Silk Road forums
Discussion => Security => Topic started by: squidShepherd on September 11, 2012, 10:31 pm
-
READ THIS BEFORE POSTING (or if you haven't read it yet)
http://dkn255hz262ypmii.onion/index.php?topic=42090.0
(triple click, right click, open link in new tab)
As part of an initiative to clean up the forum, the wiki is going to be updated (or is being updated) to be more comprehensive and helpful, so that we can have fewer stickies.
The Wiki:
http://dkn255hz262ypmii.onion/wiki
In the meantime, here's some organization to the list of stickies that used to be here:
***NEW USERS***
The importance of security can not be overstated! I especially advise learning PGP and learning how Bitcoins work before actually doing anything on SR!
General Security:
The Complete All-in-One Guide on How to Anonymously Use Silk Road
http://dkn255hz262ypmii.onion/index.php?topic=15383.0
The ugly truth about security software
http://dkn255hz262ypmii.onion/index.php?topic=41662.0
Your ISP and the Government: Best Friends Forever
http://dkn255hz262ypmii.onion/index.php?topic=37850.0
Cyphre Security Guides (master post)
http://dkn255hz262ypmii.onion/index.php?topic=38861.0
Scrubbing MetaData from Images in Ubuntu - Security Lesson - V2.0
http://dkn255hz262ypmii.onion/index.php?topic=142.0
Tor:
How governments have tried to block Tor
http://dkn255hz262ypmii.onion/index.php?topic=38213.0
PGP:
GPG (Step-by-Step: Windows Pictorial)
http://dkn255hz262ypmii.onion/index.php?topic=131.0
Are you Paralyzed by PGP? Fear no more! Join PGP Club :)
http://dkn255hz262ypmii.onion/index.php?topic=30938.0
Label your PGP/GPG Keys appropriately, please!
http://dkn255hz262ypmii.onion/index.php?topic=33566.0
Bitcoin:
FBI report on Bitcoin
http://dkn255hz262ypmii.onion/index.php?topic=22279.0
-
help please, I have forgotten my PIN code, answering emails, and new PIN code does not come, what do I do? in a personal message to say please, thank you.
-
help please, I have forgotten my PIN code, answering emails, and new PIN code does not come, what do I do? in a personal message to say please, thank you.
wtf are you posting here for?
-
thanks for this thread im a pgp noob will b back 4 sure
-
Well that asshold drgonzo has just stolen 1000 buck from me. Did his WesterUnion transfer. Five days now no coins. Sugarmama in that time has transfered 5000 USD. So why is DRGONZO with his platnimum record fucking ripping me off??? Can anyone answer me that???? Because im kinda fucking pissed off and im getting no response from DRGONZO. ASSHOLE fell of the face of the as far as i know!!!
-
Ok...
It turns out that DRGonzo was involved in a serious car accident right before my order. Which is why it took a week. And i was getting no response. The coins were delivered to my account!!! I would deffiently send drgonzo cash again and i plan on it.
Dametri
-
thanks for the help, a real noobie with pgp this was so helpful! can't thank you enough!
-
Thanks from me also. I'm a complete noob, and I just sent DrGonzo a message. Got to get BitCoins somehow.
-
How important is it to access MtGox from a different computer?
If I didn't do this, what is the problem? I didn't access it through Tor, but used MtGox on the same computer as the one in which I use Tor.
-
I can't believe I'm the only one with this problem, and yet when I ask the admins at the GPG Tools help desk, I get this dumbfounded answer: "You would never need to do that using our software." All I'm trying to do is export my public key so that I can communicate with vendors on SR (of course, I'm not telling *them* that), but since they can't imagine a world in which keyservers don't run the internet, they say I wouldn't need to produce a text file with a public key, and maybe it'll be in a future update. Really?
I can do most things in encrypted text just fine one-way, but if I have a question that requires an encrypted response, I'm stuck. I find it hard to believe that I'm the only person on a Mac using SR and GPG Tools, so I guess I'm just the only one who hasn't figured this out. Anyone care to share?
-
If I understand what you are trying to do:
If you want vendors to communicate with you encryptedly, encrypt your message to them using THEIR public key (they post it in easy to find places). In the message to them add your public key so they can encrypt messages back to you. You may want to ask them to encrypt the messages they send to you or they may not think it seems important. My feeling so far is that encryption is generally only needed for sending personal info like addresses, account info etc.
NWN
The export function may not be needed. Just copy the entire public key including headers and dashes and then paste it into your message to them.
-
Right. I got that part, how to talk to them. But, for them to talk to me, they need my public key, and using GPGTools, I have no idea how to display my public key. According to the support site, the public and privte keys are generated at the same time, but you don't see the public key on your keyring. And, even though there's an "export key" option, it doesn't work when you try to export your private key (or any subkey). So, when I ask the developers this question, they say that it's not a problem, since my public key is automatically uploaded to keyservers, and future versions may allow me to export an ASCII version of my public key. But, I wanted to run it by folks here, because if anyone's found an end run around the problem, they're here. It's a simple thing.
-
Learning GPG was long. If you haven't worked it out yet...
Open TextEdit, right click, click 'Open PGP: Insert My Key'. You will then be able to choose your key in a drop down menu, and it will appear in TextEdit. You can then copy and paste this into messages to vendors, so they will be able to reply to you.
-
Im one of those people that know half of the shit but not enough, just learn enough to be able to use something rather than understanding how it all works which is stupid.
I can use pgp to encrypt or dycript messages and have no problems except when it comes to save other people's key. I know there is a method, I have it written and just have to read it and follow the instructions and can sort it out but thats as much as I know and can do.
Im not a computer geek, I have avoided learning stuff about it deliberately, so would like to ask anyone in general who could inform me about any of these subjects:
How hard is it for outsiders to crack the code of pgp encrypted messages (e.g. L.E.) is it worthless or does cracking them take serious processing power?
I have an encryption code programme that I rely on to make and open messages, how reliable are they? Do they know everything? Whats to stop L.E. asking or requiring the legitimate company for certain information? How can I feel safe guarded against this potential?
With all the cookies and other stuff that goes on now where everyone is planting little bugs in your software looking for and recording infomation, then all the links between all the different companies that enter your computer from online, plus the ability of people to hack, nothing seems safe from hackers and I think surely L.E. have their own little hackers keeping up the arms race makes me worry Im being left behind, well I am behind and need to catch up so any wisdom from the forum wizards would be appreciated.
-
I can"t figure out how to use gpg and heaven knows i"ve tried. Noone seems to be able to simplify it enough for me.
-
Well that asshold drgonzo has just stolen 1000 buck from me. Did his WesterUnion transfer. Five days now no coins. Sugarmama in that time has transfered 5000 USD. So why is DRGONZO with his platnimum record fucking ripping me off??? Can anyone answer me that???? Because im kinda fucking pissed off and im getting no response from DRGONZO. ASSHOLE fell of the face of the as far as i know!!!
dont spam this thread.
-
Right. I got that part, how to talk to them. But, for them to talk to me, they need my public key, and using GPGTools, I have no idea how to display my public key. According to the support site, the public and privte keys are generated at the same time, but you don't see the public key on your keyring. And, even though there's an "export key" option, it doesn't work when you try to export your private key (or any subkey). So, when I ask the developers this question, they say that it's not a problem, since my public key is automatically uploaded to keyservers, and future versions may allow me to export an ASCII version of my public key. But, I wanted to run it by folks here, because if anyone's found an end run around the problem, they're here. It's a simple thing.
This should be in GPG Keychain Access in most, if not all, versions of GPGTools. From Snow Leopard on GPA is also available which should support exporting keys in ASCII format.
Finally, GPGTools installs GPG version 2.0.x to the system (as /usr/local/bin/gpg2) and it can be invoked on the command line.
-
Im one of those people that know half of the shit but not enough, just learn enough to be able to use something rather than understanding how it all works which is stupid.
I can use pgp to encrypt or dycript messages and have no problems except when it comes to save other people's key. I know there is a method, I have it written and just have to read it and follow the instructions and can sort it out but thats as much as I know and can do.
Im not a computer geek, I have avoided learning stuff about it deliberately, so would like to ask anyone in general who could inform me about any of these subjects:
How hard is it for outsiders to crack the code of pgp encrypted messages (e.g. L.E.) is it worthless or does cracking them take serious processing power?
I have an encryption code programme that I rely on to make and open messages, how reliable are they? Do they know everything? Whats to stop L.E. asking or requiring the legitimate company for certain information? How can I feel safe guarded against this potential?
With all the cookies and other stuff that goes on now where everyone is planting little bugs in your software looking for and recording infomation, then all the links between all the different companies that enter your computer from online, plus the ability of people to hack, nothing seems safe from hackers and I think surely L.E. have their own little hackers keeping up the arms race makes me worry Im being left behind, well I am behind and need to catch up so any wisdom from the forum wizards would be appreciated.
PGP is a collection of cryptographic tools working together that are, to date, uncrackable IF implemented correctly.
Not counting bruteforce (The act of guessing every single possible password, or exhausting the keyspace)
There are no mathematical flaws in the algorythms use that allow a crack without the original key.
If your key is long and obscure enough (A random mixture of letters, numbers, and symbols over 40 characters in length)
The only way LEO can feasibly crack your password is if they catch you and beat the shit out of you with a wrench until you tell them.
The entire sum of all computer processing power on earth is not enough to come close to the computation speed required to exhaust the AES keyspace within the next quadrillion years.
Just use a good password