Silk Road forums

Discussion => Security => Topic started by: ByronLegosi on March 14, 2013, 02:43 am

Title: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: ByronLegosi on March 14, 2013, 02:43 am
I'm a software developer and after reading all the people struggling with PGP and people
using iGolder I thought of an idea for a website.

Basically, you would create an account and it would act like gpg4win GPA in that you could create keys, save public keys (with an alias) and encrypt/decrypt online. I'd make it so that everything was encrypted server side, but even if it wasn't I wouldn't save any actual messages so as long as you used a different username
and TOR you'd be safe using it right?

It just means using PGP could be made super easy for beginners (and pros alike). as They could just follow instructions once they created an account. Plus it'd be online so even if they used a different PC they could use their keys to decrypt/encrypt messages and decrypt those with saved public keys.

It would be free of course and ad-free.

Just wanted to get your thoughts?

BL

p.s. my dissertation was on cryptography and secure e-voting. I'm pretty confident on my abilities to keep data private, but as I said, what data here would be harmful?
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: astor on March 14, 2013, 02:58 am
Since you store the private keys, it all boils down to trusting you.

What's to stop you from snooping on people's messages, getting their personal info and blackmailing them?
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: ByronLegosi on March 14, 2013, 03:15 am
Yes I thought of that too, but then there are tonnes of very secure encryption methods so that all the keys etc on the server were encrypted with your login details as the key. STILL this still requires trust that I really am doing that since you don't know the server-side process. Perhaps it's doomed to fail for that very reason.

Ideas to counteract or is that really a show stopper?

I could make the whole thing a browser plugin using local storage only and no server interaction at all.
Still, would be a pain writing the PGP algorithms in JS (unless there are libraries already, I'll have a look).

BL
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: astor on March 14, 2013, 03:20 am
Server side encryption is a showstopper. Most people have learned from the example of Hushmail. Not everyone, of course. You would get some users, but not many.

An open source browser plugin that can be audited and works with locally stored keys is much safer. Why don't you talk to SelfSovereignty about his project, MetaSilk. He is planning on adding PGP support to it and could use some help.

http://dkn255hz262ypmii.onion/index.php?topic=121039.0
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: ByronLegosi on March 14, 2013, 03:27 am
That's a much better idea, cheers Astor, I'll give him a PM and see if he;s interested. No worries if not, just cryptography was an old passion and JS and webapps is a new one lol.

Thanks!
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: Jediknight on March 14, 2013, 04:56 pm
Dude, that is an awesome idea.   I develop websites too and thought the same.  Perhaps, SR should integrate it into their order page . server side.

People shot my idea down.  Saying iGolder site could be LE or something.. yada yada. . I deleted my post.

The iGolder site is a great example.  Its a simple concept and could even be a website script/plug in for Apache.

I say do it.  I'll help promote it.

Igolder works great when you are on another computer with no PGP.  quick solution.  I trust server side encryption more than I trust SR's order page with no encryption or https or anything. 
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: SelfSovereignty on March 14, 2013, 05:15 pm
Igolder works great when you are on another computer with no PGP.  quick solution.  I trust server side encryption more than I trust SR's order page with no encryption or https or anything. 

Pardon me if I sound overly critical or am making assumptions that are unwarranted, but I believe that's because you don't understand how the Tor network is operating.  Silk Road doesn't have to use SSL or TLS, all Tor communication is encrypted end-to-end, with this very important caveat: only in-network traffic is encrypted end-to-end.  If you connect to *anything* outside the Tor network, it is not encrypted at all whatsoever.  That's when you'd need HTTPS.

But SR is a hidden Tor service, which means that connecting to it is end-to-end encrypted.  Including your address.  By using a third-party site to handle encryption, what you've done is add:
1) the exit node, which can snoop
2) the site, which can snoop
3) anybody inbetween, who can snoop

It's literally worse than not using any encryption (when I say "any," I mean of course none on top of Tor, which you need to connect to SR anyway).
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: ByronLegosi on March 14, 2013, 05:25 pm
Cheers mate,

I'm going to look at SelfSovereignty's work and do some more research into a browser plugin
but since part of the attraction is it's portability it would need some server side storage I think
to be of worth. Anyway I'm going to do some more research into it because security really is the absolute key here.

Astor, I appreciate what you're saying but tonnes of people on here use Privnote assuming it's safe and probably as many use iGolder. At least I'd know I could use my own site and that's a start!

SS you're totally right there which is why I'd probably put mine as a hidden service too, leaving the TOR network is a no-go unless you don't use TOR for that particular part (which isn't too much of a problem but not ideal).

More research needed and then we'll see what happens.

Regards,
BL

p.s. this really is only an idea that needs work. We all by virtue of being here have decided to trust SR, there's no reason why people wouldn't start to (and rightly so) trust my service either.
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: SelfSovereignty on March 14, 2013, 05:46 pm
Given that all communication is encrypted by virtue of the Tor network, you almost start wondering why the Hell people are so aggressive about using PGP.  It's so that the operators of the SR site (or LE if they find the server, or some random janitor who wanders in, whatever) can't access the information.

It isn't just the intentions of a person that you're talking about trusting, it's also the skill, knowledge, and caution of that person.  Any clearweb site is easily under LE jurisdiction if it isn't in some non-extradition country.  The US gov't doesn't play nice, either, as I'm sure everybody knows by now: not wanting to cooperate with them isn't enough to keep your users safe.

Personally I won't even communicate about drugs or orders without PGP encryption -- these forums obviously being the exception.  In short, I don't trust SR partly because I don't trust that the server will never fall into anyone else's hands.  Basically the only people I trust are the gpg developers, but only in the same way I trust the manufacturer of my car -- I mean unless I'm going to make the thing myself, I kind of have to put some trust in them, ya know.  But sites already exist that handle encryption if you just don't want to have anything to do with it.  Not sure what you're talking about providing that isn't already out there, to be honest (a browser plugin aside, obviously).
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: astor on March 14, 2013, 06:14 pm
Astor, I appreciate what you're saying but tonnes of people on here use Privnote assuming it's safe and probably as many use iGolder. At least I'd know I could use my own site and that's a start!

I know, and many of the prominent posters in this Security forum, myself included, have argued that they should stop.

I even wrote a super simple tutorial for GPG4USB, which is portable, so you can save and run it from the same place as your browser bundle, *which you already need to have with you.*

Check the link in my signature.
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: ByronLegosi on March 14, 2013, 06:29 pm
I've already used that very link to make my own. (Thanks btw, great idea)
However, I've left it at work twice now (my own fault of course) and would love a way
to just need to remember a username and password to have everything I need to use
my PGP decryption and to save all the public keys I've worked through over the last few weeks alone.

Anyway, I'm thinking more of the browser idea. Your keys may be saved server side but all the enc/dec happens on the browser client alone. That way you can be positive my site never reads any messages.
The only way a private key is useful to someone is if they intercept a message enc with its public key and
if that has happened chances are you're already in the shit as it is.

I'm hearing you though, honestly, I'm just thinking of ways to make this work and as SS pointed out, to make it different enough to be useful.

Regards,
BL



Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: astor on March 14, 2013, 06:41 pm
Anyway, I'm thinking more of the browser idea. Your keys may be saved server side but all the enc/dec happens on the browser client alone. That way you can be positive my site never reads any messages.


If the keys are stored on your server, and the crypto is done with server-supplied JavaScript, the threat always exists that you can decrypt the messages.

Even if the private keys are symmetrically encrypted with the user's password, you supply the key to their browser and it uses the password to decrypt it on the client side, you could change the code later and steal the password (that's what Hushmail did, except with Java). This is the problem with running server-supplied code that is downloaded fresh each time the user visits a site. It can change each time, so it's a security threat every time they use it.

An open source program like GPG4USB can be security audited once, saved on the user's encrypted thumb drive, and the code never changes (as long as they don't update it).

Like I said, you already need to have the portable browser bundle with you to be on Tor. You can save portable GPG4USB in the same place, so it is always available when you need it.

And it's pretty easy to use. Over a hundred people have told me that they didn't understand PGP until they read the tutorial, and there are probably many hundreds more that I don't know about. I have no doubt that even the most technologically illiterate people can learn to use a PGP program, if they're willing to trade a little inconvenience for significantly better security.
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: ByronLegosi on March 14, 2013, 09:16 pm
I think before this debate continues I will have to draw up plans for how it would work and share it.
I devoted 4 years of my life to e-Voting and online cryptography and I would trust my data
on my own server far more than on any physical USB device. but that is matter for debate only when you
can see my point of view / idea for a solution.

The biggest problem, and the one that was the main fault in my dissertation, is that it requires users trust a third party. There is no more trust involved in mine than you all using Gpg4Win say or any other PGP program. The debate is truly academic and honestly I think it's for me to show you that it can be done rather than you to show me why it shouldn't.

I appreciate all of your arguments and there's no need to reiterate them until I try and prove the safety of my application. That's the fair way round I think.

Regards,
BL


Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: astor on March 14, 2013, 09:35 pm
I am very interested in how you solved this problem.
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: ByronLegosi on March 14, 2013, 10:18 pm
I'm off to bed but have a read about the foo-evoting system and some of the critiques. In much the way bitcoins use a network to verify their existence (simplified of course) you use the same idea to verify votes (or in this case you'd change the idea to verify keys) without anyone seeing the actual vote (or key).

An implementation I wrote in Java about 7 years ago (I'm dangerously close to revealing my identity so I'm not comfortable going further) demonstrated that you could reliably confirm the security and anonymity of an entity (we'll use instead of 'vote' or 'key') with only 3 hosts.

All of this can be achieved likewise with JS and AJAX.

I'll go into more detail later. I'm off. I'll PM you more details that might reveal identity without putting it publicly if you don't mind. This however, will be tomorrow.

Regards,
BL
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: kmfkewm on March 15, 2013, 03:20 am

The only way a private key is useful to someone is if they intercept a message enc with its public key and
if that has happened chances are you're already in the shit as it is.


By that logic there is no need to use cryptography at all.
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: onetwothree on March 15, 2013, 06:37 am
There is no more trust involved in mine than you all using Gpg4Win say or any other PGP program.

I think this is inaccurate. G4W and/or any other program can be verified not to have network access.

I am very interested in how you solved this problem.

I echo this with a respectful skepticism. I cannot imagine a mechanism to enable trust in a third party. This is speaking from a perspective of audit, of course; I personally trust the 4 people that I've seen post in this thread, but I wouldn't be able to convince anyone else to for any reason beyond my word.

Because I was frustrated with APG's development which seems to have been abandoned over two years ago, I wrote an Android app to encrypt communications through a tor webservice API between my associates and me. All key generation and encryption is performed client side and the only data the webservice ever receives is public keys and encrypted messages. Although an account only requires a username and a password, I have zero reasons beyond humoring me to convince anyone that sending encrypted messages through my webservice is any better than sending through any other channel, such as gmail, since the data is already encrypted.

In my view, my problem is similar to yours; I cannot provide a good reason to use my messaging service over any other form of communication (because data is already encrypted), and you cannot provide a good reason to use your service over other forms (other than accessibility and ease of use, which is negated because you have control of our sensitive data. YOU may be 100% trustworthy, but if you are hacked...).

Having said all that, I would love to hear your solution.

On an unrelated note, this is one of the reasons I really enjoy the SR community. I may be a third party but although I can't prove it I can 100% guarantee (I feel your pain now Byron) that these kinds of conversations don't ever happen with the clientele of my local vendor! Unfortunately, the people of SR are the exception, not the rule.
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: ByronLegosi on March 15, 2013, 08:45 am

The only way a private key is useful to someone is if they intercept a message enc with its public key and
if that has happened chances are you're already in the shit as it is.


By that logic there is no need to use cryptography at all.

My statement was almost identical to saying "There's no use in knowing someone's password if you didn't know what site it was for". Would you have disagreed with that? My logic is sound I think you may have misread it somewhere.

@onetwothree :
It's a tough problem no doubt, and like always a large part does rely on some level of trust, without it we'd all have unplugged our network cards (or I would lol). However, the solution as I say is to make sure you aren't trusting any one agent with all your data. Splitting the data client-side encrypting (obviously) and sending separate pieces to separate parties is pretty much the only solution you can trust, and even then you'd have to trust all the agents were not in collusion. This is why I said the problem is academic because as yet there is no solution, if there were it could make you very rich.

It's not a quick job though so give me some time and I'll show you my solution. It would be audit-able and all network traffic from any client would be too. So I think you would be able to thoroughly check what was happening and come to ones own conclusion as to it's security.

I'll second your signature in this case but let me actually make my statement first ;-)
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: kmfkewm on March 15, 2013, 05:04 pm

The only way a private key is useful to someone is if they intercept a message enc with its public key and
if that has happened chances are you're already in the shit as it is.


By that logic there is no need to use cryptography at all.

My statement was almost identical to saying "There's no use in knowing someone's password if you didn't know what site it was for". Would you have disagreed with that? My logic is sound I think you may have misread it somewhere.

@onetwothree :
It's a tough problem no doubt, and like always a large part does rely on some level of trust, without it we'd all have unplugged our network cards (or I would lol). However, the solution as I say is to make sure you aren't trusting any one agent with all your data. Splitting the data client-side encrypting (obviously) and sending separate pieces to separate parties is pretty much the only solution you can trust, and even then you'd have to trust all the agents were not in collusion. This is why I said the problem is academic because as yet there is no solution, if there were it could make you very rich.

It's not a quick job though so give me some time and I'll show you my solution. It would be audit-able and all network traffic from any client would be too. So I think you would be able to thoroughly check what was happening and come to ones own conclusion as to it's security.

I'll second your signature in this case but let me actually make my statement first ;-)

I think you might have mis said it somewhere. The entire point of using encryption is to keep you safe in the event of an interception of communications. To say that once the interception has taken place it doesn't matter if the attacker has your private key or not because you are fucked anyway, is essentially the same as saying you might as well not encrypt your communications.

Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: d0z3r on March 15, 2013, 05:46 pm
I would be ore interested in an app that automatically uses pgp to encrypt text messages. Preferably one that would work on both androids and iphones. I have never paid for an app before in my life but would shell out some money for an app like this.
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: SorryMario on March 15, 2013, 11:10 pm

The only way a private key is useful to someone is if they intercept a message enc with its public key and
if that has happened chances are you're already in the shit as it is.


By that logic there is no need to use cryptography at all.

My statement was almost identical to saying "There's no use in knowing someone's password if you didn't know what site it was for".

Really wrong.

Number of possible passwords >> Number of site accounts.

There is a far, far greater number (by many astronomical orders of magnitude) of possible passwords  than there are sites to choose from.
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: ByronLegosi on March 16, 2013, 12:23 am
@kmfkewm & SorryMario

I think you misunderstood what I was saying, it may very well be that I wasn't clear in which case I apologise, but let me try and clear up that statement (which by the way isn't a really helpful critique of my post or idea, though I too am a massive pedant on forums lol):

My point is this:
Having access to a private key is useless. If I had an anonymous PGP Private key but did not know who's it was it would be absolutely meaningless and useless to me, I couldn't do anything, I would have to brute force every PGP message I could find in the blind hope I found one and that is to borrow a term 'an astronomical number'. Remember why I made my point in the first place, the statement is useless out of context. The app would hold a private key against a username, I was saying if that username had no link to your SR account at all, then even if someone were to break into my server and get them all, they would be worthless. My point was, I thought, quite clearly that a malicious party getting hold of a private key would only be a problem if they also knew who's it was and had a message that they KNEW was encrypted with the corresponding public key. The second part therefore was saying, if someone has access to your messages on your SilkRoad account then they must have had access to your silkroad account or the whole silk road server, in which case the security of my server would be relatively unimportant (i.e. you'd have bigger problems).

If you really feel the need for more pedantry and the suggestion that someone with a masters degree in cryptography might not understand the necessity or point to encryption then please feel free to PM me but can we keep this thread to ideas on possibly implementing this app or objections to the idea rather than picking on the semantics of the OP who is very likely using some of the narcotics he stocks and so doesn't triple proof his posts...

Sorry for that last little rant, I'm just slightly surprised at the direction this thread has taken. I don't mean any offense.
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: ByronLegosi on March 16, 2013, 12:35 am
I would be ore interested in an app that automatically uses pgp to encrypt text messages. Preferably one that would work on both androids and iphones. I have never paid for an app before in my life but would shell out some money for an app like this.

If in your phones contacts it saved their public key this would be possible and the app wouldn't be too hard, but you'd need both parties to have the app. Great idea though. I might have a crack and charge for it ;-) Just joking. Great idea but I don't have the time.


Oh and guys, apologies for my above post, I did get a little irritated, sorry for being quite so... well.
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: kmfkewm on March 16, 2013, 01:18 am
Quote
My point is this:
Having access to a private key is useless.

Having access to a private key lets you decrypt all messages encrypted with its corresponding public key. Public key cryptography is rendered useless if the attacker gains access to your private key. I will agree that it doesn't necessarily mean that the attacker can decrypt all of your messages, first they need to obtain the ciphertexts in the first place. But I do mean that it renders it entirely fucking pointless to have used asymmetric crypto in the first place, if your attacker has access to your private key. You are then banking on the attacker not being able to intercept your messages, but in the case that they do intercept your message, you may as well have not even used asymmetric cryptography in the first place. Thus it is stupid to claim that an attacker having your private key is useless, an attacker having your private key renders cryptography entirely useless and changes the problem to one of server security or some such thing, assuming encrypted links , without which the attacker could use a wiretap to spy on the information in transit. You are essentially arguing against using asymmetric cryptography for messages and rather only for links, with the security for messages coming from server hardening. Server hardening is important, but it is not nearly as important as asymmetric cryptography for encryption of stored communications at the rendezvous server, which is cryptographically secure and not something that is compromised on a regular basis, unlike server hardening. Essentially your claim is reduced to saying that people on SR shouldn't use GPG, but rather should hope that DPR is trustworthy and has perfectly hardened the server.

Quote
If I had an anonymous PGP Private key but did not know who's it was it would be absolutely meaningless and useless to me, I couldn't do anything, I would have to brute force every PGP message I could find in the blind hope I found one and that is to borrow a term 'an astronomical number'.

2^128 is an astronomical number. 2^256 is an astronomical number. There are NO WHERE near 2^128 GPG encrypted messages. Also, your system would involve a concentration of ciphertexts at a server, testing every ciphertext on that server with every private key wouldn't take much time at all. Even if the attacker cannot link a private key to a specific person, after they quickly find the messages that the key can decrypt, they will be able to select targets based on the contents of the communications. What you are arguing sounds a lot like security via obscurity actually, rather than security via the cryptographic system (rendered null by the attacker having the private key), you are saying people should rely on security via the obscurity of their ciphertexts. Anyone with a masters degree in cryptography would recognize that this is ludicrous.

Quote
Remember why I made my point in the first place, the statement is useless out of context. The app would hold a private key against a username, I was saying if that username had no link to your SR account at all, then even if someone were to break into my server and get them all, they would be worthless.

Really they would be worthless? Because they cannot test them against each of the ciphertexts on your server until they find the ciphertexts they can decrypt? Actually GPG ciphertexts usually have key ID embedded in them so they don't even need to brute force decrypt the messages they can look for the messages that are encrypted to the key ID that they have by virtue of having the private key. Shouldn't someone with a masters degree in cryptography know this?

Quote
My point was, I thought, quite clearly that a malicious party getting hold of a private key would only be a problem if they also knew who's it was and had a message that they KNEW was encrypted with the corresponding public key.

Pretty easy to tell if a message is encrypted with a corresponding key considering that by default GPG ciphertexts have key ID they are encrypted to embedded in them. I guess your server side implementation of GPG could always use --throw-keyids , but it is still just a matter of brute force decrypting messages. Unless you have 2^128 ciphertexts on your server, that seems like it will not be very good to rely on. Also, are we still assuming that you, the most trustworthy person in the world, are to be the keeper of the private keys? So since it is your server, doesn't that mean you also have access to all the message ciphertexts? Do you really expect us to believe that you cannot brute force ciphertexts until you find the private key that decrypts them? Anyway, how do you even plan to separate the keys from the messages while still managing server side encryption? Also, if an attacker can hack into your server and steal private keys, do you think they cannot hack into your server and steal message ciphertexts? Anyway it sounds like you are still arguing for security via server hardening rather than security via asymmetric cryptography.

Quote
The second part therefore was saying, if someone has access to your messages on your SilkRoad account then they must have had access to your silkroad account or the whole silk road server, in which case the security of my server would be relatively unimportant (i.e. you'd have bigger problems).

So your system doesn't hold ciphertexts, but only encrypts data for transit on other servers, like SR? Well let's see, you advertise your service on SR and it will likely be used by a largely SR audience. Now if LE pwn SR and get ciphertexts, they only need to pwn your server and get private keys and then try them against ciphertexts until they find ones that decrypt into intelligible things. Easy to do, and without 2^128 messages to go through, far easier than trying to directly attack the ciphertexts without the "useless" private keys. The full point of using asymmetric crypto to protect messages on SR is to protect yourself in the event that SR server falls into the hands of the authorities, so the full point of using it is to make it so you DON'T have bigger problems if the server is hacked/pwnt/seized. Once again, it sounds like you argue for security of communications via server hardening and link encryption, rather than end to end asymmetric cryptography. This is widely known as being a far inferior method of trying to protect communications, so it seems strange someone with a masters degree in cryptography would advocate for it.

Quote
If you really feel the need for more pedantry and the suggestion that someone with a masters degree in cryptography might not understand the necessity or point to encryption then please feel free to PM me but can we keep this thread to ideas on possibly implementing this app or objections to the idea rather than picking on the semantics of the OP who is very likely using some of the narcotics he stocks and so doesn't triple proof his posts...

Sorry for that last little rant, I'm just slightly surprised at the direction this thread has taken. I don't mean any offense.

I highly doubt that you have a masters degree in cryptography, or you would not say such stupid shit as it doesn't matter if the attacker has your private key.
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: onetwothree on March 16, 2013, 02:23 am
I would be ore interested in an app that automatically uses pgp to encrypt text messages. Preferably one that would work on both androids and iphones. I have never paid for an app before in my life but would shell out some money for an app like this.

The problem is even the smallest of PGP messages/keys would take several hundred characters which means many text messages. Even if you did send it across many messages, it would probably be difficult to parse what is message and what is noise (i.e. "(3/5)" that some phones add). That is the only reason I had mine store them with a webservice.
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: wraithe on March 16, 2013, 02:54 am
I would be ore interested in an app that automatically uses pgp to encrypt text messages. Preferably one that would work on both androids and iphones. I have never paid for an app before in my life but would shell out some money for an app like this.

agreed lol 
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: astor on March 16, 2013, 03:01 am
OP has made several posts since the one where he said he would explain his system to us.

I think he could have already done it if he had focused on that.
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: ByronLegosi on March 16, 2013, 03:53 am
@kmfkewm:
Have you read all of my posts? You are arguing with me about a part of the program that we almost immediately had agreed would not be feasible. We left the idea of server-side encryption or decryption in about 3 posts and instead decided that a client side auditable browser plugin or app would be used instead. The server's involvement would purely be to store a private key (and as many public keys you would like) with a username and password (and we can go into one-way hashing of salted passwords server side if you like). No messages would ever reach my server at all, and in fact I had even hinted as per my dissertation that not even entire keys would be kept by any single party. This is why I was frustrated in my last post and why I'm more frustrated now. Of course I understand that it would be pointless encrypting anything if a malevolent party had the means to decrypt it, that is self-evident. The reason I was trying to move on from that point was that it had been taken out of context and you've done it again, except this time you've spent a good deal of time picking at my post. I am NOT suggesting that security by anonymity is better than cryptography and that would be truly absurd. Did you read up on the foo e-voting system and did you understand my reference to TOR itself in overcoming trusting one person (but if you can't trust the most trustworthy person in the world I think you may have some form of neurosis).

I don't understand why this is still being talked about mate, I wanted to debate methods of making the concept usable by any means, not debate my own understanding of cryptography. I'm sending you a PM about my credentials but please don't call me a liar because we've started talking about semantics of my statements and my literal statement that a private key on its own is useless (and if you are arguing against that statement I'm totally lost as to why).


@astor: I work full-time and have an active social life, I'm honored and flattered that you think I could have solved this problem if I'd put my mind to it in the last 2 days but unfortunately I haven't been able to. However, if you're referring to my promise for a rough outline of how it will work I think I'd better post it this weekend before I get lynched.


People, the number or rather strength of insinuations already that I may be secretly trying to steal your data is ridiculous. We are trapped talking about a single point that I already know where the disagreement has come from and it is entirely down to the fact that I made some assumptions I shouldn't have.

Talking about whether I understand asymmetric encryption is not helpful or to be honest very nice, and in a very early post I suggested alternatives to all of the issues you raised in your posts. So can we move on?

1. Multiple nodes each being separate agents store parts of encrypted keys using a username and passphrase (hashed on each node) so no one server holds a private key neither does any one party
2. Encryption and Decryption are client side (security such as key-logging or even just doing it in public are not in the scope of this app)
3. No messages are saved outside the RAM of the machine you are working on (and we can't control other software on a given machine)

Why is it useful?
You do not need to carry a physical device with you to keep your keys with you at all times and you wouldn't have to leave your browser to use PGP on SR

Do you want that?
Clearly you don't need that, but I would like it for myself, and if I would, then someone else probably would.


Have I made it clear what I meant by having a private key on it's own is useless IN THIS INSTANCE? If I haven't PLEASE pm me and let this thread discuss other issues.

There are so many problems here that need a solution that we can probably solve together, why has it instead descended into this?
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: kmfkewm on March 16, 2013, 04:28 am
If you are talking about only storing the private key server side, and doing everything else with a client side application, I guess I just completely do not understand why you would store the private key on some third party server in the first place. Why don't you make something like FireGPG, that sounds a lot more trustable than something that inexplicably needs to keep private keys on a third party server, despite everything else being done client side.

Giving you the benefit of the doubt, I guess I just don't understand what problem you are even trying to solve. At first I thought you wanted something like Hushmail, then I thought you wanted something like Privnote, now I think you want something like FireGPG that inexplicably holds private keys on the server. Honestly, I have only skimmed this thread, although I did see your glaring post about the secrecy of private keys being of less than utmost importance, and had to LOL at it.

1.

I suppose you could use something like a brain wallet, although I am not sure exactly how secure it would be in practice. With ECDH it would be something like, the user types in their password (hopefully highly entropic), which is hashed with let's say SHA-256 and a PBKDF with some thousands of iterations or so to slow down brute force. Read the resulting hash as a BIGNUM and treat it as the ECDH private key, then elliptic point multiply a generator for a known 256 bit elliptic curve with it to get the public key. Provided the users password has enough entropy in it this should allow them to derive the private/public keys securely on the fly wherever they are, so long as they have their password. Now the private key only comes into existence when it is required, which is superior to storing it distributed across multiple servers, and even to storing it symmetrically encrypted on the clients computer as is traditionally done. The main issue with this is that normally these asymmetric algorithms are as secure as the PRNG used to generate the key pairs, and the strength of the users password only becomes relevant after their system has already been seized and the attacker has a copy of their symmetrically encrypted private asymmetric key. Using PBKDF to derive a private asymmetric key literally makes the users communications as secure as their password, as the attacker can then get their private key by brute forcing their password while having only a ciphertext of a message rather than the ciphertext of the encrypted private asymmetric key. But if the users password is entropic enough it should be fine, and of course the PBKDF slows down attempts to brute force some as well.

2.

everything should be client side. I see absolutely no reason for a required server side component for something like GPG.

3.

easy to do with mlock
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: astor on March 16, 2013, 05:22 am
@astor: I work full-time and have an active social life, I'm honored and flattered that you think I could have solved this problem if I'd put my mind to it in the last 2 days but unfortunately I haven't been able to.

Sorry, I was under the impression that you already had a system worked out.


People, the number or rather strength of insinuations already that I may be secretly trying to steal your data is ridiculous. We are trapped talking about a single point that I already know where the disagreement has come from and it is entirely down to the fact that I made some assumptions I shouldn't have.

Talking about whether I understand asymmetric encryption is not helpful or to be honest very nice, and in a very early post I suggested alternatives to all of the issues you raised in your posts. So can we move on?

You are very sensitive, my friend. You are not going to make it long on this forum. :)


1. Multiple nodes each being separate agents store parts of encrypted keys using a username and passphrase (hashed on each node) so no one server holds a private key neither does any one party
2. Encryption and Decryption are client side (security such as key-logging or even just doing it in public are not in the scope of this app)
3. No messages are saved outside the RAM of the machine you are working on (and we can't control other software on a given machine)

Have you heard of the Freedombox Project?

https://www.freedomboxfoundation.org

There was discussion in that community of backing up private keys through a distributed p2p network, which sounds similar to your system. The idea was to distribute pieces of a private key to friends in one's network (perhaps through Diaspora). If the friends don't all know each other, or know who else has parts of the key, then they can't reconstruct it, but your client can.

I don't know if they got around to implementing it.

The main difference from your idea is that you control all the servers while theirs is a decentralized p2p system.
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: kmfkewm on March 16, 2013, 05:50 am
what the hell is the purpose of storing private keys at third party servers?!
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: astor on March 16, 2013, 05:59 am
I think he started out with the idea of offering an easy to use web service for PGP, which is well intentioned.

He's interested doing web projects, so that's what he wanted to do, but it's simply not secure.

Now the plan is a browser add-on to encrypt locally, he just hasn't gotten around to admitting that it's easier and safer to store the keys locally too. :)

At that point it's not a web project anymore.
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: kmfkewm on March 16, 2013, 06:15 am
I actually quite like the idea of on the fly key derivation from a passphrase, I just don't know that people could memorize a password with 256 bits of entropy in it. 

"I wonder how much entropy is in a sentence like the one I am typing right now, or the ease with which I could remember said sentence. Well, I could remember it, but I do not even know if it is entropic enough in itself to be used for private asymmetric key generation!!!"

hm that sentence is 270 characters, generally safe to assume 1 bit of entropy per keystroke of an English sentence, so a passphrase of that magnitude may be adequate for on the fly password based key derivation of a 256 bit ECC key.
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: astor on March 16, 2013, 06:33 am
1 bit of entropy, where do you get that?

If the attacker knows it's only upper or lower case characters, then it's 270 log2 52, or 1539 bits.

If the attacker knows that it's composed of English words, then it's 53 log2 80000, or 836 bits, for 53 words and assuming a standard dictionary of 80,000 words.

I suppose an attacker could use statistics on word patterns in English sentences to lower the overall entropy, since some words are more likely to follow other words, and some words never follow each other, but I imagine it would still be in the hundreds of bits. Maybe in that sense it would be 200-500 bits.


Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: kmfkewm on March 16, 2013, 07:16 am
1 bit of entropy, where do you get that?

If the attacker knows it's only upper or lower case characters, then it's 270 log2 52, or 1539 bits.

If the attacker knows that it's composed of English words, then it's 53 log2 80000, or 836 bits, for 53 words and assuming a standard dictionary of 80,000 words.

I suppose an attacker could use statistics on word patterns in English sentences to lower the overall entropy, since some words are more likely to follow other words, and some words never follow each other, but I imagine it would still be in the hundreds of bits. Maybe in that sense it would be 200-500 bits.

Different estimates will put it at different amounts, but as a general rule of thumb it is safe to say an English sentence has one bit of entropy per character. One NIST estimator only levels out to 1 additional bit per additional character after twenty character + special/lower/numeric/upper , with more more entropy credited to characters prior to twenty and with a bonus for each additional character type. zxcvbn takes a lot of things into consideration, for example zxcvbn would have less entropy than i29fks because it is a spatial pattern on the keyboard, I think it also takes into account syntactic structure of English sentences as well.

this paper (acl.ldc.upenn.edu/J/J92/J92-1002.pdf) suggests an upper bound of 1.75 bits per character in English

Quote
We present an estimate of an upper bound of 1.75 bits for the entropy of characters in printed
English, obtained by constructing a word trigram model and then computing the cross-entropy
between this model and a balanced sample of English text. We suggest the well-known and widely
available Brown Corpus of printed English as a standard against which to measure progress in
language modeling and offer our bound as the first of what we hope will be a series of steadily
decreasing bounds.

although it does mention that they think improvements are possible

Quote
We do not doubt that one can reduce the cross-entropy below 1.75 bits per charac-
ter. A simple way to do this is to find more reliable estimates of the parameters of the
model by using a larger collection of English text for training.



this site puts it at 1-2 bits per character:
http://unixhelp.ed.ac.uk/CGI/man-cgi?ssh-keygen+1
Quote
(English prose has only
     1-2 bits of entropy per character, and provides very bad passphrases),


I guess with all sources considered, it is probably the most accurate bet to say that English contains slightly over 1 bit per character, but a conservative estimate and best rule of thumb is to not attribute more than one bit of entropy per byte of English IMO, even though in reality the entropy is probably slightly more than that.
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: eddiethegun on March 16, 2013, 07:39 am
An implementation I wrote in Java about 7 years ago (I'm dangerously close to revealing my identity so I'm not comfortable going further)

for a vendor i'd say youve gone far enough that you need to stfu and start observing some opsec...

forum accounts are free my friend
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: astor on March 16, 2013, 09:36 pm
Ah yeah, I vaguely remember you saying something about 1-2 bits before. Thanks for the refs.
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: ByronLegosi on March 18, 2013, 04:07 am
Quick note to say I've not abandoned this thread, have lots to say here, great posts since my last one made for great reading so thanks for those but astor, still not giving up on the idea although I do agree that it is easier and safer to store keys locally, never disagreed with that, this still has a use, similar to the USB key. Never about making the safest and easiest, just as safe as possible convenience.

@eddi : I'm always thinking about opsec, thanks for the concern though.

guys, it's 4am and I HAVE to sleep so allow me a while longer. Entertaining guests all weekend really swallowed my time, pretty much stuck to the main site only. Will be back on forums asap to try once again ;-)
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: lokiju on March 20, 2013, 08:30 pm
Maybe I'm missing something, but if SR get's hacked they lose a bunch of money and their reputation. They have a strong incentive to be state of the art secure.
Another app to further encrypt something that's already encrypted and unless open source and widely reviewed for security, seems to me to decrease security, not increase it.
If somebody, either being too young and naive or lazy (pick your poison) doesn't want to use a windows program (PGPwinn) to encrypt something sensitive (like an address) I tend to feel you can't 'save' this person anyway. I'd be much more comfortable if I knew who was doing this app programming (there's no reason for you to be secretive, coding isn't illegal) they had a reputation and the app was widely reviewed by people specializing in security. Maybe you are a security expert (can't tell since you want to keep your name secret) but I wouldn't want to trust me freedom on somebody with no reputation. Maybe those carefree souls who haven't spent a day in jail would sign up.
I mean no offense, and I may be missing something, but wouldn't feel comfortable using your app when you've already got PGPwinn.
I'm not smarter than the average bear, but it only took me 2-3 days part time to read the 'PGP club thread', practice there, and become functional in PGP. YouTube is out there too.
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: onetwothree on March 20, 2013, 11:49 pm
Maybe I'm missing something, but if SR get's hacked they lose a bunch of money and their reputation. They have a strong incentive to be state of the art secure.
Another app to further encrypt something that's already encrypted and unless open source and widely reviewed for security, seems to me to decrease security, not increase it.

Well, obviously nobody tries to get hacked... and I don't think this is tied to SR at all. It's just PGP related. I don't know if your claim that it's already encrypted is accurate, either, but it may be.

If somebody, either being too young and naive or lazy (pick your poison) doesn't want to use a windows program (PGPwinn) to encrypt something sensitive (like an address) I tend to feel you can't 'save' this person anyway.

The difference is the keys are available remotely. You can't go to somebody else's computer and have your keys be there. With this, they would be. What we're waiting to hear is how that could be done provably securely.
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: kmfkewm on March 21, 2013, 06:02 am
Maybe I'm missing something, but if SR get's hacked they lose a bunch of money and their reputation. They have a strong incentive to be state of the art secure.
Another app to further encrypt something that's already encrypted and unless open source and widely reviewed for security, seems to me to decrease security, not increase it.

Well, obviously nobody tries to get hacked... and I don't think this is tied to SR at all. It's just PGP related. I don't know if your claim that it's already encrypted is accurate, either, but it may be.

If somebody, either being too young and naive or lazy (pick your poison) doesn't want to use a windows program (PGPwinn) to encrypt something sensitive (like an address) I tend to feel you can't 'save' this person anyway.

The difference is the keys are available remotely. You can't go to somebody else's computer and have your keys be there. With this, they would be. What we're waiting to hear is how that could be done provably securely.

it is provably secure to do it with password based asymmetric key derivation , provided the password is entropic enough.
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: pine on March 22, 2013, 02:25 am
Hello.

I read your posts OP, and I've read similar ones before by well meaning individuals. You are, well, wrong. Kmfkewm has already explained why in great detail. But it is more interesting why you are wrong than why containing with current practices is correct. There is in fact a huge space for a creative mind to develop useful solutions to this problem, but maybe they are not what you might initially think of as cryptography.

If the objective is to spread the use of strong asymmetric cryptography then there are three possible vectors that affect this.

1. Technical. Is the strength of the cryptosystem good enough? More importantly, is the design of the cryptosystem standing up to attacks over time?

2. Human Computer Interaction. Many crypto applications have a powerful back end but confusing graphic user interfaces for the non geek.

3. Psychological. Why do people wish to learn this? How can we motivate them? In a word: education.

--

It is my belief that people don't use crypto, not because they have made a value judgement on the technical side, but because they are either frustrated by the usability of the product or they are scared off by techno-fear (commonly experienced by true music lovers). However even this is dwarfed by the psychological aspect.

In a way it is more difficult to create a learning system than a cryptographic system. The learning curve in a population doesn't spread exponentially, and the use of public key cryptography requires knowledge, often called tradecraft in our field. It is a similar problem to how people need to know how to use a telephone in order to communicate long distance. You can have as many telephones as you wish in people's homes, but without each user understanding how and why you'd be motivated to use one telecommunications would never have scaled up.

Essentially you need to either create new usecases (which in a way I believe SR has accomplished for PGP) or you need to demonstrate them in such a way that learning PGP becomes a meme. PGP Propaganda :)

The single best way to achieve that is to make use of PGP a rite of passage. People who don't use PGP are to be mocked relentless for their foolishness, and people that do are to be made to feel as part of some special group. Thus PGP Club.

And it is not lies. The propaganda I mean. Knowing PGP really is an exclusive club. PGP is used by cryptographers, intelligence officers, the military, drug vendors, political revolutionaries and monotremes. Conversely people not using PGP on here really are being idiots.

Thought experiment:

Let's say LE hackers break into SR. If we all use PGP, nobody cares. If we don't, we're fucked. That is why SR is still here, it is because it is completely immaterial to outcomes whether you hack into it. It or it's competitors would be back up in days or weeks, and the network would reassert itself as if nothing had occurred. Network wise, DPR is just another person logging on via Tor. Taking out a 'boss' doesn't work either. The only real reason you harden your servers is that a percentage of the buyers imagine hardening them makes a difference. The LEO tasked with bringing down SR knows this. It also knows that every media rag on the planet will be saying only the people who didn't use PGP got busted, not exactly the news story they wish printed.

LE agents have the plan to drag the entire plant up, roots and all by assiduously accumulating information in the hope they will achieve something akin to a breakout point, a panic, a reaction that will sustain itself. Reasonable goals. Unfortunately for them they are fighting precisely the kind of war they do not understand, that they find unacceptable due to their institutional infrastructure. Tor, Bitcoin and SR are ideas, and more than just normal memes, they are exemplars. An exemplar meme is one that forms the shape of other memes to come, like a root word. Such memetic warfare always lasts decades or even centuries, something that is impossible for centralized organizations to commit to consistently without being authoritarian.  That pops them onto the horns of a terrible dilemma.

Anyway, I'm drifting away from my point.

So you don't sell 'serverside PGP'. It is so easy to use. Yay. Nobody will give a shit apart from the ignoramuses that use iGolder or Hushmail or any other law enforcement honeypots. It would actually be more secure, not less, to send your address as plaintext than to use those services.

Instead, sell James Bond. Sell Che Guevara and leet hackers. People are excellent mimics and learn quickly when they think something is cool or useful. I have the height of respect for cryptographers who engineer our algorithms like RSA, but this is a not that kind of problem or quite frankly it would have been solved long ago given the quality of brainpower directed at it.

tldr; It's not just a bad idea for technical reasons. Who cares about a perfect product nobody wants to use?
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: b0m on March 22, 2013, 02:34 am
i didnt read through the whole thread, but what is wrong with iGolder or privnote? - if thats explained in the thread already, tell me and i will read up on it.
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: pine on March 22, 2013, 03:27 am
i didnt read through the whole thread, but what is wrong with iGolder or privnote? - if thats explained in the thread already, tell me and i will read up on it.

iGolder, Privnote, and any other online encryption service that offers (free or paid) to 'hold' your encryption keys for you is almost certainly a honeytrap. Just as with many 'free' web proxies, you're giving your transaction data to people who deal in the sale of information even if they are not themselves law enforcement. It is just not smart. Learning PGP is smart. The web is replete with examples of people who got busted because they relied on some corporation or administrator to protect their assets when faced with a subpoena, such as the Hushmail fiasco, so I don't really feel a requirement to go out and prove that every one of these enterprises is defunct. They are by default.
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: b0m on March 22, 2013, 04:21 am
but what would they have from giving away addresses? they cant know what it is used for. also feds cant start investigating because of some company giving out addresses which they dont know what they are for. its not profitable for them... yet i have not seen anyone got busted for using these companys. and i feel it is needed to be proven before making things up. Im not a professional but as far as i know these companys encrypt the datas and cant even see em themselves. If that wasnt true im quite sure hackers would have already giving out some warnings.

And if it was true it would be an easy way to get someone in trouble. Just post his address 20 times a day and watch him getting raided. i believe these speculations have no real ground to it and should be avoided until proven.
Hushmail clearly stated in their tos that illegal use is forbidden and will be investigated. the one who overreads this its his own fault.

Anyway i will keep using privnote. i feel its even safer than pgp. because like i stated in another thread - if someone other than the seller reads these information, then the seller cant read it anymore. so u can know for sure there is something wrong and prepare for it. Something u cant know using pgp i think
If such companys have success with their services it would be dumb to give out addresses or whatever as it would kill their reputation in one day and nobody would use it anymore. I cant believe these rumors, im sorry.

At the end of the day feds cant raid everyone for uploading their address to a site. and as your house should be clear of all illegal things nothing can happen to you anyway. as long as u r not hording drugs in your house u should be safe. If they ask u - never forget anybody can use ur address as a drop, u dont know anything. They have to prove it was you ordering. if ur not a pussy giving it all away urself there is nothing to be worry about in my opinion.

most of the drugs getting sold here are self-use drugs not meant for selling. this fact makes it very unprofitable for feds to go after these addresses. one special officer costs more an hour than the average package that gets send from here.

Anyway its late and i might be wrong with some points as i didnt thought them all through. just my 2 cents dont take it to serious :)
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: pine on March 22, 2013, 06:02 am
but what would they have from giving away addresses? they cant know what it is used for. also feds cant start investigating because of some company giving out addresses which they dont know what they are for. its not profitable for them... yet i have not seen anyone got busted for using these companys. and i feel it is needed to be proven before making things up. Im not a professional but as far as i know these companys encrypt the datas and cant even see em themselves. If that wasnt true im quite sure hackers would have already giving out some warnings.

And if it was true it would be an easy way to get someone in trouble. Just post his address 20 times a day and watch him getting raided. i believe these speculations have no real ground to it and should be avoided until proven.
Hushmail clearly stated in their tos that illegal use is forbidden and will be investigated. the one who overreads this its his own fault.

Anyway i will keep using privnote. i feel its even safer than pgp. because like i stated in another thread - if someone other than the seller reads these information, then the seller cant read it anymore. so u can know for sure there is something wrong and prepare for it. Something u cant know using pgp i think
If such companys have success with their services it would be dumb to give out addresses or whatever as it would kill their reputation in one day and nobody would use it anymore. I cant believe these rumors, im sorry.

At the end of the day feds cant raid everyone for uploading their address to a site. and as your house should be clear of all illegal things nothing can happen to you anyway. as long as u r not hording drugs in your house u should be safe. If they ask u - never forget anybody can use ur address as a drop, u dont know anything. They have to prove it was you ordering. if ur not a pussy giving it all away urself there is nothing to be worry about in my opinion.

most of the drugs getting sold here are self-use drugs not meant for selling. this fact makes it very unprofitable for feds to go after these addresses. one special officer costs more an hour than the average package that gets send from here.

Anyway its late and i might be wrong with some points as i didnt thought them all through. just my 2 cents dont take it to serious :)

I believe, possibly after exploding with the 1 divided by zeroness of it all, kmfkewm ("personal use lol") would label your post with the tag 'cognitive dissonance'. That is to say you are doing things incorrectly and pretending that you are not really doing anything dangerous with a series of extremely tenuous arguments.

You are engaged in criminal activities on the internet. Law enforcement of a dozen countries wish to apprehend everybody and anybody associated with the Silk Road. It is assumed by most of us that the Silk Road servers have been hacked, or will be, and we behave accordingly by transmitting no personal identifying information in the clear by encrypting things like addresses with strong cryptography such as PGP.

The Silk Road is a permeable network. Infiltrating it is the biggest waste of time in the world. It's parallel to being paid to be trolling 4chan. LEO might as well be pissing into a sea of piss. But that is only true if you are using PGP for personally identifiable information. Anything else and you're in the crosshairs sooner or later.

At the end of the day the Feds can and will raid you in order to make an example of you, at least if they know who you are. While it's true they don't have much to go on in comparison to a typical illegal drug transaction, they have skilled interrogators who get people to confess their crimes nine times out of ten under the pressure. So it is best not to get into that situation in the first place. Hence Tor. Hence Bitcoin. Hence PGP. In fact in a way Tor and Bitcoin are just exotic arrangements of public key cryptography like PGP.

For the record though, here is what they'll do.

1. Hack into SR's servers.
2. Obtain 'encrypted' address data from various honeypots.
3. Compare ciphertexts for matches.
4. Use private key from honeypot to decrypt messages. (you don't believe they delete that shit, do you?)
    4.1 Obtain adddress.
    4.2 Red flag address. All packages will be now searched by united states postal police inspectors or similar.
    4.3 Wait for multiple deliveries of drugs. Forward them on later with a marginal amount of drug and change the rest for filler.
    4.4 Deliver packages on the same day. This is called a controlled delivery.
    4.5 Wait five minutes after delivery.
    4.6 Hammer time. High drama to follow.
    4.7 LE agents explain how the accumulated quantity of drugs, while apparently possession quantities separately, collectively turn you into a uberdrugdealer, part of a giant criminal conspiracy and therefore you're looking at a minimum of 20 years in prison.
   4.8  You either plea or you take that risk. People mostly don't. As in well over 90% of them.
5. Encourage further use of shitty ideas like Privnote.

This is not complicated. It is trivial. It's probably even easier than that. Just use PGP.

Quote
Im not a professional but as far as i know these companys encrypt the datas and cant even see em themselves. If that wasnt true im quite sure hackers would have already giving out some warnings.

notsureiftrolling.jpg
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: kmfkewm on March 22, 2013, 07:15 am
but what would they have from giving away addresses? they cant know what it is used for. also feds cant start investigating because of some company giving out addresses which they dont know what they are for. its not profitable for them... yet i have not seen anyone got busted for using these companys. and i feel it is needed to be proven before making things up. Im not a professional but as far as i know these companys encrypt the datas and cant even see em themselves. If that wasnt true im quite sure hackers would have already giving out some warnings.

Several scenarios are possible. the feds could hack into SR or otherwise take control of it. The customer sends the vendor his address with a privnote link. Feds intercept the link at the server, get the customers address, make a new privnote message that is identical and forward it on to the vendor. Now the vendor sends drugs to the address and the feds have already identified it, intercept the product and raid the customer. That seems like one of the most likely scenarios. I am still not used to these new javascript based website encryption services, they seem to be a slight improvement over how hushmail was doing things with javascript (in that Hushmail was still sent passwords to asymmetric private keys, afaik privnote is entirely symmetrical with single use keys that are hilariously presumably to be sent through cleartext channels), but I am sure they are full of holes. One hole in particular is that they are constantly sending the javascript app to the client using it and unless the client constantly verifies that it is legitimate they could send a bugged version. There is also the entire "you are presumably to send the symmetric encryption key through a non-encrypted channel" detail, which I find to be a bit hilarious. I mean, asymmetric cryptography is weak to MITM as well but I think not to anywhere near the same extent as something like privnote, especially considering vendors here can post public asymmetric keys publicly and verify them, but you cannot very well post a one time use (or any time use) symmetric key publicly.

Quote
And if it was true it would be an easy way to get someone in trouble. Just post his address 20 times a day and watch him getting raided. i believe these speculations have no real ground to it and should be avoided until proven.

You assume that merely having your address go through privnote would be enough to get you raided. This is highly unlikely, although an address found from privnote may be note worthy it is certainly not enough by itself to warrant much. However, the real risk is that the attacker will take over SR server and do massive MITMing of privnote links in order to enumerate the addresses of all the customers using privnote. Considering protecting from an attacker who pwns the server is the goal of using asymmetric cryptography, it seems like a good indication that you should not use privnote as a replacement for asymmetric cryptography if privnote cannot protect from such an attacker.

Quote
Hushmail clearly stated in their tos that illegal use is forbidden and will be investigated. the one who overreads this its his own fault.

Prior to Hushmail handing over many DVDs worth of E-mails to the DEA, they had no such warning. They acted like they were invincible and were a proper implementation of and replacement for traditional user controlled asymmetric cryptography. Only after Raw Deal did they point out that they cannot actually protect from law enforcement level attackers. This is a common trend actually, you could look at the hidemyass VPN service as well (several VPNs have fallen into the same pattern actually). These services all offer weak protections that were never really intended to stand up against strong attackers, however they need to market their shit so they make really big claims or imply that they can offer strong security or anonymity. When the house of cards comes tumbling down, usually at the hands of law enforcement, these companies shrug their shoulders and call their users idiots for thinking that their company could really withstand law enforcement level attackers.

Quote
Anyway i will keep using privnote. i feel its even safer than pgp. because like i stated in another thread - if someone other than the seller reads these information, then the seller cant read it anymore. so u can know for sure there is something wrong and prepare for it. Something u cant know using pgp i think
If such companys have success with their services it would be dumb to give out addresses or whatever as it would kill their reputation in one day and nobody would use it anymore. I cant believe these rumors, im sorry.

Privnote is certainly not safer than properly used GPG. As I pointed out, an attacker who pwns SR server will intercept the privnote link, read it, copy the message, make a new privnote link to the copy of the message, and let that message get through to the vendor. Nobody can tell that the real message has been intercepted and read by an unintended party. Additionally, you cannot know shit with privnote either, all you can do is have faith in a company. There is no law of mathematics that says privnote must destroy their messages after they are read once. You sound like you may be somewhat interested in the Vanish network, it stores messages for some period of time and then makes them impossible to decrypt at a later date (of course you should additionally encrypt these messages with GPG yourself, Vanish is mostly theoretically useful for protecting from laws regarding encryption keys in countries like the UK). I have not looked at it for quite a while now, last I checked it fell victim (at least theoretically) to a Sybil attack , but they had plans to fix it up I think. Anyway I just throw that out there as something to look into.

Anyway you just need to look at farmers market to see that people kept using Hushmail even after it was known that they will at the drop of a dime hand over as much information to law enforcement as is requested. There are always idiots willing to have faith in the promises of a company, even after the company has been debunked. VPNs turn on their users on a regular basis but they don't go out of business for doing so. The simple fact of the matter is, we have a decade of experience pointing to the fact that companies break under little pressure, the laws of mathematics and well thought out security policy do not buckle to anything.

Quote
At the end of the day feds cant raid everyone for uploading their address to a site. and as your house should be clear of all illegal things nothing can happen to you anyway. as long as u r not hording drugs in your house u should be safe. If they ask u - never forget anybody can use ur address as a drop, u dont know anything. They have to prove it was you ordering. if ur not a pussy giving it all away urself there is nothing to be worry about in my opinion.

As I already pointed out, the feds / police will not use the address by itself as proof of anything. They may use it as an intelligence lead in itself, something leading them to watch the address perhaps looking for other signs of illegal activity. The more worrying thing is that they will intercept the link to the privnote post as it goes through SR server and MITM attack. When they see the customer place an order with the vendor, and then send the vendor the privnote link, that will be enough to use the address the privnote link posts to as evidence of a drug law offense. Also it is quite likely they will do a controlled delivery, and history has shown us that if you accept a package and open it , that is usually enough for them to prove that you ordered it in court.

Quote
most of the drugs getting sold here are self-use drugs not meant for selling. this fact makes it very unprofitable for feds to go after these addresses. one special officer costs more an hour than the average package that gets send from here.

Seems to me that you are merely justifying to yourself the fact that you are too lazy to figure out how to use proper security measures. Either that or you are trying to lead others astray. The fact of the matter is that drugs are still illegal and ordering drugs via the mail is a federal offense. The feds probably do not care about the person ordering personal use cocaine from this site, but in the event that they obtain proof such a thing has happened, it is quite likely they will forward this intelligence on to your local police department. And they are likely to try to arrest you. Most people in prison over drug charges are there over personal use amounts.

Quote
Anyway its late and i might be wrong with some points as i didnt thought them all through. just my 2 cents dont take it to serious :)

Don't worry, I wont.
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: LouisCyphre on March 22, 2013, 10:29 am
I'm a software developer and after reading all the people struggling with PGP and people
using iGolder I thought of an idea for a website.

Basically, you would create an account and it would act like gpg4win GPA in that you could create keys, save public keys (with an alias) and encrypt/decrypt online. I'd make it so that everything was encrypted server side, but even if it wasn't I wouldn't save any actual messages so as long as you used a different username
and TOR you'd be safe using it right?

It just means using PGP could be made super easy for beginners (and pros alike). as They could just follow instructions once they created an account. Plus it'd be online so even if they used a different PC they could use their keys to decrypt/encrypt messages and decrypt those with saved public keys.

It would be free of course and ad-free.

Just wanted to get your thoughts?

So what you're basically saying is you want to re-invent Hushmail.  Two words: Farmers market.
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: LouisCyphre on March 22, 2013, 10:32 am
Dude, that is an awesome idea.   I develop websites too and thought the same.  Perhaps, SR should integrate it into their order page . server side.

People shot my idea down.  Saying iGolder site could be LE or something.. yada yada. . I deleted my post.

The iGolder site is a great example.  Its a simple concept and could even be a website script/plug in for Apache.

I say do it.  I'll help promote it.

Igolder works great when you are on another computer with no PGP.  quick solution.  I trust server side encryption more than I trust SR's order page with no encryption or https or anything.

Christ ... I go away for a couple of months and when I return people are still proposing this kind of insane, insecure shit.

Anyone outsourcing their crypto, which is what this is, are going to get (and arguably may deserve to get) reamed until they bleed.
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: pine on March 23, 2013, 04:41 am
I'm off to bed but have a read about the foo-evoting system and some of the critiques. In much the way bitcoins use a network to verify their existence (simplified of course) you use the same idea to verify votes (or in this case you'd change the idea to verify keys) without anyone seeing the actual vote (or key).

An implementation I wrote in Java about 7 years ago (I'm dangerously close to revealing my identity so I'm not comfortable going further) demonstrated that you could reliably confirm the security and anonymity of an entity (we'll use instead of 'vote' or 'key') with only 3 hosts.

I think you're referring to private computation here. It's a great theoretical concept, but I've yet to see a practical implementation of it in any sphere e.g. your e-voting.

Ideally you want what I refer to as a permeable system.  A system where compromise is unproductive for the enemy, where you can show all the data the web server uses publicly, yet it does not help the enemy.  I would like to see such a construction to replace something like Tormail, where the traffic analysis strategy loses its utility.

I believe there was a city in the Fantasy series The Wheel of Time. This city was in fact a kind of maze, where the enemy was able to infiltrate without difficulty but instead of One Big Wall there was instead a thousand walled streets, literally a death trap, the perfect realization of Stalingrad. That's what you want for a private information system. A distributed open anonymous communication system. Myself, Bungee and kmfkewm and others have discussed it before at different times (it is the El Dorado of the Darknet), eventually coming to the conclusion that you need a far larger set of stakeholders than just ourselves to successfully achieve it. It is very possible, but like all grand projects it requires a great deal of consideration. A open system of this scale couldn't be created by a closed system, it would have to be open source and have a diverse and vibrant community behind it. Take a look at the design plan if this piques your interest, search this forum for "Speakeasy". I placed checksums for some links to the correct files.

Note: This is not just a pine pipedream. In order for Cloud computing to scale up, it will absolutely have to engage with the concept of private computation. Otherwise it shall fail. I mean if I just have to hack into Amazon to access their cloud then no matter how hardened their servers are they'll gradually become more and more attractive to hackers. I find it hard to believe the CIA intends to use Amazon's cloud without some form of private computation? If they are, then that is just embarrassing, they should know better than that. Doesn't matter if it's a "private cloud", you want private computation because it scales up, anything else will be a catastrophe.
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: pine on March 23, 2013, 05:28 am
Actually GPG ciphertexts usually have key ID embedded in them so they don't even need to brute force decrypt the messages they can look for the messages that are encrypted to the key ID that they have by virtue of having the private key.

Pretty easy to tell if a message is encrypted with a corresponding key considering that by default GPG ciphertexts have key ID they are encrypted to embedded in them.

It would seem that a whole lot of people who should know this, don't know this. They think if they encrypt a file or message then nothing leads back to themselves, but if they have their public key on a keyserver or other public place then...

Time for a new thread!

Unless you have 2^128 ciphertexts on your server, that seems like it will not be very good to rely on.

I've previously suggested (in combination with the 'private city' thing mentioned already) that the entire SR apparatus could easily (well, at least the idea is simple, implementation is always tricky :D) setup dummy ciphertext transmission, dummy accounts, dummy vendors (since many vendors aren't visible), dummy buyers, further frustrating the efforts of the state at getting a clean kill/take down for the press. The judges in SR cases to date are of one mind when it comes to handing down stiffer than normal sentencing as a deterrent. Seems to me they're not the only ones that can hand down a deterrent. Soundbite: Don't just launder bitcoin! Launder *everybody* :D

The result may be that the balance of negotiations between a plea and a jury favor the jury route. Plea bargaining is absurd anyway, once the jury understands that 1 out of a billion transactions on SR is credible, they'll be forced to look askance at the lot. Alternatively everybody goes inside for a thousand years since they're apparently part of a network that exceeds the GDP of Planet Earth :D Probably needs more thought, complexity can be alluring for the sake of it.

I would be ore interested in an app that automatically uses pgp to encrypt text messages. Preferably one that would work on both androids and iphones. I have never paid for an app before in my life but would shell out some money for an app like this.

The problem is even the smallest of PGP messages/keys would take several hundred characters which means many text messages. Even if you did send it across many messages, it would probably be difficult to parse what is message and what is noise (i.e. "(3/5)" that some phones add). That is the only reason I had mine store them with a webservice.

Look into steganography, or messaging hiding within images, video and other multimedia. Make your PGP message, encrypt, stick it into a container like a image file and then steg it.

Better yet, do the above, and then upload it to anonymously as a torrent (e.g. the latest pirated stuff, or porn, something popular).

This would make for an great app! In general I dislike the use of phones though, more trouble than they are worth on a number of levels.
Title: Re: Idea for PGP site, shoot me down if you like! Only an idea!
Post by: onetwothree on March 23, 2013, 04:24 pm
I would be ore interested in an app that automatically uses pgp to encrypt text messages. Preferably one that would work on both androids and iphones. I have never paid for an app before in my life but would shell out some money for an app like this.

The problem is even the smallest of PGP messages/keys would take several hundred characters which means many text messages. Even if you did send it across many messages, it would probably be difficult to parse what is message and what is noise (i.e. "(3/5)" that some phones add). That is the only reason I had mine store them with a webservice.

Look into steganography, or messaging hiding within images, video and other multimedia. Make your PGP message, encrypt, stick it into a container like a image file and then steg it.

Better yet, do the above, and then upload it to anonymously as a torrent (e.g. the latest pirated stuff, or porn, something popular).

This would make for an great app! In general I dislike the use of phones though, more trouble than they are worth on a number of levels.

That would be cool indeed, but I'm not sure I see the relevance to the quote. Steganography would bloat it even further and would then definitely not be able to be sent through SMS. Also, once the PGP message is encrypted, there is no need to hide it unless you're trying to hide the fact that you're sending an encrypted message, which is not a requirement of mine.

I have not had a chance to check the TextSecure source, but from what I understand, the TextSecure messages are encrypted and travel via the SMS protocol. I'm curious as to how they pull that off. Surely the encryption is not PGP, which is necessary for my purposes.

As merely a hobbyist coder, my app is functional, but ugly and basic without adequate error handling. I may try to polish it a little bit and see if anyone could get any use of it. Though as I've stated, since it doesn't send the messages through SMS, I have no good reason to convince anyone to send the messages through my app. Once the message is encrypted, you can just send it via e-mail or any other number of different ways without any need to interact with my webservice.