Silk Road forums

Discussion => Security => Topic started by: ukcody83 on May 26, 2012, 01:48 am

Title: Need GPG help
Post by: ukcody83 on May 26, 2012, 01:48 am
Would like to be able to purchase a few things but am having a hell of a time trying to figure the GPG thing out,I'm kind of a computard so if anyone could send me an easy to understand walkthrough it would be much appreciated. LOVE the site
Title: Re: Need GPG help
Post by: kingston on May 26, 2012, 07:28 am
This site http://p3lr4cdm3pv4plyj.onion/ is great for testing and getting the hang of how GPG works.
Title: Re: Need GPG help
Post by: ukcody83 on May 26, 2012, 09:11 pm
Thank you for all the help everyone,I'm sure I'll get the hang of it.
Title: Re: DO NOT USE THIS SOFTWARE, IT IS BROKEN!
Post by: vlad1m1r on May 27, 2012, 10:43 am
+1 to the Guru for showing me and others the way. An excellent and easy to use program is GPG4USB which will let you generate 2048 bit keys.

V.

- Download PortablePGP here: http://sourceforge.net/projects/ppgp/files/ppgp/1.0.6/PortablePGP-1.0.6_decompress_on_a_usb_drive.zip/download

- Unzip the file somewhere on your hard drive.

- After opening it click on the button which says "This is the first time i use PGP. Please generate a new private / public key pair".

- Fill in your SR username, a fake email address, leave the comment field blank, leave the key size as it is, enter a strong passphrase/password you want to use to decrypt encrypted messages sent to you and click generate.

- Copy the vendor's public key into notepad, save it somewhere (the name doesn't matter), in PortablePGP you should be in the keyring tab where you'll see private keys and public keys listed, click on the downward arrow listed next to public keys and open the text file you just saved, the key should now be added.

- Click on the Encrypt tab on the left, fill in your address in the Encrypt Text field, choose the vendor's key in the Target list, leave the sign option on "No signature, just encrypt" and then click the Encrypt button.

- Copy/paste the message you got into the order form.

Hope this helps. :)

DO NOT USE THIS SOFTWARE, IT IS BROKEN.

I have noticed many people who generated PGP keys with this software whose ElGamal encryption sub-keys have only a 512-bit modulus.  NIST has deprecated 1024-bit keys as of the end of December 2010. 512-bit keys have not been in common use since about 1993-94, and for good reason.

Cypherpunk and remailer operator Lucky Green caused quite a flap when, in March of 2002, he revoked all his 1024-bit keys.

Bruce Schneier . the developer of the Blowfish and Twofish encryption algorithms, wrote in his newsletter in April 2002 commenting on this:

In this newsletter article, "Is 1024 bits enough?" he states:

Quote
http://www.schneier.com/crypto-gram-0204.html

  Is 1024 Bits Enough?

  Last month [March 2002] I wrote about Dan Bernstein's factoring research,  and how it might affect RSA key lengths. Recently there's been a discussion on BugTraq, as cypherpunk Lucky Green cited the research as his primary  motivation for revoking his 1024-bit PGP keys.

  This brings up the interesting question: are 1024-bit RSA keys insecure,  and what should we do about them?

  The current public factoring record is 512 bits, using general purpose computers. Prudence requires us to suspect that institutions like the NSA can do better, although we don't know how much better. Way back in 1995, I estimated key lengths required to be secure from different adversaries: individuals, corporations, and governments  (Applied Cryptography, 2nd Edition, table 7.6, page 162). Back then I suggested that people migrate towards 1280-bit keys, and even 1536-bit keys, if they were concerned about large corporate or government
adversaries:

  Recommended Public-Key Key Lengths (in bits)

  Year       Ind.       Corp.       Govt.

  1995        768       1280        1536
  2000       1024       1280        1536
  2005       1280       1536        2048
  2010       1280       1536        2048
  2015       1536       2048        2048

  Looking back on those numbers written seven years ago, I think they were conservative but not unduly so. Factoring, at least in the academic community, has not progressed as fast as I expected it to. But mathematical progress is bursty, and a single breakthrough could more than make up for lost time. So if I were making recommendations today, I would still stand by my 2000 estimates above.

I have long believed that a 1024-bit key could fall to a machine costing $1 billion. And that a 1024-bit RSA key is approximately equivalent to a 80-bit symmetric key. (In Applied Cryptography, I wrote that a 768-bit RSA key is equivalent to an 80-bit symmetric key; that's probably too low an RSA key.)

Comparing symmetric and public-key keys is a lot like comparing apples and oranges. I recommend 128-bit symmetric keys because they are just as fast at 64-bit keys. That's not true for public-key keys. Doubling the key size roughly corresponds to a six-times speed slowdown in software. This might not matter with PGP, but it will make client-server applications like SSL slow to a crawl. I've seen papers claiming that you need 3072-bit RSA keys to correspond to 128-bit symmetric keys and 15K-bit RSA keys for 256-bit symmetric keys. This kind of thinking is ridiculous; the performance trade-offs and attack models are so different that the comparisons don't make sense.

  But there's no reason to panic, or to dump existing systems. I don't think Bernstein's announcement has changed anything. Businesses today could reasonably be content with their 1024-bit keys, and military institutions and those paranoid enough to fear from them should have upgraded years ago.

To me, the big news in Lucky Green's announcement is not that he believes that Bernstein's research is sufficiently worrisome as to warrant revoking his 1024-bit keys; it's that, in 2002, he still has 1024-bit keys to revoke.

This discussion highlights the huge inertia in key rollover. Many people are still using short keys. Lucky Green's e-mail sheds a light on this phenomenon. He wrote "In light of the above, I reluctantly revoked all my personal 1024-bit PGP keys and the large web-of-trust that these keys have acquired over time." The web of trust attached to those keys was of great value, and reestablishing it with a new set of keys will be difficult and time-consuming.

To Green, that pain was more important than having a "long enough" key.

  Lucky Green's BugTraq announcement:
  <http://online.securityfocus.com/archive/1/263924>

  [ N.B. Link no longer works, use this one instead:
  http://www.mail-archive.com/cryptography@wasabisystems.com/msg01950.html ]

  My essay on Bernstein's factoring paper:
  <http://www.schneier.com/crypto-gram-0203.html#6>

  News coverage:
  <http://zdnet.com.com/2110-1105-863643.html>
  <http://www.infosecuritymag.com/2002/apr/...>

  Other essays on the Bernstein paper:
  <http://www.rsasecurity.com/rsalabs/technotes/...>

Quote


So, as you can see from the first row of Schneier's table, a 768-bit key was judged necessary to protect oneself from threats mounted by *individuals* in 1995 -- some 17 years ago, now. A 512-bit ElGamal encryption sub-key is immeasurably weaker than the 768-bit RSA key that Schneier felt was adequate against attacks by individuals 17 years ago.

The money quote from Schneier's newsletter was this:  "To me, the big news in Lucky Green's announcement is not that he believes that Bernstein's research is sufficiently worrisome as to warrant revoking his 1024-bit keys; it's that, in 2002, he still has 1024-bit keys to revoke."

In 2003, about a year or so later, Schneier and colleague Ferguson wrote  in Practical Cryptography, stating:

"The absolute minimum size for n is 2048 bits or so if you want to protect your data for 20 years. [...] If you can afford it in your application, let n be 4096 bits long, or as close to this size as you can get it." (p. 233)

It is worthy of note that, starting in 2009, the default key generated by current versions of both PGP and GPG are 2048-bits.

Some of you may quibble that a 512-bit ElGamal key is not the same as a 512-bit RSA key. That is true, however I would point out that the work factor for breaking an ElGamal key is believed to be on a par with the work factor for breaking an equivalent-sized RSA key. 512-bit RSA keys have been factored by small groups, as in the factoring of a 512-bit RSA key  used to sign software/firmware of certain Texas Instruments calculators. Some of the owners of these calculators were annoyed that  they could not install their own software, as it was not signed by Texas Instruments.  From Wikileaks:

Quote
Suppressed Texas Instruments cryptographic signing keys, 28 Aug 2009

Texas Instruments, a large US electronics company, is the market leader for sophisticated programable calculators used by millions of students and engineers. Recently, TI has served internet publishers with DMCA legal threats for distributing cryptographic keys that permit owners of TI calculators to install third-party system software on TI calculators -- an anti-competitive, and arguably unethical act by TI.

The file here presents the Operating System signing keys for different Texas Instruments calculators. The key for the TI-83 calculator was first published by someone at the unitedti.org forum [1]. He or she needed several months to crack it. The other keys were found after a few weeks by the unitedti.org community through a distributed computing project. The keys make it possible for people to create new OS software to be used on Texas Instruments calculators.

Texas Instruments contacted several people with DMCA notices to take down the keys from their websites. Some of the websites which got a DMCA notice are: unitedti.org, brandonw.net and reddit.com. One of these DCMA notices can be found here: http://brandonw.net/calcstuff/DMCA_notice.txt

See: http://www.unitedti.org/index.php?showtopic=8888

Guru