Silk Road forums

Discussion => Security => Topic started by: Sour D on August 07, 2011, 12:32 pm

Title: PGP Program a legal security risk/liability?
Post by: Sour D on August 07, 2011, 12:32 pm
     Forgive my ignorance if this is erroneous thinking...

   Is the program data of PGP a potential legal liability. For example, assume your house somehow gets raided related to SR, and LE seizes your desktop/laptop. Even though they cannot decrypt your messages without your password, is it possible that your saved keys can be incriminating? What I'm getting at, is that when I save the keys of vendors on PGP Desktop (on windows 7), it lists the usernames of the key owner. Obviously, more often than not, the usernames are identical or nearly identical the the SR username. AFAIK one cannot alter the information attached to saved keys.

   All that LE would need to do is open the PGP program, look at the Usernames of the saved keys, and match them up with Users on the SR site, and now they have a link between your computer and SR.

    If this is a valid concern, how is this problem circumvented? thx
Title: Re: PGP Program a legal security risk/liability?
Post by: rake on August 07, 2011, 12:53 pm
Install the program onto an encrypted USB key and hide it when not in use.  If they take your PC then they won't be able to open the program at all.  Or use a Virtual Machine for all transactions and programs you don't want them to find.
Title: Re: PGP Program a legal security risk/liability?
Post by: Sour D on August 07, 2011, 02:46 pm
    Is there a newb-friendly guide for something like 'True Crypt' installation and using on a USB drive? This program seemed to have been recommended the most in various security threads, or is there something easier for newbs. Also, anyone have a link to a 'portable' PGP program to put on the True Crypted USB drive, including clear instructions?

   I am really new to this and severely lack in the IT knowledge area, so please be very specific and translate unfamiliar terminology.
Title: Re: PGP Program a legal security risk/liability?
Post by: sabialabia on August 07, 2011, 07:35 pm
if you are on a mac (Lion) encrypt your entire hd with filevault.
Title: Re: PGP Program a legal security risk/liability?
Post by: CaptainSensible on August 08, 2011, 12:15 pm
    Is there a newb-friendly guide for something like 'True Crypt' installation and using on a USB drive? This program seemed to have been recommended the most in various security threads, or is there something easier for newbs. Also, anyone have a link to a 'portable' PGP program to put on the True Crypted USB drive, including clear instructions?

   I am really new to this and severely lack in the IT knowledge area, so please be very specific and translate unfamiliar terminology.

The TrueCrypt software easily fits on the smallest USB drive.  Create a folder for it on your USB drive, start TrueCrypt, and keep the directions for using TrueCrypt open on a web page or text editor so you can read about what you need to do. Creating a TrueCrypt file, or volume, as it's called, takes several steps, but it's not hard. 

Follow the default options for inexperienced users and you'll create what looks like a file with no extension on your USB drive.  This file can only be opened (mounted, to use the TrueCrypt terminology) with TrueCrypt.  Once the file has been opened it will then look like another drive on your PC.  You can add files, pictures, etc. to this drive.

Once you unmount the drive with TrueCrypt it goes back to looking like a file on your USB drive. The data in it is locked up tightly -- as long as you used a long, complex password for the file.

There are other options for creating a more complex type of TrueCrypt file, but the defaults will give you a safe place to store files that can only be read by you.