Hansa Users PSA

Stop double encrypting messages.

I've had many users using my key outside of Hansa to encrypt the message and then using Hansas built in auto encryption to send messages.

It's the same key! Encrypting it a second time with my same public key will do no one any good if my private key is compromised.

And if you don't already have your PGP key linked with your account don't be surprised if vendors rarely reply as open messaging is bad for everyone.

TL:DR - Stop double encrypting with the same cert / and add PGP to your account.


Comments


[6 Points] TheAlpGuy:

I could care less to have to decrypt it twice. That's not the issue the issue is that it's encrypted twice with THE SAME cert. There is literally zero reason to do it twice, Hansa has a built in button to make it easy for everyone for a reason.

And berating my customers? Who's name did I say? I have hundreds of customers and didn't name any of them, it's called a PSA for a reason.

If ANY of my customers would like more security in messaging I will gladly work with them on that, but the fact stands if my private key is compromised, running a message through the same encryption a second time with the same cert will help no one.

And yes for some of us it is a hassle. Not so much for message but when you need to take all of the data from an order and plug it into a spreadsheet and then you end up pasting a huge encryption line instead of an address it can mess things up a bit.

Again hence the "PSA" I named no one, I'm not pointing fingers at anyone. Just letting people know if you want more security, that literally does nothing

Edit - Also forgot about the final part, A LOT of people don't have PGP listed on their accounts, or linked with their accounts on Hansa, which means 0 PGP at all. So that is something some people need to look at as well


[4 Points] TicketsToBelize:

I can't believe people actually do this lol. Also just fucking learn PGP if you're gonna use the markets so vendors can communicate with you. It literally takes 5 minutes to learn all of its functions.

What a hassle it must be to be a vendor with the influx of not-so-tech-savvy users flooding the markets lol.


[3 Points] dabbingtimes:

the markets should remove the option to automatically encrypt using vendors PGP if you dont know how to us PGP you have no business on the DNMs, also all accounts should be forced to use 2fa on registration. just my opinon but itd cut scam sites off at the neck


[2 Points] jarxlots:

I have no evidence to back up this claim, however, in other similar asymmetric crypto systems, encrypting under the same key multiple times could potentially weaken the cryptographic security of the ciphertext.

In practice, though, I would imagine this would be a minimal loss. Someone could test this by encrypting the same message under one key millions of times while recording the results to see if any patterns from the plaintext or the key ever emerge.


[2 Points] None:

im trying to place my damn order with you but my payment has been waiting to be confirmed for 3 days wtfff Hansa


[1 Points] needmypackbro:

No one is doing it on purpose. It is automatically checked on the order page.


[1 Points] DogsMakeBetterCats:

Good point about adding my PGP key to my account. I forgot to do that. I think there should be more reminders to tell a customer to add their PGP key so vendors can communicate with them, /u/HansaMarketTeam


[1 Points] techguru94:

Hey u/TheAlpGuy. Any word on you coming off vacation soon?


[-15 Points] rilksoadvb5piz3r:

lazy fuck. i'd rather have messages double encrypted than not at all or via the market only.