistent. the minute you shutdown everything is reset.  https://tails.boum.org/

Also since you're on SR you could just buy a premade usb/vm.  Just look for Darknet on SR.  It's another debian based distro.  I can't vouche for it, but I'm sure someone on here can.
Title: Re: TorBox qestion
Post by: wretched on September 03, 2012, 12:59 am
thanks for your reply, but I am already using a tor isolated VM with openBSD as the "gateway" and debian as the workstation on a linux host, so that isn't really my issue, I am just getting ready to upgrade again, and when I do I was hoping to avoid some of the issues I had getting my current set up working. and I still can't seem to get the clearsigning issue found/fixed.

my real question is if anyone has done any testing on the Torbox images to make sure they are working as advertised. I do not feel well enough versed in testing to give MY opinion, but there are those here who's opinion I trust.
Title: Re: TorBox qestion
Post by: wretched on September 04, 2012, 10:53 pm
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


The SHA1 hash signature is what is pissing me off. I have edited gpg.conf as per documentation, but the shit just stays the same. I didn't have the same problem on Ubuntu, I just like Debian more ATM, but this signature BS is disheartening.

wretched
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJQRobhAAoJEM7h78Bui7gKJyAP/A4eQwHW7lJCf00f7hn//uzm
qmqZ8TsQpyMOHPqhUQCxsAExbE4ob/3rOSofsSPrxGY7GtZMy1iBjBrkCsmOQxLX
llUUPIXYcqZ6Bp1psk/9BIiGcOGQEC9A7UaYc9jclB7hb3BRO07G+6b26dNDr2fc
tFgm4ErTAK6BpvNE0eXZfUbD5vQHUfDlLclwmbgrSR2ut5oSSQ7SS/2pK4Ep2lgb
VZ5+QunDo2R7xom2cB68n4sk2AOlH9XPooO13ot6XxDLeo0tEKEBGbf1nIZ/EPhf
50VubKlpDj9O/l6GDMghqi5S1VwSgy29N35lRhLINzwqVx4GeWSRO+N01/Xmkmqv
u2X/Ckf4XwOyo1IkfIPjrkewgmQ5rPz41ppC6heE8ylcxtYffpwCxTAjwxFxYkp2
rkkhziXXa4mGVVunXjnNmekiaGSMz2xVwPV4Uv2dL8sUS1506s/ybye1S9mTQZEz
TpErLDI1Ayexckv/o6AHtib6av5dvLRVw/jMfaZr3FH0V8npfUmODLkdN0S38n/3
5KvxU87lj/9P3VUGeRniXvH7GLDmoap3L+BZ+b+tVHMfmXyzypYj3VHOt8x1mZ8J
rTgy9ZPdX2r54brRrgTl1SRcmZqaQcm6GwfogCOINWlkD0mb9ZW2M8NUQ+1cjjGC
7gI1oDCI1HDauVZVfc/E
=Wv4i
-----END PGP SIGNATURE-----
Title: Re: TorBox qestion
Post by: LouisCyphre on September 04, 2012, 11:24 pm
The SHA1 hash signature is what is pissing me off. I have edited gpg.conf as per documentation, but the shit just stays the same. I didn't have the same problem on Ubuntu, I just like Debian more ATM, but this signature BS is disheartening.

You need to edit the preferences for the key as well as the gpg.conf.

Code: [Select]
gpg --edit-key 0xCEE1EFC06E8BB80A
Run showpref to see the key's current preferences, to change them use setpref followed by the algorithms in the order you want them and then save.

You can see what all the options are at any time by typing help.
Title: Re: TorBox qestion
Post by: wretched on September 04, 2012, 11:53 pm
I cannot remove SHA1 from the digest, and when I set SHA512 first, I still get messages signed with SHA1