Silk Road forums

Discussion => Security => Topic started by: kingston on January 21, 2012, 06:49 am

Title: PGP and internal SR message system
Post by: kingston on January 21, 2012, 06:49 am
Hello,

Can someone clear something up for me, do I need to use/worry about PGP encryption if I am using the internal Silk Road messaging system? When I provide my address details for a buy for example via the internal SR messaging system, is that going 'in the clear' or able to be intercepted? I wouldn't think so got confused by some recent posts and want to get some opinions.

Thanks...

Sincerely,
Kingston
Title: Re: PGP and internal SR message system
Post by: zifnab on January 21, 2012, 07:12 am
As a rule of thumb, always encrypt any information that leads back to you or is personal about you; so yeah, your address definitely counts.

Even if its not your house address and a fake name, its an indication of where you will be in the future. Sure, LE's not going to waste the manpower for a stake out but its just good common sense. After all, your receiving address could end up in a database somewhere which puts you 1 step closer to an unfortunate incident.

There are several good guides floating around here, just run a search. Stay safe.
Title: Re: PGP and internal SR message system
Post by: abuttelmao on January 21, 2012, 08:11 am
You always need to worry about PGP when sending sensitive data.  Don't assume that anyone is keeping you safe - keep yourself safe.
Title: Re: PGP and internal SR message system
Post by: kmfkewm on January 21, 2012, 09:03 am
If SR server is pwnt by someone malicious they can certainly intercept all communications through the PM system.You also need to worry about an attacker who pwns SR server doing man in the middle attacks on GPG key exchange, this sort of attack may go undetected for a very long time. You shouldn't need to register to view this forum and you should add a profile option for GPG key so users can load it to their profile. Then only clicking the user name to go to their profile is required to get their GPG key. If the forum is open for all to view and has a place for GPG keys in user profiles you can periodically check your own listed GPG key against your known as legitimate GPG key. This is the best way to protect from SR or someone who pwns it doing MITM attacks on key exchange.