pereira4 (OP)
Legendary
 Offline
Activity: 1610
Merit: 1183
|
 |
October 15, 2017, 04:31:27 PM |
|
With so many hacks of accounts happening lately, I have become interested in the subject of signing messages cryptographically. It's a pretty cool way to prove your identity. But I was just wondering: What is the best method, using a BTC address you own, or using a PGP signed message?
I have learned how to use the BTC signing and verification method in Core, it's pretty easy and straightforward. I still didn't learn how to use PGP. I was wondering if it's worth it, or using a BTC address to prove your identity is as good as PGP or what are some pros and cons of both.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
"With e-currency based on cryptographic proof, without the need to
trust a third party middleman, money can be secure and transactions
effortless." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
The_Dark_Knight
|
|
October 17, 2017, 02:55:04 AM |
|
With so many hacks of accounts happening lately, I have become interested in the subject of signing messages cryptographically. It's a pretty cool way to prove your identity. But I was just wondering: What is the best method, using a BTC address you own, or using a PGP signed message?
I have learned how to use the BTC signing and verification method in Core, it's pretty easy and straightforward. I still didn't learn how to use PGP. I was wondering if it's worth it, or using a BTC address to prove your identity is as good as PGP or what are some pros and cons of both.
If you want to learn both you can do both there is no problem, however in this forum is obvious that signing messages with bitcoin is the preferred method for the simple reason that almost all members of the forum have a bitcoin wallet and not all of them are going to have a PGP key, also if I remember correctly you can stack your PGP key in a thread very similar to the thread in which you stack a bitcoin address. |
|
|
|
|
actmyname
Copper Member
Legendary
Offline
Activity: 2562
Merit: 2504
Spear the bees
|
|
October 17, 2017, 05:52:46 AM |
|
also if I remember correctly you can stack your PGP key in a thread very similar to the thread in which you stack a bitcoin address.
https://bitcointalk.org/index.php?topic=1159946.0No harm in putting a secure PGP address down on the forum. This eliminates a single point of failure. With accounts being hacked consistently it would always be helpful to have a secondary way of showing identification. |
|
|
|
alexrossi
Legendary
Offline
Activity: 3724
Merit: 1739
Join the world-leading crypto sportsbook NOW!
|
|
October 17, 2017, 08:51:51 AM |
|
I'm considering to do a pgp signed message, actually I've staked just a bitcoin address but I think that PGP fits better for this purpose. I tend to not reuse btc addresses and this obviously in the long run could be problematic.
I've already done it in a personal escrow thread (pgp message) but will do also for account recovery.
|
|
|
|
pereira4 (OP)
Legendary
Offline
Activity: 1610
Merit: 1183
|
|
October 17, 2017, 02:06:33 PM |
|
I'm considering to do a pgp signed message, actually I've staked just a bitcoin address but I think that PGP fits better for this purpose. I tend to not reuse btc addresses and this obviously in the long run could be problematic.
I've already done it in a personal escrow thread (pgp message) but will do also for account recovery.
Why would it be problematic? As long as you have the private key for that address (and if you use Bitcoin Core, you can't delete your addresses), and you posted that address before your account gets hacked, then there's no denying that you are the real owner of the account. Anyway what's a good tutorial to learn how to do the PGP signature with windows? or is it better to do it in an issolated OS like Tails? |
|
|
|
|
qwk
Donator
Legendary
Offline
Activity: 3542
Merit: 3411
Shitcoin Minimalist
|
|
October 17, 2017, 09:35:36 PM |
|
I still didn't learn how to use PGP. I was wondering if it's worth it
Generally, learning to use PGP/GPG is a good thing. Whether you use it to secure your account on bitcointalk or you start using it for private communication via email, it's definitely worth the comparatively little effort to set it up. Once you're used to signing all your emails you might notice that it's a pretty convenient way to store private notes (or generally information) online. As soon as you start verifying other users' emails you'll also note that you'll do trades via email more confidently etc. The list goes on and on, but no matter what specific use case you might eventually find for yourself: I doubt that you'll ever regret using strong personal encryption on a daily basis. |
Yeah, well, I'm gonna go build my own blockchain. With blackjack and hookers! In fact forget the blockchain.
|
|
|
Last of the V8s
Legendary
Offline
Activity: 1652
Merit: 4392
Be a bank
|
|
October 17, 2017, 09:51:52 PM |
|
they've been adding more and more cruft and less and less security to pgp (sound familiar?)
windows versions are not considered safe
recommend 1.4.10
keep an eye on #trilema for the latest
|
|
|
|
|
The_Dark_Knight
|
|
October 23, 2017, 03:42:12 AM |
|
I'm considering to do a pgp signed message, actually I've staked just a bitcoin address but I think that PGP fits better for this purpose. I tend to not reuse btc addresses and this obviously in the long run could be problematic.
I've already done it in a personal escrow thread (pgp message) but will do also for account recovery.
Why would it be problematic? As long as you have the private key for that address (and if you use Bitcoin Core, you can't delete your addresses), and you posted that address before your account gets hacked, then there's no denying that you are the real owner of the account. Anyway what's a good tutorial to learn how to do the PGP signature with windows? or is it better to do it in an issolated OS like Tails? When it comes to security forget about windows, you do not need to use a Linux distribution focused in security like tails to learn how to sign some PGP messages, usu Ubuntu and use this tutorial. https://help.ubuntu.com/community/GnuPrivacyGuardHowtoThat is enough to get you started once you get the hang out of it signing messages and reading encrypted messages becomes very easy, just take your time to absorb the information. |
|
|
|
|
cellard
Legendary
Offline
Activity: 1372
Merit: 1250
|
|
March 20, 2018, 04:47:20 PM |
|
Sorry to bump this old thread, but I have the same doubt and I don't think it's worth it creating the same thread again. I wanted to ask if using a private key as a method to prove your identity has some weaknesses compared to PGP, and what is preferred, I would like some more discussion on this. they've been adding more and more cruft and less and less security to pgp (sound familiar?)
windows versions are not considered safe
recommend 1.4.10
keep an eye on #trilema for the latest
If you are using Linux to use PGP and Linux to generate the private key of BTC to use as identity verification, what is safer? I heard some people saying that using BTC private keys for this is a bad practice, but I don't see how... I think it's as safe as PGP. If you generate your BTC address in an offline Linux computer and use that to sign messages, what could go wrong? seems pretty solid to me. |
|
|
|
|
|
