Silk Road forums
Discussion => Security => Topic started by: Japan1980 on May 28, 2012, 06:30 am
-
To be honest I find it a complete head fuck on what it is and how to use it. So my question is as a buyer (and possible future vendor) how important is it? and how do I get to grips with it?
Any information would be appreciated - if possible explained in layman's terms, as some of the tutorials I've read etc just spin my fucking head out 8)
Kind regards
J
-
This one even has pretty pictures
http://p3lr4cdm3pv4plyj.onion/guides/shepj.html
-
It's more important than your life! :o
But yeah, looking at those guides should help you. ;)
-
This one even has pretty pictures
http://p3lr4cdm3pv4plyj.onion/guides/shepj.html
Thanks man....
I'll give it a bash later - do I need one as a buyer? Or are they meant for vendors?
Either way thats the simplest tutorial I've seen so far - so good on ya fella 8)
-
It's more important than your life! :o
But yeah, looking at those guides should help you. ;)
Holy shit - better sort it out then quickly ;)
-
You need it most of all so your address doesn't fall into the hands of anyone but the vendor's.
Which is why we are going to (without giving a flying Flipside ph**k") "shamelessly self-promote" our thread addressing this very issue.
In particular the 4th post regarding the 'possibility' of integrating 'user/newbie-friendly' GPG encryption using the SR-PM system.
The sooner we can address this issue, the sooner we will ALL be safe from tyrannical regimes, unjust drug laws, convictions, and incarcerations.
It was the vulnerability of those not 'in the know' trusting (the [otherwise] very well known NOT 2B trusted) third-party GPG encryption services like Fedmail...errr...I mean Hushmail, that brought down FM.
"Secure" GPG is ESSENTIAL!
Integrating 'turn-key' GPG here on the Road is only way we'll last on the long run, imo. Tor-hidden servers get seized by many of those very same oppressive governments and LE "authorities" world-wide more often than you might think.
Should we just sit back, smoke a bowl, be passive and just 'wait' for it to happen to our own little slice of this onion-flavored Road?
If so, you may very well not have any weed to smoke anymore sometime soon. In which case you may have wished you had been PRO-ACTIVE instead!?
And do your best ensure this NEVER happens again?
I feel the answer is pretty obvious when 'every single day' we have new members asking these questions...
Yes! Learn GPG. ASAP!
But we MUST also address the fact that not every new member understands it fully upon joining our community. And find ways to address this fact, asap! We were all newbies at one point. And we are ALL at risk if we don't find a simple way for new members to use it simply and safely. And may "possibly" face the same fate of FM....
Please leave any and all thoughts:
http://dkn255hz262ypmii.onion/index.php?topic=24633.0
Peace
TFC
-
A very high level overview of PGP.
A person generates a key pair using some type of PGP program. There is a public key and a private key.
The Public key is shared and used to encrypt messages. A PGP program will use someones public to encrypt a message. Once a message is encrypted only the person with the private key can DEcrypt the message. Even YOU cannot decrypt the message you just encrypted.
Depending on your PGP program, you'll have to import someones Public Key to encrypt messages.
The whole point is so that only two people know what's in the message, and only ONE can decrypt it.
-
it is 100% important and should always be used
-
...as a buyer (and possible future vendor) how important is it?
As a buyer, it's up to you according to how much you value your privacy / freedom; few vendors will absolutely require encrypted messages. As a seller, probably more important since many people here will simply not consider dealing with a vendor who can't be bothered to learn PGP; it's not *that* difficult and raises doubt about what other security measures you may be skipping.
-
Can someone tell me what the standard practice is when it comes to using PGP?
That is, is it ONLY when sending delivery details or do vendors expect ALL messaging to be encrypted?
Many thanks!
-
Can someone tell me what the standard practice is when it comes to using PGP?
That is, is it ONLY when sending delivery details or do vendors expect ALL messaging to be encrypted?
Many thanks!
That's completely up to how much you value privacy. Typically if you initiate the encrypted messaging, they'll respect it and reply with encryption as well. ;)
-
I'm going to answer your question with another question OP.
Do you consider a fully functioning penis important during either heterosexual or homosexual sex OP?
-
i find it very confusing too but as I'm just a buyer and not a vendor, I only encrypt my address. This is by far the easiest way I've found to do it. https://www.igolder.com/pgp/encryption/
Well, IGolder is supposed to be a business incorporated in Belize. However, their website is hosted through GoDaddy, and the registrant is a resident of Blainville, Quebec (Canada).
They claim they don't monitor anything, but who knows? When you paste-in your shipping address information, they potentially have that, and from the vendor's public key, they have his contact info as well (in some cases). Maybe you feel safe trusting them, but I sure as hell wouldn't.
Or if you need a safer online "work-around" until you learn GPG just open a 'Privacybox' (Privacybox.de).
They are run by The German Privacy Foundation. Each time you need to encrypt a message to someone, just change your settings to encrypt your message to any public key you like and have the GPGiberish forwarded to your email account or grab it from their POP3 server. Then just copy/paste and forward to your recipient of choice. :)
Their Tor-hidden service can be found here:
http://c4wcxidkfhvmzhw6.onion
It's a bit of a hassle obviously, and 'workaround' for sure, but until you grasp GPG fully, and can ensure true 'end-to-end' encryption, it's safe, easy, and it works. ;)
Peace
-
so, here is my problem. I have downloaded everything required to begin sending encrypted messages (thunderbird, gpg4Win, etc, etc), but im stuck because the gpg doesnt work with windows 7 64 bit. I know im not the only one running into this problem. If anyone knows of an alternative gpg program that would work for me, id greatly appreciate their advice. I suppose, in the mean time, I can use the privacy box to work around my issue
-
echo "message" | gpg -a -e
yayyyyy
-
you also may be interested in
echo "vendors public key" | gpg --import
and maybe even
gpg --export -a your-user-name
I suppose that you also might want to check into
echo "ciphertext" | gpg --decrypt
if you start the command with a space it wont be saved in history for some shells, you can also end the commands with && history -c (ie: gpg --export -a your-user-name && history -c) but that clears entire command history
edit: oh yeah you probably also will need gpg --gen-key
pretty much, fuck GUIs, the following commands are all you need:
echo "message" | gpg -a -e && history -c to encrypt messages
echo "ciphertext" | gpg --decrypt to decrypt messages
echo "vendors public key" | gpg --import to import keys
gpg --export -a your-user-name to export keys
and
gpg --gen-key to generate keys
-
so, here is my problem. I have downloaded everything required to begin sending encrypted messages (thunderbird, gpg4Win, etc, etc), but im stuck because the gpg doesnt work with windows 7 64 bit. I know im not the only one running into this problem. If anyone knows of an alternative gpg program that would work for me, id greatly appreciate their advice. I suppose, in the mean time, I can use the privacy box to work around my issue
I have a 64bit machine and GPG4USB works fine for me - there's also a really easy user guide http://gpg4usb.cpunk.de/.
V.
-
It's another boring saturday and Henry is in his easychair with some ballgame on at a volume low enough that even the roaches that live in his television are complaining that they can't hear the commentary. Folded over on his lap is the Saturday Sierra Chronicle that is open to the sports page but nothing he has read has sunk in except he lost yet another three on the team- his team- that can't handle the pressure of playing against the second-worst team in the league.
Last night's whiskey was a really bad idea Henry thinks as he is startled to his feet as if by a spring at the screeching, rattling ring that his foggy mind has yet to identify. His eyes focus very briefly on the game and it comes again. One word surfaces. Telephone.
He gives a pained "eeeeyaaah" as he gets the phone up to a useful position.
"Morning Sailor," a very sultry voice oozes through the earpiece and perks him up, "I hoped you made it home alive after all that Chivas."
Panic sets in and Henry's throat tightens and the unmistakable feeling of being late to take his anti-anxiety medication slides across and into his chest.
"Uhhhhhh" is all he manages to get out of his mouth before chastizing himself for being far beyond normal-stupid. He has no idea what this woman's name is. He is praying that at least she is eighteen, and he didn't do anything illegal last night or that if he did it is not being masturbated to by a rent-a-cop covering for his morning replacement.
"It's Olivia" she says, and he is grateful for her mercy.
"We had a great time last night" says Henry in the form of a statement...in hopes of maintaining Olivia's kindness, while realizing full well that she knows it is a question.
"We sure did. I hope you have my panties because if not, my roomate took them and that would creep me out."
This girl was cool, Henry was thinking as he tried desperately to revisit some memory, any memory at all, of last night's revelry. He came up totally blank. Maybe the pause got uncomfortable.
"Henry, look, I'm calling because you offered me your key."
Now he was really stuck. Had he not only violated this woman in ways that would make her mother cry in shame, but promised some kind of domestic arrangement?
"I, I live with my folks." It wasn't worth a shit, and he knew it, but it was all he could come up with at that moment and hopefully she could give him the benefit of the doubt.
"No, Henry, not the key to your door! Are you still drunk? You promised me your PGP public key."
Things were starting to come back a little. This girl was hot. And she was an IT person. Those three things never, ever go together so certainly it is logical that he would have fucked her. But now she had him nailed to the wall and they both knew it.
"Olivia, look- I like you and we had a great time. But I have to confess that I can't do PGP at all. I mean, I've tried. I've really tried. But it just doesn't click with me. I am more left-brain. Is that the creative part? Or right-brain. Whatever you need for PGP, that part of my brain is dead or retarded."
At some point the phone's click interrupted their phone call. Olivia never got Henry's public key. Of course, she just called her other conquest of the previous night- her "early evening session" uptown. Will had a public key to give her. Will had the part of the brain that does PGP, and he had it in spades. Olivia used Will's key to send him a message. It looked like this when Will got it in his email:
-----BEGIN PGP MESSAGE-----
Version: GnuPG v2.0.17 (MingW32)
hQEMA/s5cwsJ2FkeAQgAtG00ToyH/Tvx5vDv+uwsDL9aXN6TYPDKHncAV7dpDfsn
entfi0CGDRBfOf1vArH9OUQyFmOOIl77OAhgcU+ydNWyGS7rOreELURDgYQr2qin
evw9kLBVAqjSvtLFzRS1z3EmsECL2DklU7SLWkR4BdY8SCdZIiT/g4aAubUaZbu6
eIoTDBk4tC2zYYumVT1eWxNe971jlzQjXf1EFMGoYmgb/8paZ1liQ65MgxT9uc4U
HtskPuz9Jmx06z6SXeBCcjA/o81rJ66A7rJOk8YRGapEh+l8fFyhrlnsEKTxualv
H89S6vRM0fJJhFjqvSn7t/xkWI+NNUWRlpeRd86yKtJeAWq9khNOU5NCj4xTmCbY
gYVRMDuIqzvLwMWItvMe7ube02hpW1fbaR+et8a6MRrYXAgVM4wg53jVDDmrqp4e
3xY9NYrVam5zEIofIyfCu9or0rPXO05Kx5UDIEtQJg==
=RMom
-----END PGP MESSAGE-----
But after he decrypted it, it looked like this:
I have a lot of really good acid and an ounce of killer green sticky buds (with purple hairs) and I want you to come over to my house at 308 Maplecrest Lane near the city university that I hope to attend next year. Mom and dad are gone for the weekend, but they left their Alfa Romeo convertible for me so we can cruise around while you play with my freshly shaved pussy, or while I suck your cock.
Just imagine, if Henry had a public key to give Olivia, he would be enjoying that weed, acid, and fresh young pussy. But he didn't. We hate Henry. Our hero is Will. Boys and girls, you should be like Will. Will had a public key to give out at a moment's notice. And all you need to give anyone if they want to send you encrypted mail is your public key. And if you want to send encrypted mail to someone, all you need is their public key.
I hope you have enjoyed our story. And I hope that you will remember that about public keys. Give your public key and a girl like Olivia will send you encrypted mail. Fail to do so, and you will lose a lot of money gambling like Henry.
-flax
-
You have my nomination for the post of the month, flaxceed. Hats off.
-
lol flax