Silk Road forums
Discussion => Security => Topic started by: FenderGuitarMan on July 23, 2012, 05:57 pm
-
Hi all, I have a strange problem. I am using gpg (GnuPG/MacGPG2) 2.0.18 on OS X 10.7.4. The way I tend to use PGP is I use my text editor, highlight the text I wish to encrypt, and select "Open PGP: Encrypt Selection". Then I copy the contents into the SR PM system. This works most of the time and I can decrypt messages sent to me the same way. Before I can encrypt using a seller's key I copy their public key to a text file and save it on a secure drive. I then use the GPG Keychain Access program to import the key. Once imported, I can encrypt with it. Well, usually!
The problem is I have come across a seller that doesn't work. I have imported his/her key successfully into the GPG Keychain. I see it in the list of available keys. But when I select text in the editor and select encrypt selection that seller's public key is not in the list. This is happening with just this one seller. All the other keys work fine. The imports and seems to be valid. I haven't yet tried this on the command line. I'd have to do some digging to learn how. I'm a pretty technical guy and comfortable with BASH shell but I am not familiar enough with Open PGP to know how to do this without more research.
I tried searching google and the forums here and have not come across anyone with this exact problem. I'd rather not post the seller's name publicly here but will PM it to anyone who believes they can help.
-
There are a few possibilities:
A: You already have imported the PGP key... That implies the vendor is using the same public key for two different SR accounts, one of which you've already messaged before now.
B: The vendor doesn't have their PGP name/email as something similar to their SR username. I have dozens of contacts who are almost worthless because of that practice, it's a pain in the ass to double check who is who if you don't use your SR username as something similar to your PGP handle/email. It doesn't improve your anonymity and it doesn't help anybody who wants to send you an encrypted message that's for sure.
-
Excellent thoughts Pine. I don't have that many keys imported into my GPG Keychain. On quick inspection, I don't have many that don't have an email that mimics their SR name. I just compared the key to these and it is different text. What's interesting here is that the vendor does show up in the GPG Keychain Access display. I can see their key and export. To double check I copied the public key from their SR profile again and reimported and it said:
count of processed keys: 1
count of unchanged keys: 1
After looking at the keys I've imported I don't think I've imported this same key under another name, but that was a great guess. And it doesn't look like the vendor picked an unfortunate name either since I see the seller right in the list. This is strange. I wish I knew that other people can successfully encrypt using this seller's key before I waste a lot of time debugging. There's a chance I may be using this seller again. I am really uncomfortable with unencrypted or 3rd-party encrypted addresses (as in privnote.com).
Thanks for taking a shot at answering this. Are you really a gorgeous woman? Nothing I like better than a woman who knows how to get geeky!
I think the next step is for me to learn the command line tools
-
Excellent thoughts Pine. I don't have that many keys imported into my GPG Keychain. On quick inspection, I don't have many that don't have an email that mimics their SR name. I just compared the key to these and it is different text. What's interesting here is that the vendor does show up in the GPG Keychain Access display. I can see their key and export. To double check I copied the public key from their SR profile again and reimported and it said:
count of processed keys: 1
count of unchanged keys: 1
After looking at the keys I've imported I don't think I've imported this same key under another name, but that was a great guess. And it doesn't look like the vendor picked an unfortunate name either since I see the seller right in the list. This is strange. I wish I knew that other people can successfully encrypt using this seller's key before I waste a lot of time debugging. There's a chance I may be using this seller again. I am really uncomfortable with unencrypted or 3rd-party encrypted addresses (as in privnote.com).
Then it can surely only be either:
A: A bug in the PGP implementation prompted by this particular public key.
B: A corrupted PGP public key, it imports correctly, but has something wrong with it.
Most likely B, but let's wait for Guru's report first.
Thanks for taking a shot at answering this. Are you really a gorgeous woman? Nothing I like better than a woman who knows how to get geeky!
I think the next step is for me to learn the command line tools
I think I am especially attractive amongst mammals, but my sex will always remain indeterminate since I take my vow of anonymity seriously. To quote our comrades from the Polyfront and OVDB collectives:
The literal definition of anonymity is a state of namelessness. A more technical definition of anonymity is the state of being indistinguishable from a given set size.
-
Perfect. So I am free to fantasize about you being a hot female geek! And thanks for the PGP help. Guru, thank you too.
-
The problem is I have come across a seller that doesn't work. I have imported his/her key successfully into the GPG Keychain. I see it in the list of available keys. But when I select text in the editor and select encrypt selection that seller's public key is not in the list. This is happening with just this one seller. All the other keys work fine. The imports and seems to be valid. I haven't yet tried this on the command line. I'd have to do some digging to learn how. I'm a pretty technical guy and comfortable with BASH shell but I am not familiar enough with Open PGP to know how to do this without more research.
The GPG command line is your friend.
To check if their key is really in your keyring:
gpg -k [keyID|UID]
If it is, save the file you want to encrypt to a text file (ideally in an encrypted volume without a journaling filesystem):
gpg -ea -r their_key_ID -r your_key_ID filename.txt
To do the same, but hide your key as a recipient:
gpg -ea -r their_key_ID -R your_key_ID filename.txt
To do the same, but hide both recipients:
gpg -ea -R their_key_ID -R your_key_ID filename.txt
Then head on over to Pine's PGP Club thread (the link is in her sig) to practice and trawl through it for the recommended reading list. I think I posted the various GPG manual links for command line usage on page 8.
-
LouisCyphre,
Thanks so much. I am going to do what you suggest. You, Pine, and Guru have been a great help on this issue. I really appreciate people taking the time to help a noob.
-
Interesting question Guru. This site has obviously caused me to rethink security practices. I happen to agree that there is little harm in people knowing someone is married or what country. I'd even say that saying something like "west coast" is not particularly damning. I've noticed some users are very eager to share details in feedback from purchases such as "3 days NYC to Wy". This strikes me as a bad practice since it sort of "outs" the seller. I'm still learning things here myself. I over-shared in the forums originally and I'm going back and editing. A very wise user suggested I do this ;)
-
The literal definition of anonymity is a state of namelessness. A more technical definition of anonymity is the state of being indistinguishable from a given set size.
Pine, I would argue that you are perhaps more pseudonymous than anonymous. If you were truly anonymous, you wouldn't use a consistent name or handle like "Pine". I too, take my security very seriously -- that said, I do not consider it a serious security lapse for people to know that I am married, nor what country I live in -- Canada -- assuming that I'm not lying about either.
I would argue that the entire Canadian population is a reasonable-sized anonymity set, wouldn't you?
Guru
Technically yes, but the idea I'm trying to get across is that the larger the set of possible 'pines' the better for my anonymity. I see it as a 'garden of information'. There are hedges to prune and such, it is not really a chore for me. For example; even if I used a new handle per post, it would still be understood from my communications that I must be able to write and speak English, and therefore I automatically belong to a smaller set of the people who use the Tor network than the universal set.
But, I believe giving away any information that is geographically specific or a social identifier is a bad idea in general. This is because in an intersection attack, those kinds of facts can be complied into a list of things which by themselves do not identify me, but all together they may do a fairly good job of it. i.e. intelligence rather than a direct giveaway. In fact, all of detective work is fundamentally based on the fundamental principal of counting when you get right down to it. The way to trip it up is to lay countless artful red herrings, which is why almost everybody here is doing just that in some form or other, intentionally or no. Some go further and adopt entire identities from publicly available information on sites like facebook to put down a false trail, and there's a kaleidoscope of clever technical tricks to give similar impressions of which I've no doubt you're aware. And of course, I may be utilizing styleometric software to disguise the unique fingerprint of my posts with a false one.
Naturally, there is a certain limit to this work/logic. Like I said, I write English, and not everybody using Tor does. The advantages of communicating far surpass the disadvantages of giving away certain identifiers like the language you speak. It is important to build reputation in any business community to be respected. But in general, I choose to adopt more generic language, or use words which represent a larger set than the one I intend to be understood with. On a related topic, I sometimes don't use generic language for the same reason, contradictory as that may sound, but often this is a ploy because I'm self taught in so many disciplines that the species of my language is quite honestly a poor guide to who I appear to be in public life.
As for what point such activity becomes useless, it is not known, because one can make mistakes. That is why the caution over a detail such as my sex. Why reduce the universal set by a whopping 50% when I wouldn't get such a magnificent return on any other kind of information being made generic. So there you have it.
To answer your question more directly, I think being hidden in a set of 10 million possible identities is sufficient room for maneuver, but the more the merrier of course. I think I'm one in a million naturally, but not quite so egotistical to imagine I'm 1 in 10 million ;-)
Protip: Don't use the same or similar a password as that which you use on SR or the forums, also on any common web based service like Facebook, Gmail, Hotmail et al. That would catch out many people, what do you think are the odds that certain organizations receive a copy of the password list before they get stored in an encrypted database. Probably it is defacto state policy in many places once a corporation reaches a certain significance to install 'audit' software for 'Data Protection' or 'Consumer Protection' or what have you. I mean, that's what I would do. So I don't.
P.S. I'm afraid that it is useless to edit information from these forums FGM, because LEO almost certainly page scrap every single instance of change that occurs on here. Once the information is out, it is permanently out there, that is why you follow the 'Pine Paradigm' you read above.
Paranoid (but content) Pine
-
LouisCyphre,
Thanks so much. I am going to do what you suggest. You, Pine, and Guru have been a great help on this issue. I really appreciate people taking the time to help a noob.
You're welcome. :)
A lot of people (conveniently) forget that we were all newbies at some point. There's nothing wrong with that if someone's willing to learn.
-
Protip: Don't use the same or similar a password as that which you use on SR or the forums, also on any common web based service like Facebook, Gmail, Hotmail et al. That would catch out many people, what do you think are the odds that certain organizations receive a copy of the password list before they get stored in an encrypted database. Probably it is defacto state policy in many places once a corporation reaches a certain significance to install 'audit' software for 'Data Protection' or 'Consumer Protection' or what have you. I mean, that's what I would do. So I don't.
Über-protip: Use a decent password manager like KeePass (Windows) or KeePassX (Linux and OS X) to generate complex random passwords and store them for you in an encrypted format.
-
Protip: Don't use the same or similar a password as that which you use on SR or the forums, also on any common web based service like Facebook, Gmail, Hotmail et al. That would catch out many people, what do you think are the odds that certain organizations receive a copy of the password list before they get stored in an encrypted database. Probably it is defacto state policy in many places once a corporation reaches a certain significance to install 'audit' software for 'Data Protection' or 'Consumer Protection' or what have you. I mean, that's what I would do. So I don't.
Über-protip: Use a decent password manager like KeePass (Windows) or KeePassX (Linux and OS X) to generate complex random passwords and store them for you in an encrypted format.
Hmmmmm, while I like the idea of doing that, because it is more secure and more convenient, I have always stayed away from such solutions in the past. This is because I didn't want a central point of failure by either an interception or me simply screwing up by losing my password.
But... if you had a OTP for accessing the password manager, then I would be happy, because I could both have multiple encrypted database backups + Über-Security at the point of entry.
Are there such solutions? Seems to me to be an obvious positive development, but a precursory look around yields nothing.
-
Protip: Don't use the same or similar a password as that which you use on SR or the forums, also on any common web based service like Facebook, Gmail, Hotmail et al. That would catch out many people, what do you think are the odds that certain organizations receive a copy of the password list before they get stored in an encrypted database. Probably it is defacto state policy in many places once a corporation reaches a certain significance to install 'audit' software for 'Data Protection' or 'Consumer Protection' or what have you. I mean, that's what I would do. So I don't.
Über-protip: Use a decent password manager like KeePass (Windows) or KeePassX (Linux and OS X) to generate complex random passwords and store them for you in an encrypted format.
Hmmmmm, while I like the idea of doing that, because it is more secure and more convenient, I have always stayed away from such solutions in the past. This is because I didn't want a central point of failure by either an interception or me simply screwing up by losing my password.
But... if you had a OTP for accessing the password manager, then I would be happy, because I could both have multiple encrypted database backups + Über-Security at the point of entry.
Are there such solutions? Seems to me to be an obvious positive development, but a precursory look around yields nothing.
KeePassX uses a passphrase like GPG to encrypt the files. You can export backups as text and XML (which you should then encrypt with your GPG key before backing up). You can also keep multiple databases for it, which means you can segment your passphrases (e.g. one for SR stuff) and then keep that database in a TrueCrypt volume to keep it away from regular usage.
Every single program I use with SR I also use for "legitimate" purposes. I've also used them for longer than I've been interested in (or even heard of) SR.
-
I understand your concerns about a central point of failure -- I would propose that, if you're going to put all your eggs in one basket, that you make it the best basket available. So, I'd recommend something like Keepass/Keepassx or Figaro's Password Manager to store your passwords. Protect these with a 10-12 word Diceware passphrase. It might take you a week or two to memorize it, but such a passphrase would yield 129-155 bits of entropy.
I've clearly been doing this for too long because I can come up with passphrases with larger entropy sizes than that off the top of my head. That said, Diceware is a very good idea to recommend to others.