What's new
  • ICMag with help from Landrace Warden and The Vault is running a NEW contest in November! You can check it here. Prizes are seeds & forum premium access. Come join in!

Security suggestion for ic

Harry Gypsna

Harry Gypsna

Dirty hippy Bastard
Veteran
Hey there people.
I have a suggestion for admins. How about a spot on peoples profile pages for PGP public keys.
As recent revelations have shown, "They" can get to anything they want on the net. ICmag being in NL means diddly squat because all European net traffic passes though the UK, and GCHQ have got their curly cocktail straw stuck right into the fibre optic, and are slurping up the sweet nectar of all your data as I type. SSL has been broken.
Obviously there is nothing to stop people putting the keys in the their sigs, but that would be messy. Sure people could request a key from whoever, but having them in peoples profiles would be so much simpler.
What do members think. What does admin think? I can't think oif any reason why admin would be against us encrypting our messages....
 
Harry Gypsna

Harry Gypsna

Dirty hippy Bastard
Veteran
budelight said:
Hi Harry,

How does a PGP Public key work here on icmag? (Pretty Good Privacy)

Thanks,
Budelight
Click to expand...

The same as anywhere else or for an Email. Write the message in your PGP programs notepad, encrypt it using the public key/s of the person/people you are sending the message to, then cut and paste the encrypted message to your PM here.
 
W

willyweed

i personally think encryption would not be strong enough on its own ! once they figure out a good way to tax it ,it will be decriminalised imo. but we should always be careful how we word things in the first place !
 
budelight

budelight

Discovery Requires Experimentation
Veteran
willyweed said:
i personally think encryption would not be strong enough on its own ! once they figure out a good way to tax it ,it will be decriminalised imo. but we should always be careful how we word things in the first place !
Click to expand...
The laws that change in USA may not effect the members of this forum in other countries.

They should still have a secure option.
 
B

babelfish

Member
willyweed said:
i personally think encryption would not be strong enough on its own ! once they figure out a good way to tax it ,it will be decriminalised imo. but we should always be careful how we word things in the first place !
Click to expand...

it's simple. sales tax. no other tax needed. has the additional benefits of letting growers fill out a legit return.
 
I

ILikeCheetos

Member
i dont understand how this is secure? You encrypt your post and put your public key in your profile. who do you give the private key to? who gets to read your post? if you make the private key public whats the point? If you dont make the private key public you should just email the people you wanted to read your message not post it on a public forum.
 
Harry Gypsna

Harry Gypsna

Dirty hippy Bastard
Veteran
ILikeCheetos said:
i dont understand how this is secure? You encrypt your post and put your public key in your profile. who do you give the private key to? who gets to read your post? if you make the private key public whats the point? If you dont make the private key public you should just email the people you wanted to read your message not post it on a public forum.
Click to expand...

You don't give your private key to anyone EVER.

They way PGP works is you have a pair of keys.

Public key, you share this one so that people can send you encrypted messages.

Private key, you keep this one to yourself and use it to decrypt messages.

When you send a message to someone, it is their public key you use to encrypt, and they use their private key to read it.

Only the person with the correct private key, can read a message encrypted with the corresponding public key.


Obviously, you wouldn't use the same keyset that you use encrypting your straight work or private emails in your non icmag life, you would have a set specifically for IC
 
B

babelfish

Member
willyweed said:
i personally think encryption would not be strong enough on its own ! once they figure out a good way to tax it ,it will be decriminalised imo. but we should always be careful how we word things in the first place !
Click to expand...

very good. this is what adobe's fuckup was recently. passwords were ENCRYPTED but not HASHED. This (encrypted) means they took the time to change the 'look' of the content but does not necessarily guarantee its impossible to reverse-engineer. Just because something is encrypted does not mean it is safe.

You should take some encryption steps and combine them with a secret 'salt' with more transformation steps to end up with a hash that you actually store.

Here's a good guide to the basics of encryption:
https://ssd.eff.org/tech/encryption

As for the salt? Consider it a secret ingredient - since the encryption algorithms used are known, and the process to use them is known, if you didn't have salt if they got your private key they should have enough to decrypt everything. With salt in place they ALSO have to find the salt, and the stage(s) at which it was applied.

It's kinda like the castle wall behind the moat - more to beat before your really in there.
 
You must log in or register to reply here.

Latest posts

Latest posts

Top