I was just browsing around and found post on https://dnstats.net/market/BlackBank
Anybody care to weigh in? I'm no expert so this guy could be full of shit, sound legit though.
Expert on algorytmics with 10+ years of professional experience said last 11th May, 2015 at 0:55 (8 Day(s) ago)
The comment below just made me aware that BlackBank provides AutoPGP feature. They are fucked because of encouraging people to use it - here goes my math proof (using simple logic): Case 1) Using only AutoPGP (without PGP on your local machine) - when you send for example your email address (which is plain text in this case) then BlackBank is able to read it (maybe event store it). So if the market is overtaken by LE then all your data is compromised - you know the implications. Case 2) Using local PGP + AutoPGP - after these operations you will have an encoded message protected by the 2048 or 4096 RSA. There is not much info about exact implementation of AutoPGP feature in BB but I guess they are using very same PGP public key which you use locally (ie public key of the vendor) so encryption key remains unchanged therefore there is no extra security added here. Even if they use some other key (I really doubt it) then key size will be double for example 2*4096 bytes what is also useless as nowadays 2048 bytes is sufficient for most purposes - going over 4096 bytes is pointless. It's really bad - it gives people a false sense of security and doesn't help in any case as described above. What was author trying to accomplish by introducing that shit? Is he just so lame and dumb? IMHO I doubt it as he's maintaining one of the biggest darknet markets but who knows... So please people watch out! PGP makes sense only on your secure, private machine.
AutoPGP should never be trusted.