Silk Road forums

Discussion => Security => Topic started by: dope32 on April 14, 2012, 05:27 am

Title: Public gpg ket and LE
Post by: dope32 on April 14, 2012, 05:27 am
Just some food for thought. If LE were to ever confiscate a vendors computer and get their public that they gave to buyers. I know we can true crypt files or the entire hard drive but I just wanted you all's thoughts on how to avoid this scenario
Title: Re: Public gpg ket and LE
Post by: raven92 on April 14, 2012, 07:48 am
What are you asking?

Their/Our public keys shouldnt matter, the vendor should not have ANY GPG messages from us stored, ANYWHERE.
They should have secure passwords for their private PGP keys. (Of course the courts may order them to reveal the password, which is again why nothing should EVER be stored from us)
Their 'SR' mode should hopefully be shot in some sort of TrueCrypt hidden volume so they can have deniability (though i'm not sure how well this works and if its truely undetectable that there isn't a hidden volume).

Honestly the weakest point is delivery, and your best bet IMO is to not go all crazy out commiting fraud (fake ID's/fake PO/stealing mail).
Just be smart, keep a clean house, don't go crazy, dont say a word, and know a good lawyer incase shit hits the fan.
Title: Re: Public gpg ket and LE
Post by: QTC on April 14, 2012, 04:40 pm
Just some food for thought. If LE were to ever confiscate a vendors computer and get their public that they gave to buyers. I know we can true crypt files or the entire hard drive but I just wanted you all's thoughts on how to avoid this scenario
You mean what happens if law enforcement gets somebody's private key? PGP still protects whatever's encrypted with that private key's corresponding public key. The private key itself is encrypted with a symmetric algorithm which uses your PGP password as its key. When you supply your password, the decrypted private key is used to generate a session key which is then used to decrypt messages. So without the password, the private key is actually pretty useless.