BTC vs PGP

[pereira4]

With so many hacks of accounts happening lately, I have become interested in the subject of signing messages cryptographically. It's a pretty cool way to prove your identity. But I was just wondering: What is the best method, using a BTC address you own, or using a PGP signed message?

I have learned how to use the BTC signing and verification method in Core, it's pretty easy and straightforward. I still didn't learn how to use PGP. I was wondering if it's worth it, or using a BTC address to prove your identity is as good as PGP or what are some pros and cons of both.

[The_Dark_Knight]

With so many hacks of accounts happening lately, I have become interested in the subject of signing messages cryptographically. It's a pretty cool way to prove your identity. But I was just wondering: What is the best method, using a BTC address you own, or using a PGP signed message?

I have learned how to use the BTC signing and verification method in Core, it's pretty easy and straightforward. I still didn't learn how to use PGP. I was wondering if it's worth it, or using a BTC address to prove your identity is as good as PGP or what are some pros and cons of both.

If you want to learn both you can do both there is no problem, however in this forum is obvious that signing messages with bitcoin is the preferred method for the simple reason that almost all members of the forum have a bitcoin wallet and not all of them are going to have a PGP key, also if I remember correctly you can stack your PGP key in a thread very similar to the thread in which you stack a bitcoin address.

[actmyname]

also if I remember correctly you can stack your PGP key in a thread very similar to the thread in which you stack a bitcoin address.

https://bitcointalk.org/index.php?topic=1159946.0

No harm in putting a secure PGP address down on the forum. This eliminates a single point of failure. With accounts being hacked consistently it would always be helpful to have a secondary way of showing identification.

[alexrossi]

I'm considering to do a pgp signed message, actually I've staked just a bitcoin address but I think that PGP fits better for this purpose. I tend to not reuse btc addresses and this obviously in the long run could be problematic.

I've already done it in a personal escrow thread (pgp message) but will do also for account recovery.

[pereira4]

I'm considering to do a pgp signed message, actually I've staked just a bitcoin address but I think that PGP fits better for this purpose. I tend to not reuse btc addresses and this obviously in the long run could be problematic.

I've already done it in a personal escrow thread (pgp message) but will do also for account recovery.

Why would it be problematic? As long as you have the private key for that address (and if you use Bitcoin Core, you can't delete your addresses), and you posted that address before your account gets hacked, then there's no denying that you are the real owner of the account.

Anyway what's a good tutorial to learn how to do the PGP signature with windows? or is it better to do it in an issolated OS like Tails?

[qwk]

I still didn't learn how to use PGP. I was wondering if it's worth it

Generally, learning to use PGP/GPG is a good thing.
Whether you use it to secure your account on bitcointalk or you start using it for private communication via email, it's definitely worth the comparatively little effort to set it up.
Once you're used to signing all your emails you might notice that it's a pretty convenient way to store private notes (or generally information) online.
As soon as you start verifying other users' emails you'll also note that you'll do trades via email more confidently etc.
The list goes on and on, but no matter what specific use case you might eventually find for yourself:

I doubt that you'll ever regret using strong personal encryption on a daily basis.

[Last of the V8s]

they've been adding more and more cruft and less and less security to pgp (sound familiar?)

windows versions are not considered safe

recommend 1.4.10

keep an eye on #trilema for the latest

[The_Dark_Knight]

I'm considering to do a pgp signed message, actually I've staked just a bitcoin address but I think that PGP fits better for this purpose. I tend to not reuse btc addresses and this obviously in the long run could be problematic.

I've already done it in a personal escrow thread (pgp message) but will do also for account recovery.

Why would it be problematic? As long as you have the private key for that address (and if you use Bitcoin Core, you can't delete your addresses), and you posted that address before your account gets hacked, then there's no denying that you are the real owner of the account.

Anyway what's a good tutorial to learn how to do the PGP signature with windows? or is it better to do it in an issolated OS like Tails?

When it comes to security forget about windows, you do not need to use a Linux distribution focused in security like tails to learn how to sign some PGP messages, usu Ubuntu and use this tutorial.

https://help.ubuntu.com/community/GnuPrivacyGuardHowto

That is enough to get you started once you get the hang out of it signing messages and reading encrypted messages becomes very easy, just take your time to absorb the information.

[cellard]

Sorry to bump this old thread, but I have the same doubt and I don't think it's worth it creating the same thread again. I wanted to ask if using a private key as a method to prove your identity has some weaknesses compared to PGP, and what is preferred, I would like some more discussion on this.

they've been adding more and more cruft and less and less security to pgp (sound familiar?)

windows versions are not considered safe

recommend 1.4.10

keep an eye on #trilema for the latest

If you are using Linux to use PGP and Linux to generate the private key of BTC to use as identity verification, what is safer? I heard some people saying that using BTC private keys for this is a bad practice, but I don't see how... I think it's as safe as PGP. If you generate your BTC address in an offline Linux computer and use that to sign messages, what could go wrong? seems pretty solid to me.