This is an archived post. You won't be able to vote or comment.

all 6 comments

[–]lolwhatrusrs 0 points1 point  (5 children)

AutoPGP is recipe for a disaster.

[–]mdparity[S] 0 points1 point  (4 children)

Please clarify why you think it's a recipe for disaster? Is it because you feel the message isn't signed to prove the actual sender? I always look forward to opinions and feedback.

You can read more about the AutoPGP feature here: http://u5z75duioy7kpwun.onion/wiki/index.php/Using_AutoPGP

BlackBank doesn't hold private keys, so only the recipient with the private key can decrypt the messages. The idea is just to simply save the trouble of importing public keys, especially if you are only going to use it once or twice.

[–]lolwhatrusrs 0 points1 point  (3 children)

BlackBank doesn't hold private keys, so only the recipient with the private key can decrypt the messages. The idea is just to simply save the trouble of importing public keys, especially if you are only going to use it once or twice.

Private keys make no difference when you are the one encrypting data. Can you prove you're not copying all cleartext?

[–]mdparity[S] 0 points1 point  (2 children)

What are the benefits of copying the messages as cleartext for a market service? If you can't trust the market conducting the Escrow service to encrypt the messages, then you probably shouldn't trust the vendor/seller receiving your messages neither.

The service gains no benefit for us to cheat by keeping cleartext messages.

The purpose is if the service was compromised at a data level, all messages retrieved would be encrypted. At a hardware level, the drive is encrypted, so if the system was physically compromised, it'll shutdown and become inaccessible.

[–]lolwhatrusrs 0 points1 point  (1 child)

If you got hacked, someone could backdoor the code.

[–]mdparity[S] 0 points1 point  (0 children)

Backdoor into the server itself to modify the code or XSS/CSRF attack? The actual code is backed into an SVN server and svnsync'ed to a secondary server. If there were any changes to the framework, a new update would appear in the log, and using diff, the changes are easily caught.

However, to even modify the code (which even the webserver has no write access to the framework), a privileged user access is required. If the server was hacked with privileged user/root access, I doubt any service has any great protection against that beyond preventative measures. If a hacker had full access, and was not after the Bitcoins, they could modify the code and steal messages for a short period of time.

However, if an administrator allowed the server to be compromised to that extent, it wouldn't make a difference if you used AutoPGP or not. Even without AutoPGP, if a server was hacked with that level of access, the hacker could easily take control of the accounts, change all the public keys to ones they have private keys to, then send a message to members telling them they changed their public keys.

If this is the case, there is no such market with a message system that is 100% protected. At least in my case, all past messages are encrypted. A member doesn't have to think back and wonder if a purchase they made three weeks ago may get them arrested. This is called risk analysis and mitigation.

I ask you now, how does any market/server prevent impersonation if it was compromised at the privileged user/root level?

If you have time, please email me at BlackBank@mail2tor.com, as I would like to further discuss security and ways to improve the system.

reddit gold

In Summation

Want to say thanks to %(recipient)s for this comment? Give them a month of reddit gold.

By purchasing Reddit Gold, you agree to the Reddit User Agreement.

  • make my gift anonymous
  • include a message

Please select a payment method.

Give gold often? Consider buying creddits to use, they're 40% cheaper if purchased in a set of 12.

Would you like to learn more about giving gold?