Apparently 1024 bit PGP keys are bad, is it stupid to order from a vendor with one? What are your thoughts on this?
Version: BCPG C# v1.6.1.0
Is it stupid to order from a vendor with a 1024 bit PGP key?
Apparently 1024 bit PGP keys are bad, is it stupid to order from a vendor with one? What are your thoughts on this?
Version: BCPG C# v1.6.1.0
[3 Points] kamn74:
[2 Points] ApricockApecot:
I just ordered meth from vendor Xinhai yesterday morning, and had the same concern when I saw he had a 1024-bit key, like really dude? You couldn't wait the extra 30-60 sec for it to create a 4096 one or at minimum a 2048? If customers with little technical knowledge like myself and access to Tails that makes it very easy for you, idk how the hell it could be so hard or not in your best interest to get the biggest key for your own OPSEC, especially as a vendor!
[3 Points] None:
[deleted]
[2 Points] 0xb44d:
It would be advisable to upgrade since 1024 bit keys won't be secure forever, but Tor uses 1024 bit keys. not something you'd choose to not order over.
[2 Points] None:
I only use vendors that store keys and addresses on Sony MiniDiscs....
[1 Points] impost_r:
From deepdotweb:
Version: BCPG C# v1.6.1.0
This version of PGP generates by default a PGP key of 1024-bits, with NO encryption sub-key. Again, these keys are unsafe/obsolete.
[1 Points] None:
Look up TWINKLE and TWIRL devices developed my Ramacahdran and Shamir (The R and S in RSA). These devices were developed 14+ years ago and could break 512bit PGP in minutes. I'm sure with 14 years of further technological advancments 1024 is a joke nowadays.
I use 4096.
[1 Points] None:
Here is a super-detailed analysis of it: http://crypto.stackexchange.com/questions/1978/how-big-an-rsa-key-is-considered-secure-today
There is a chart there that shows academia breaking a 1024 bit key by 2015.
Having said that, even if the NSA could break a 1024 bit key, they are not going to dedicate their immense resources to breaking some darknet dealer.
[1 Points] None:
LEO wont break 1024 keys unless you are slanging kilos of heroin.
I would upgrade to 4096 or higher if you can because it cant hurt to.
The NSA can probably crack 1024 bit RSA keys, so that's not good. The more worrying thing is the version string, "BCPG C# v1.6.1.0". This could indicate that they are using an online website to generate their key and to encrypt / decrypt messages. The website sees all of the unencrypted messages and could easily save them. Websites like igolder.com should never be used because of the very real possibility that they are saving the private keys and the unencrypted messages.
https://igolder.com/pgp/generate-key/
Click on the "Generate PGP Keys" button to see the version string.