Silk Road forums

Discussion => Security => Topic started by: Enigma on January 30, 2012, 09:42 pm

Title: Shopping Cart: Send Address in plain text
Post by: Enigma on January 30, 2012, 09:42 pm
Hey,
Is it fatal to send your Name & Address to a vendor in plain text in the box in the shopping cart? Or is it safe but just safer to encrypt it? Thanks in advance :)
Regards
Title: Re: Shopping Cart: Send Address in plain text
Post by: chopkidigity on January 30, 2012, 11:39 pm
am I corect in thinking that all data in the address field is wiped clean from the database after its been confirmed/sent by the seller
Title: Re: Shopping Cart: Send Address in plain text
Post by: LexusMiles on January 31, 2012, 12:06 am
Fatal? No. Risky? I think yes.

If a vendor supplies their PGP key, best use it.
Title: Re: Shopping Cart: Send Address in plain text
Post by: v01d on January 31, 2012, 01:05 am
It is completely unadvised. GPG is pretty easy to use, and virtually unbreakable. There is no reason NOT to use it.
Title: Re: Shopping Cart: Send Address in plain text
Post by: jedieclipse on January 31, 2012, 01:18 am
So we would have to send the seller a message of our encrypted address instead of entering it in the address field? or just put the whole encryption into the address field?
Title: Re: Shopping Cart: Send Address in plain text
Post by: radium1911 on January 31, 2012, 01:41 am
Either use PGP (there are a number of guides on setting it up, but it is anything but user friendly), or privnote.com. Messages sent using privnote are destroyed once read, so even if the database is compromised, no data would be obtained.
Title: Re: Shopping Cart: Send Address in plain text
Post by: v01d on January 31, 2012, 01:43 am
So we would have to send the seller a message of our encrypted address instead of entering it in the address field? or just put the whole encryption into the address field?
Just enter the encrypted address in the address field. Make sure to include your public key if they don't have it.
Title: Re: Shopping Cart: Send Address in plain text
Post by: jedieclipse on January 31, 2012, 01:47 am
i feel ya void.
Could I not just use the sellers public key to encrypt it instead of giving them mine? seems like it would be more hassle for them to have to import my key instead of just using their's
Title: Re: Shopping Cart: Send Address in plain text
Post by: v01d on January 31, 2012, 01:55 am
i feel ya void.
Could I not just use the sellers public key to encrypt it instead of giving them mine? seems like it would be more hassle for them to have to import my key instead of just using their's
The public key is so they can message you back if need be. 
Title: Re: Shopping Cart: Send Address in plain text
Post by: CrunchyFrog on January 31, 2012, 06:22 am
Quote from: chopkidigity
am I corect in thinking that all data in the address field is wiped clean from the database after its been confirmed/sent by the seller
One would hope.  But that's all you're doing: hoping.

To me, it's far better to *know* that it doesn't matter because you've used encryption.  Control all the risks that you *can* control, in other words.