136
Security / Re: The big elephant in the room with PGP
« on: October 15, 2013, 06:19:27 am »Unles StExo (who we know to be very well versed in all things security/PGP) volunteered his communications with DPR to the feds because of some sick fetish to get himself in trouble (SARCASM!).. they definetly had DPR's key or passphrase..
tl;dr - the feds read encrypted messages meant for dpr
There's one other scenario here that hasn't been addressed yet.
Its also possible that StExo encrypted his communications with DPR, and DPR either
1. Stored the unencrypted text somehwere the feds had access to
....or....
2. Replied to StExo, or forwarded the message to someone else in plain text, quoting the original message.
Sounds stupid, I know. But DPR also made other seemingly retarded miscalculations. Its not entirely out of the question
DPR did keep logs of discussions in plain text. I'm not getting into it in major detail here, but to claim that DPR's PGP was compromised is an assumption. Rather unlikely. He absolutely kept conversations and correspondence that were initially fully encrypted both ways in plain text somewhere. Why? Only he can answer that question.
I had several conversations with him.. in which he was pasting parts of his conversations with others and/or discussing matters that I am prepared to bet my kidneys HAD to have been encrypted at some point due to their sensitive nature. And he replicated them in plain, clear text.. in real time, rapidly. Leading me to believe they were stored somewhere in plain-text simply for easy access.
This was not on the market site either. Meaning he was saving things and/or at-least partially leaving certain data unencrypted, somewhere.
To speculate this was cracked or that was hacked and this was key-logged is premature and pointless. Perhaps he was decrypting communications and leaving the clear text, hypothetically, in his Tormail (operating under the assumption that it was safe)? Perhaps he was not encrypting everything. I know for a fact that at times he was extremely cautious to encrypt.. and other times he was very laid back in his approach.
You must all realize that the Dread Pirate Roberts account has not signed into the forums since the night before his arrest. If the authorities had all his passwords and keys, they'd have logged in at some point as him and saved every single tidbit. The fact that "his account" hasn't logged in means there is much that the authorities do not have/he's not giving. The password to his encrypted BTC wallet(s) being another example.
This entire debate of PGP vs no PGP is rather pointless. PGP can and will save you to the extent that the keys/passphrases are not compromised, and to the extent that you are not leaving docs and data decrypted lying around thinking "that day" will never come.
It came.