2048 bit size PGP key are not good enough ANYMORE!

This was posted on TMG on October 25th, 2016 and a little earlier than than on TheHub. I'm repeating it here slightly edited because almost nobody heard it and it should be shouted from the mountaintops with bazooka horn. This was kinda posted here about a year ago by /u/Dr_Zhivago_ in this topic: /r/DarkNetMarkets/comments/3pyrxo/how_the_nsa_can_break_trillions_of_encrypted_web/

ALL PEOPLE WITH PGP KEYS LESS THAN 3072 BIT SIZE PLEASE READ!

Attention all active DNM people still using PGP keys only 2048-bits in strength:

There are still an extraordinarily high number of active vendors and users across all darknet markets who are using 2048-bit PGP keys to conduct business. As you know, buyers/sellers must import your 2048-bit public keys so they can then use your public key to encrypt a message containing sensitive delivery address information or bitcoin addresses or other sensitive info.

Back in 2015, the NSA made the declaration the following isn't safe to use (for their work or other infosec/netsec workers):

  1. ECDH and ECDSA with NIST P-256
  2. SHA-256
  3. AES-128
  4. RSA with 2048-bit keys
  5. Diffie-Hellman with 2048-bit keys

More details can be found here: http://deepdot35wvmeyd5.onion/2016/02/08/nsa-switches-to-quantum-resistant-cryptography/

In the interests of vendor and customers safety, I implore all the DNMarkeers still using 2048-bit keys (or lower - shame on you!) to PLEASE generate a new key pair, 4096-bits in size. Yes - 3072-bit keys are still considered safe for now, but if you're going to generate a new key pair, just make them 4096-bits in size and be done with it (and if that means ditching GPA for GPG4USB, THEN PLEASE DO SO!)

Considering this is free to do, there really is NO EXCUSE for anyone, especially all the currently active DNM buyers (who send their encrypted address along with orders for illegal drugs with weak keys), to still be using keys that are just 2048-bits in strength.


Comments


[45 Points] wombat2combat:

here is how to do it for tails https://www.reddit.com/r/DarkNetMarketsNoobs/wiki/bible/buyer/pgp/createkeypair

edit: vendors do not forget to sign your new public key

however I would not jump to the conclusion that the nsa can crack rsa with 2048 bit keys just because they do not recommend to use it any more for their top secret documents/data/communication. it could be simply to ensure that nobody except themselves has access to their data [that means like 'it is probably not broken but we should still set higher standards in out recommendations for our workers to ensure we do not get fucked'].

regardless, a stronger key size is always good, and people should definitely use 4096 bit.


[13 Points] Dr_Zhivago_:

Next we have to worry about is hardware with build in backdoors.

Hardware security expert Damien Zammit says that recent Intel x86 CPUs come with a secret subsystem that works as a separate CPU inside your CPU, can't be disabled, and nobody can review the closed proprietary code. Called the Intel Management Engine (ME), this subsystem is literally embedded inside the x86 chipset, where it runs its own closed-source firmware. Intel says ME was designed to allow big enterprises to manage their computers remotely, for a fee, of course, via the Active Management Technology (AMT).

Zammit explains that AMT runs separately from any OS a user might install, allowing access to the computers in any deployment.

http://alexanderhiggins.com/new-intel-cpus-come-powerful-built-secret-hidden-backdoor/

Heres a video explaining a little about it

Edit: Make sure to read the link & watch the video. The video covers another type of codename secret backdoor deliberately placed to assist gov agencies & entities


[6 Points] lookingFORwarDz:

This is old news, 2048 keys became unsafe long ago.


[2 Points] DrinkNoMarmite:

I don't remember what the settings were without checking, but if I followed the guide to set up Tails in the last couple of weeks, am I good?


[2 Points] None:

thats been known man


[2 Points] OpOnymousSurvivor:

I was taught to use 4096bit keys in like 2012


[1 Points] AutoModerator:

/u/Dr_Zhivago_ - You have been summoned in the thread /r/DarkNetMarkets/comments/5xrnmn/2048_bit_size_pgp_key_are_not_good_enough_anymore/ by /u/CookyDough.

This convenience is brought to you by AutoMod. Submissions do not automatically summon users like comments do. AutoMod is trying to be helpful.

For others, it should no longer be necessary to summon the referenced user in a comment any more. AutoMod has done the heavy lifting for you. You're welcome. Bow before me.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.


[1 Points] throwawayyy750:

Question: In order to do this i would just remove my current key in AB and replace it with a new one correct? And nothing would be lost?