Silk Road forums

Discussion => Security => Topic started by: neurocortex on June 14, 2012, 06:54 pm

Title: Using tormail instead of GPG?
Post by: neurocortex on June 14, 2012, 06:54 pm
I'm super frustrated with using GPG. There is no GUI for my OS, and even if you know what you're doing (I dont), encrypting and deencrypting messages is slow and highly error-prone.

I was thinking about using tormail for messaging (accessed through the Tor browser). I see that some vendors on SR do this. Is this secure? Seems like it would be.

Does anyone have informed opinions on the security of using tormail instead of GPG for messaging?
Title: Re: Using tormail instead of GPG?
Post by: NeutronMan on June 14, 2012, 07:31 pm
I'm super frustrated with using GPG. There is no GUI for my OS, and even if you know what you're doing (I dont), encrypting and deencrypting messages is slow and highly error-prone.

I was thinking about using tormail for messaging (accessed through the Tor browser). I see that some vendors on SR do this. Is this secure? Seems like it would be.

Does anyone have informed opinions on the security of using tormail instead of GPG for messaging?
Sounds good, you cin always delete all the messages right after readin them for better security.

NM
Title: Re: Using tormail instead of GPG?
Post by: Meister on June 14, 2012, 07:38 pm
I would stick to encryption, Tormail isn't secure in that if the account is compromised, so is your information, and that's putting a lot of trust (and your freedom) in the hands of Tormail. With encrypting shipping information they would need to compromise the vendors actual computer while he's using his key, to get the key since it is hopefully on an encrypted usb drive not attached to the computer until needed.

Encrypting/Decrypting is quite quick for me and I don't know why you feel it's highly error prone.
Title: Re: Using tormail instead of GPG?
Post by: frank-butcher24 on June 14, 2012, 07:43 pm
Why trust a third party? Much better to keep all your illegal activities under your own control I think.

I know what you mean about lack of GUI for your OS though. You're on a Mac right?

My tip: try installing Liberte onto a USB stick. I use hackintoshes rather than real macintoshes, and Liberte works for me. There's a nice GUI for PGP on Liberte, and it's a really good and secure way to do all your Silk Road and other darknet-related shenanigans.
Title: Re: Using tormail instead of GPG?
Post by: neurocortex on June 14, 2012, 07:56 pm
OK thanks. I will stick to using GPG. I just need more practice with encrypting. Its a slow tedious process requiring creating a new text file for each message, and entering commands. Makes me wonder if there is a better way that a little easier? Or is the terminal box with the commands gpg--recipient XXX@XXX.com --encrypt xxx.txt the only way?
Title: Re: Using tormail instead of GPG?
Post by: frank-butcher24 on June 14, 2012, 08:02 pm
I don't know mate. I couldn't be bothered with PGP on the Mac for exactly that reason. Messing about with command-line PGP? No thanks...

Give Liberte Linux a go. Basically it is an operating system on a USB stick. You plug it in, and turn on your computer. Instead of booting into OSX, it will boot into Liberte instead. Once in Liberte, you have a simple, secure PGP and TOR-enabled OS at your disposal. Once you're finished, you shut down, pull out the USB stick and hide it away.

Oh wait, you do need access to a Windows PC for a few minutes to run a file to get Liberte to install on the USB stick. Yeah I forgot that. You only need to do it once though, then your stick's good to go.
Title: Re: Using tormail instead of GPG?
Post by: foxymeow on June 14, 2012, 08:08 pm
I hear you, I have a mac and I gave up on trying to use it for GPG. I have to use my desktop everytime I need to send out an PGPed order.
Title: Re: Using tormail instead of GPG?
Post by: bogben on June 14, 2012, 08:44 pm
I 2nd Guru's question!

If you are running tails then after creating your message file just right click and there will be an encrypt option for anyone on your key ring. This has the down side that there is no way I can see to make an ASCII armoured version, back to the command line I go.
If you stick at it, it becomes almost 2nd nature in short order.
Title: Re: Using tormail instead of GPG?
Post by: neurocortex on June 14, 2012, 10:39 pm
I'm running Mac OS 10.7.

OK, I am getting the hang of it. But its still a huge pain and I have to manually generate 2 new files and manually enter 2-3 commands each time I send a message.

I am interested in the Liberte solution, but concerned that this will break other things my computer needs to do, like connect to the internet or enable me to access the clearnet simultaneously.

Do you guys use GPG for ALL messages? or only messages that contain incriminating information, like addresses?

I'm surprised there isnt a super-simple encrypt/de-encrypt software application available. I mean, the process is SO simple-the application could have a window with a pull down menu of public keys, an entry field for messages, and an output. De-encryption would be even simpler. Just paste the message and look at the output. There is tons of PGP stuff available-maybe this is already out there somewhere?

One vendor on this forum said that about 70% of the messages or addresses they receive are NOT encrypted! This is a clear signal to me that something needs to be done to make the encryption process easier and more transparent.
Title: Re: Using tormail instead of GPG?
Post by: neurocortex on June 15, 2012, 04:49 pm
Thank you Guru for the explanation. I didnt realize security is weakened by a more convenient encryption interface.

I will keep working on it.
Title: Re: Using tormail instead of GPG?
Post by: homersimpson on June 15, 2012, 05:05 pm
I'm going to be encrypting my address for the first time tomorrow once my coins go through :)
I have liberte what do you do on it to encrypt it? Link would be helpful or something :)

Also OP I agree get liberte I haven't been disappointed so far and I've hardly even used it yet :)
Title: Re: Using tormail instead of GPG?
Post by: radi8power on June 15, 2012, 11:27 pm
I'm going to be encrypting my address for the first time tomorrow once my coins go through :)
I have liberte what do you do on it to encrypt it? Link would be helpful or something :)

Also OP I agree get liberte I haven't been disappointed so far and I've hardly even used it yet :)

Liberte is a good choice. Look through the programs list for GPA- Gnu Privacy Assistant. You'll need to copy your vendor's public key (including the header formatting) into a new file and save it somewhere (you only need it temporarily). Now in gpa choose the import option and find the file you just created. Now find the option in gpa for text editing, and simply choose your vendor's public key for encryption. Copy the entire encrypted message (with formatting) and send it to your vendor (via SR message, email, carrier pigeon, whatever). Now only he can decrypt it, because his private key is required.

If you want your contacts to be able to encrypt messages meant for you, you'll need to create your own key pair (one public key for encryption and one private key for decryption). It's a pretty simple process, but I'll leave it up to you to do a little reading first.

Also, there is NO reason to believe that what you send through tormail is secure. Even through tormail, use your own PGP encryption! Have you heard of hushmail? Turns out they were quietly sharing their users' emails with LE pretty much the whole time.
Title: Re: Using tormail instead of GPG?
Post by: homersimpson on June 16, 2012, 08:16 am
Thank you so much this was VERY helpful! :)