Silk Road forums
Discussion => Newbie discussion => Topic started by: rsk34 on April 08, 2013, 11:09 am
-
I've lurked on here for a little bit and I think I've already answered a couple of my own questions:
* Finalizing early is asking for getting scammed
* Auto-finalizing will piss off merchants
Here's what I'm still a little bit shaky on however:
When going to "check out" so to speak, there is a field to put in your shipping address. Do merchants prefer to see it there or not? It seems like every one of the merchants has got a tormail address with an associated PGP key. Is it possible to do a transaction without sending the shipping address via PGP encrypted mail? If so, what's the point of tormail if it's possible to just message the vendor on SR directly?
Next, with Bitcoin prices skyrocketing in the past couple of days, do vendors update their prices or are the prices entered in dollars and then simply compared to the current bitcoin value in real-time? Not exactly sure how this works.
-
Hi rsk34, good to see you wanting to get your facts straight before jumping in, less chance of anything going wrong and putting you off this awesome venue.
Unless otherwise stated vendors don't mind seeing your address in clear text in the box. If you'd like to encrypt your details, place the encrypted message in the address box. Don't send it to them via email. These precautions are much more for your safety than the vendors. They know your address, you know very little about them.
Depends on the vendor, though most peg their listing price to the btc-US dollar exchange rate, so their price fluctuates with btc.
Hope this helps, AB.
-
Hi rsk34, good to see you wanting to get your facts straight before jumping in, less chance of anything going wrong and putting you off this awesome venue.
Unless otherwise stated vendors don't mind seeing your address in clear text in the box. If you'd like to encrypt your details, place the encrypted message in the address box. Don't send it to them via email. These precautions are much more for your safety than the vendors. They know your address, you know very little about them.
Depends on the vendor, though most peg their listing price to the btc-US dollar exchange rate, so their price fluctuates with btc.
Hope this helps, AB.
Thanks Aussie bob, that clears it up in general terms.
However, If you'd like to encrypt your details, place the encrypted message in the address box
I'm not sure what you're saying here. If they post their PGP (somewhat) publicly, doesn't encrypting it and pasting the output kind of irrelevant because anyone with an access to it can decipher it?
-
If they post their PGP (somewhat) publicly, doesn't encrypting it and pasting the output kind of irrelevant because anyone with an access to it can decipher it?
You got the wrong idea.. The public key can ONLY encrypt messages. The person decrypting your message has a private key that's completely different from the public one and used to decrypt messages. Or else PGP would really not make any sense, I thought the same as you when I first learned about it though.
-
If they post their PGP (somewhat) publicly, doesn't encrypting it and pasting the output kind of irrelevant because anyone with an access to it can decipher it?
You got the wrong idea.. The public key can ONLY encrypt messages. The person decrypting your message has a private key that's completely different from the public one and used to decrypt messages. Or else PGP would really not make any sense, I thought the same as you when I first learned about it though.
I've read a little bit about it and now I understand. Thanks, tree.
One last question: I've made an account at blockchain.info and created some wallets there, but for some reason they didn't provide the secret keys to go along with them, rendering them kind of useless. Is SR's internal "PIN" the same thing as a secret key that will allow the wallet that is (I'm assuming) created along with the account to be used?
-
yes vendors update the price so it equals the same amount of money for them if they have to charge 100 bitcoin or 1, it's the same.
It's best to understand PGP, but regardless a vendor gets your money. The risk is all on you without PGP but I have seen some vendors require it. The issue is if your vendor is compromised your address may be seen by the wrong people. This can equal love letters of a controlled delivery.
But at first I didn't understand PGP, I was still able to use SR.
-
Sellers post a tormail address only as a backup in case SR is down for an extended period of time.
SR's pin is an extra security step for when you're making a payment. It's not a feature that is inherent to all bitcoin wallets. To use a blockchain wallet all you need is the main account password.
-
Thanks guys I think I'm almost 100% up to speed. Just doing some research here, I want to get everything right so that nobody is mad and/or disappointed.
With the public key I can encrypt the address, which I can then send through the clear text address prompt when I'm making a purchase on SR; the seller is then able to decipher it with a private key; whereas I am no longer able to decipher my message with a public key because it's a one-way encryption.
I can encrypt it using whichever tool I desire and then paste the resulting hash (?) into the clear text field and the seller will be able to decrypt it on their end, is this correct?
Thanks again.
-
Yes : this is a message that can contain my full IRL details. My name, SSN, income, address, phone number, etc.
It's encrypted using my public key. ONLY I can decrypt it using my private key. It's that secure. If you could reliably break PGP you'd be a billionaire. If I had encrypted it with your public key, I could never view its contents again & only you could see them.
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.12 (MingW32)
hQIMA3QGW7cAY7YYAQ/+OjEi2Kt6YKv/T30BAOt8oTSW/ML8FxQ/udRLFwS1sovn
6Cp+JpXXrufW/zNGBXrD82pY2yJJ1l7HVqgOhErEMDubGdUTpy7lP3neLENNM2pI
yym27wmn+HUtgI3mNRfpQQFbV1yq24SyxCL3U+mxvkR8hAfibkE36JIYjg32wNCz
QKf45S8U52ZezfGbFJ605Nj4stpSqKkdmKoWOlQCJ1G0nndMbHY9npcp58qhlRS7
RwOdOOQZw2AFgXb0+TF/AtLgT3zfxccXofUR37YOoGfb+gkxBX4MZE7ODE7pqj54
WBFycbaXU9Q7mw7uhL7crszMhhy7mYKjnvnpbR3JTJTfgCWiifYNWjTqfUM+Arxq
fTMB5GIzUwcsQYXhvOMkBsXRQwBNBgpte6KB7/Vzyp0kHKgNJWXNv0GbxY0UkYjK
anrKnzFKpmNEpUmmcmBFiei6hkvwMZgcBRxb75WKqZsLYAdL5Rz+XAKmF0Tkbb6C
5zVcurJgXjDorOcCFpvh6YzbZ+OI7JD0mU88oQQgFS+nmHCamzNmL65A0j+R2TWh
to4ffvo2Fl8VmH8cMKi8kSzQ4LNiUYz1YJDsKvwWE0/zeBzjSDYxgzLU++TKb8OD
QFUBuKWVBxtFmRKJ5B548QGW2cFaDIRu+iqRUGZbRILrAZtRKYgjN84xV3UtO1zS
PgGOg//Epz7Z/U9QFcM2Ph53aiFhkNpHCxfmCEd6ZBoQkdxEEvFMR+oaztsuDAGk
wJkFfxEEVUxfygXnx520
=rrtx
-----END PGP MESSAGE-----