Silk Road forums
Discussion => Security => Topic started by: stewpudaso on July 18, 2013, 06:51 pm
-
A really good vendor has been struggling recently. This vendor recently posted that people are having troubles with his pgp key and they should copy and use his new key..... The old key is twice as long as the new key. Does the amount of characters in the key have anything to do with the amount of incryption? If so why would a vendor replace a key with one that is easier to crack? Maybe I am just paranoid but if LE raided a vendors house couldn't they set up a reverse sting operation. But they would have to get a new pgp key. This is propably nothing, should I place my order with the old key? I am too paranoid to use new key.
-
Do not use the old key if there is a new one supplied. That is why they state to use the new key. If you are that worried I would just choose a new vendor.
-
A really good vendor has been struggling recently. This vendor recently posted that people are having troubles with his pgp
key and they should copy and use his new key..... The old key is twice as long as the new key. Does the amount of characters
in the key have anything to do with the amount of incryption?
The size difference can be from signatures, different algorithms, etc.
Look at the key size & algorithms using your openpgp application, a key size of 2048 or greater is fine.
If so why would a vendor replace a key with one that is easier to crack? Maybe I am just paranoid but if LE raided a vendors
house couldn't they set up a reverse sting operation. But they would have to get a new pgp key. This is propably nothing,
should I place my order with the old key? I am too paranoid to use new key.
The vendor should sign his new key with his old key so you can see that he approves the new key. He should then revoke the old key.
Both of those actions show he has the secret key & passphrase for the old key, LE couldn't do that.
JofSpades
-
When I save the new key a message states that the file already exist, does that mean that the vendor signed the new key with the old one and deleted the old one?
-
When I save the new key a message states that the file already exist, does that mean that the vendor signed the new key with the old one and deleted the old one?
What version of PGP/GPG are you using, what front-end, etc?
Based on the warning message you mention above, it sounds like you're trying to overwrite a file containing the old key, with the new key. When you add a key to your PGP/GPG keyring, the new key does not overwrite the old -- your keyring will then contain BOTH old and new keys.
If you like, PM me, and we can figure out what's going on.
Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (MIT clearnet keyserver)
PGP Key: https://keys.indymedia.org/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia https: clearnet keyserver)
PGP Key: http://qtt2yl5jocgrk7nu.onion/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia .onion keyserver)
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090 (Silk Road Forums PGP Key Link)
PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07 B66B AFC8 CE71 D9AF D2F0