Silk Road forums

Discussion => Security => Topic started by: sofish89 on April 25, 2013, 04:17 pm

Title: Is PGP really that important
Post by: sofish89 on April 25, 2013, 04:17 pm
Who are protecting ourselves from if we dont use PGP? Are you scared DPR will see your address?
Title: Re: Is PGP really that important
Post by: kssr on April 25, 2013, 04:47 pm
Let's say law enforcement some how gains access to a vendors account (god forbid) and there's your half a key order of MDMA with address sitting there?

If SilkRoad goes down, wouldn't you feel safer knowing your address is all garbled up in random text rather than sitting in plain view? I know I would.

When SilkRoad goes down there's always some uncertainty. Is it an update? Is it hackers? Is it LE? Peace of mind no matter what... all my shits encrypted :-)
Title: Re: Is PGP really that important
Post by: princeblack49 on April 25, 2013, 04:54 pm
Yes it is or we share the fate of "The Farmers Market" Say no to privnote etc... I hated PGP at first because the learning curve was steep for me but now I am glad I use it. For a while it was speculated that their payment system was to blame (no BTC) but I read on a TOR blog that the feds said it was lack of encrytion with their communication systems when ordering.
Title: Re: Is PGP really that important
Post by: Intraterrestrial on April 25, 2013, 06:19 pm
What's wrong with Privnote then? Surely it's more secure than sending addresses on SR without any pgp?

Title: Re: Is PGP really that important
Post by: kssr on April 25, 2013, 06:35 pm
Some vendors don't trust it because it's an external website, therefore it could be exploited in a way.

There's some vendors who only visit SilkRoad and the forums only, nothing else on their set up.
Title: Re: Is PGP really that important
Post by: pine on April 26, 2013, 01:22 am
PM pine to get your PGP Club racing stripes.

http://dkn255hz262ypmii.onion/index.php?topic=30938.msg347566#msg347566

http://dkn255hz262ypmii.onion/index.php?topic=107219.0
Title: Re: Is PGP really that important
Post by: sofish89 on April 26, 2013, 02:57 am
Thanks pine! I'm gonna check out that link once i get a PGP program.. can someone tell me where i can one, whats the best one out there?
Title: Re: Is PGP really that important
Post by: pine on April 26, 2013, 03:40 am
Thanks pine! I'm gonna check out that link once i get a PGP program.. can someone tell me where i can one, whats the best one out there?

GPG4Win with the GPA installed and GPG4USB are better than most I've seen out there. I should review all the different ones at some point.

I have some advice in the PGP newbies thread, at the end, read that and then make some decisions about your PGP key creation.

http://dkn255hz262ypmii.onion/index.php?topic=107219.msg1054744#msg1054744

http://dkn255hz262ypmii.onion/index.php?topic=107219.msg1054808#msg1054808

Then send me an encrypted message and also give me your PGP public key (in the newbie's thread please).
Title: Re: Is PGP really that important
Post by: boosties on April 26, 2013, 03:48 am
its REALLY REALLY easy to use and pine and everyone else on here is very helpful.
at this point in the game it just seems silly not to use it!
Title: Re: Is PGP really that important
Post by: koonta on April 26, 2013, 03:37 pm
If LE get hold of a vendors account wont they have access to either their own pgp key or the vendors and yours to decipher the communication anyway?

Title: Re: Is PGP really that important
Post by: pine on April 26, 2013, 09:59 pm
If LE get hold of a vendors account wont they have access to either their own pgp key or the vendors and yours to decipher the communication anyway?

No.

That's the beauty of public key cryptography.

Unless they have discovered the vendor's address, and also managed to obtain his private key, they're stuck. Since the vendors are accessing the hidden service over Tor, and cashing out their bitcoins using anonymous methods infiltrating the network is not relevant.
Title: Re: Is PGP really that important
Post by: sofish89 on April 27, 2013, 04:41 am
So if a vendor gets busted and the cops take his computer(that he uses for SR) does that mean they have his private key and can decipher his messages?
is the private key something saved on his computer that LE can find or is it something that is memorized?
Title: Re: Is PGP really that important
Post by: pine on April 27, 2013, 06:04 am
So if a vendor gets busted and the cops take his computer(that he uses for SR) does that mean they have his private key and can decipher his messages?
is the private key something saved on his computer that LE can find or is it something that is memorized?

In that case they require his passphrase to use the private key. But this is why we're on an anonymity network.

If all messages were enciphered with PGP, then LE agents would have to SWAT every single vendor's residence at the exact same time, which sounds uneconomical, but first they'd have to break Tor, and even then they wouldn't intercept a few vendor's locations because some people are using a more diverse set of anonymizing techniques than pure Tor. e.g. See the security sub-forum for details.

It's not that you can't do all this in theory, given vast resources and time, it's just that there's easier ways to cause problems for SR than this, upon which I shall not speculate.