Quote from: astor on July 19, 2013, 02:39 pmQuote from: BlackIris on July 19, 2013, 08:15 amI already personally asked astor last time to publicly reveal the names of the vendors that had insecure pgp keys. He didn't want to do it but IMO he should have.This is in the interest of every buyer to know, it is not something that must remain private.And they can easily find out on an individual basis. You see a vendor you like, you import their key. In every PGP program you can look at the key properties, which will tell you the key size. If you think the key is weak, don't encrypt your address with it.Of course LE could be crawling the site already and gathering that intel, but I see no reason to do our enemy's job for them. That's why I didn't release a master file of the keys or a list of vendors with weak keys.I agree with astor, we're not going to make things easy for them, everything we say and release they probably already have, we are trying to keep up with them in respects to warning people before they're caught etc and improve everyone's game. Releasing a list of weak PGP keys will not benefit anyone on the forum, I have backups of everything so if the site went down then maybe I'll release everything so people can continue business as usual - but not yet. I don't feel it is right to make this easier for LE and the whole point of the audit is actually to make LE struggle even more.