Silk Road forums

Discussion => Security => Topic started by: Merino on July 05, 2012, 09:00 pm

Title: Ordering from vendor with no PGP key
Post by: Merino on July 05, 2012, 09:00 pm
My devil may care side thinks sending my info in cleartext via SR is highly unlikely to be a problem. On the other hand I don't understand why the hell a vendor wouldn't have a key on his page. Any techies care to break down the risk or lack of risk? I doubt I'll do it but am curious about the technical aspects.                             
Title: Re: Ordering from vendor with no PGP key
Post by: sdesu on July 05, 2012, 10:02 pm
The vendor should definitely be using encryption. If you can, find a vendor that does use PGP. I'd be concerned that if a vendor doesn't care enough about their own security, why would they care about yours.

Anyway, the information entered into the address box is automatically encrypted. Additional encryption is technically optional, but highly recommended, for everyone's security.

sdesu
Title: Re: Ordering from vendor with no PGP key
Post by: eJ3k1 on July 05, 2012, 10:13 pm
My devil may care side thinks sending my info in cleartext via SR is highly unlikely to be a problem.
I tend to agree. Cleartext that stays within the TOR network is already pretty strongly encrypted.

However the GPG is a nice extra layer, I would recommend it if you send your address to somebody. If there does turn out to be some kind of leak in the network, then at least that info is not out in the open.

GPG isn't the easiest piece of software to learn, but it isn't that hard either. A professional seller should know how to use it.
Title: Re: Ordering from vendor with no PGP key
Post by: the renegade on July 06, 2012, 01:58 am
My devil may care side thinks sending my info in cleartext via SR is highly unlikely to be a problem.
I tend to agree. Cleartext that stays within the TOR network is already pretty strongly encrypted.

However the GPG is a nice extra layer, I would recommend it if you send your address to somebody. If there does turn out to be some kind of leak in the network, then at least that info is not out in the open.

GPG isn't the easiest piece of software to learn, but it isn't that hard either. A professional seller should know how to use it.

At first I thought this.  To me it was the hurdle that prevented me from making any transactions the first 3 months I was here.  If you're just using it to store keys and encrypt your address for purchases, than I feel it is very simple.

It was just intimidating at first, with all the options on the interface.
Title: Re: Ordering from vendor with no PGP key
Post by: cacoethes on July 06, 2012, 10:18 am
GPG isn't the easiest piece of software to learn, but it isn't that hard either. A professional seller should know how to use it.

Yeah, I agree.  A seller that can't be bothered to learn it or is too lazy to use it isn't someone I feel comfortable ordering from.
Title: Re: Ordering from vendor with no PGP key
Post by: Merino on July 06, 2012, 01:40 pm
It all worked out. Vendor was new and had just neglected to put his key on his vendor page.