Silk Road forums

Discussion => Security => Topic started by: qq on June 21, 2012, 05:16 pm

Title: Wouldnt the existence of a private key prove association to an encrypted message
Post by: qq on June 21, 2012, 05:16 pm
So I was thinking about the PGP thing, encrypting your address, plausible deniability and the rest of it.

I understand the entire point of encrypting messages/addresses is so LE can't read them in the event of vendor account compromise/computer seizure.

I also understand the entire crux of defense relies on plausible deniability - "no judge, I have no idea who got a hold of my name and address and decided to send illicit substances to my house"

However, suppose LE compromise a vendor and get a hold of their private key through whatever means. They can now decode messages sent - including addresses. Next thing they do is pop around to each of those addresses with a warrant, confiscate electronics and find private keys used to sign the sent messages! Hard evidence, since each public/private key pair is unique, right?

This assumes the worst (ie. the vendor keeps unnecessary details laying around and the client doesn't make any effort to hide their keys or does so under weak encryption), but it's still possible - particularly with a malicious vendor.

It seems like it almost makes more sense to send information in plaintext to avoid the incrimination. Or use a new key for each message, securely deleting the old one.
Title: Re: Wouldnt the existence of a private key prove association to an encrypted message
Post by: Meister on June 21, 2012, 05:30 pm
Sure, but that is why you should keep it hidden and safe, like on an encrypted drive, thumb drive etc.