Quote from: genius on October 30, 2012, 11:39 pmFirst off, apologies if this feature already exists, but I don't see it so thought I'd suggest it. And I think given the nature of the site, it is a basic necessity.In the event that the site ever gets compromised, there needs to be a way for the site to be authenticated to users so that they know whether or not to use it.I suggest encrypting a time-limited message with the site owner's private PGP key.Every week, (or at least month) the message should be replaced with an up to date encrypted message.A link to this time-stamp should be clearly posted on the site homepage, as well as the owner's public key.If the site gets compromised, the attacker wont be able to replace the message since they won't know the private key, and users can easily see that the message is gone or expired.Any notifications of changes to the message system would obviously need to be signed / encrypted with the same key too.Sorry, if I have come across patronizing, I admire what you have done with the site and only want to make it more resilient.Well, that could work, if they didn't get DPR (Dread Pirate Roberts) when they got the server. If they did get him, I'd fully expect him to comply with their demands for all decryption information. Apparently they can do that -- demand you provide your password or they hold you in contempt indefinitely. Pleading the fifth I guess doesn't apply. Don't ask me... just briefly read the story.Still, that's one of the reasons you should encrypt your address and sensitive communications with vendors: so that only the vendor can read it. Which makes whether or not the site has been seized a moot point, IMHO.Oh, I'm not trying to say DPR lacks integrity or anything, by the way; don't take it that way at all. I mean it would be a lovely gesture if he rotted in jail the rest of his life just for us, but I think we can all agree that it would be a pretty silly thing to do and he should comply so he can get back to fighting the good fight before he's old and gray :) (assuming he isn't already, naturally)Come to think of it, I'm not sure the standard verification algorithms still hold up today... I know there were a couple of researchers in 2008 or 2010 who publicized a method of finding collisions in the real-world that allowed them to falsify message signatures. I'm not a mathematician though, so I've totally forgotten the details. But if they could do it with some PS3s, I don't see why the government and their monstrous resources and computing power couldn't do it better.