Should PGP keys be made mandatory for high ranks?

[Carlton Banks]

Maybe start out saying Legendaries must register PGP keys within a timeout that starts after their most recent login? Then move that requirement down the ranks slowly.


It seems like PGP usage is sort of encouraged, but then again there is also a field in Profile Settings for MSN and Skype handles If PGP is needed to recover accounts, why not actually make it a part of the forum? Given that Bitcoin is really a part of a wider push towards personal cryptography as a whole, I'm slightly surprised we're still at the "post your public key in this thread" stage

[1715471510]

1715471510

[1715471510]

1715471510

[1715471510]

1715471510

[1715471510]

1715471510

[EcuaMobi]

Yes, it would be very helpful, along with:

• Requirement for a signed message with the previous key in order to register a new one
• An option to encrypt any received PM, using the registered public key
• An option to automatically verify a message was signed by somebody, using the registered public key

Accounts could still be sold along with the private keys, but this would pretty much make impossible to hack accounts, and would definitely increase security privacy.

[bones261]

Yes, it would be very helpful, along with:

• Requirement for a signed message with the previous key in order to register a new one

I'm not too sure that I like this idea. I ended up staking a new address because the original was controlled by coinbase. Unfortunately, coinbase disabled the ability to sign a message. I don't think the simple fact of losing a key should put a beloved account at risk of being locked out forever. I know us Bitcoiners are used to it. However, it is actually a security flaw to make access totally unrecoverable if keys are lost.

[hacker1001101001]

Bitcoin address are one of the main part in the working of the forum. If a person could not verify his BTC address by signing a message means he could not recover his account in case its locked or hacked. It is one of the important criteria to recover a account along with the original email so adding it as an filled on the Bitcointalk profile is a pretty good suggestion.

But this was already suggested by OgNasty to theymos, and theymos thinks PGP keys are insecure and it needs a revision.

I’ve long thought there should be a spot for PGP fingerprint.

PGP fingerprints are SHA-1, which is insecure. The OpenPGP standard really needs a complete new revision...

[EcuaMobi]

Yes, it would be very helpful, along with:

• Requirement for a signed message with the previous key in order to register a new one

I'm not too sure that I like this idea. I ended up staking a new address because the original was controlled by coinbase. Unfortunately, coinbase disabled the ability to sign a message. I don't think the simple fact of losing a key should put a beloved account at risk of being locked out forever. I know us Bitcoiners are used to it. However, it is actually a security flaw to make access totally unrecoverable if keys are lost.

What happened to you regarding coinbase can't happen with PGP keys. These keys are yours only and can't ever be managed by anybody else, even less so exclusively by someone else. PGP keys should be backed-up and safely kept. If someone loses their PGP keys it would at least be a sign they're not very well at security.

There could be a way to set a new PGP certificate if the last one's keys were lost, but it shouldn't be easy at least. It should require some deep verification.

But this is really secondary compared to first actually having PGP keys registered into the forum, that or another standard that proves to be more secure.

[Carlton Banks]

this was already suggested by OgNasty to theymos, and theymos thinks PGP keys are insecure and it needs a revision.

I’ve long thought there should be a spot for PGP fingerprint.

PGP fingerprints are SHA-1, which is insecure. The OpenPGP standard really needs a complete new revision...

hmmm, that means spoofing fingerprints is fairly trivial. Awkward.

[bones261]

Yes, it would be very helpful, along with:

• Requirement for a signed message with the previous key in order to register a new one

I'm not too sure that I like this idea. I ended up staking a new address because the original was controlled by coinbase. Unfortunately, coinbase disabled the ability to sign a message. I don't think the simple fact of losing a key should put a beloved account at risk of being locked out forever. I know us Bitcoiners are used to it. However, it is actually a security flaw to make access totally unrecoverable if keys are lost.

What happened to you regarding coinbase can't happen with PGP keys. These keys are yours only and can't ever be managed by anybody else, even less so exclusively by someone else. PGP keys should be backed-up and safely kept. If someone loses their PGP keys it would at least be a sign they're not very well at security.

There could be a way to set a new PGP certificate if the last one's keys were lost, but it shouldn't be easy at least. It should require some deep verification.

But this is really secondary compared to first actually having PGP keys registered into the forum, that or another standard that proves to be more secure.

Eventually losing your keys or having them compromised is the way of the universe. However, I guess for the purpose of this forum, there is no need for anyone else to gain access in the event of my death.

[Carlton Banks]

Re: SHA-1 fingerprints

does this matter for the current PGP use-case on Bitcointalk? The fingerprint need not (and AFAIU is not) be used for account recovery.

[asche]

I don't see the point in using PGP for that specific reason. A specific bitcoin or ethereum addy is perfectly fine for that usage.

[Carlton Banks]

Using Bitcoin keys is more difficult, you need to get people to use legacy addresses, as there's no message signing standard using segwit addresses. Awkward situation.

[asche]

Using Bitcoin keys is more difficult, you need to get people to use legacy addresses, as there's no message signing standard using segwit addresses. Awkward situation.

And what's the trouble keeping a legacy address?

Also it IS possible to sign a message with a segwit address.

[bones261]

Using Bitcoin keys is more difficult, you need to get people to use legacy addresses, as there's no message signing standard using segwit addresses. Awkward situation.

And what's the trouble keeping a legacy address?

Also it IS possible to sign a message with a segwit address.

Exactly. Especially since it it is probably advisable to stake an address here that you never intend on using for receiving payments.

[Carlton Banks]

Using Bitcoin keys is more difficult, you need to get people to use legacy addresses, as there's no message signing standard using segwit addresses. Awkward situation.

And what's the trouble keeping a legacy address?

Also it IS possible to sign a message with a segwit address.

Difficult, not impossible

1. There's no standard to sign messages using segwit. Bitcointalk software would need to implement different ways of verifying messages for different wallet software
2. People would have to figure out how to switch their wallet to generate legacy addresses, which is different in different wallet software


PGP is better for those config/standardisation reasons, but Bitcoin's cryptography is arguably more secure. Awkward situation.

[asche]

PGP is better for those config/standardisation reasons, but Bitcoin's cryptography is arguably more secure. Awkward situation.

I'm sorry I still don't see how keeping your PGP over the years is easier/more convenient than storing a legacy btc addy for that purpose.

I get that some people will already have a PGP and this will come at no extra cost/complexity, but then again, I highly doubt most people on this forum are using PGP. However MOST of them do own/still have access to their old legacy addresses.

While your proposal would be a nice to have I don't see any point or reason in forcing people into it.

So the solution is already here. If you are more confident in keeping your PGP, you are already welcome to stake it. If you like BTC legacy more, stick with that.

To me this really is a no brainer.

[Lesbian Cow]

I am totally fine with using my old legacy addy as a staked address, have been doing that for years.

What I cannot believe is we don't have some form of 2FA, even if opt-in. 

[Carlton Banks]

PGP is better for those config/standardisation reasons, but Bitcoin's cryptography is arguably more secure. Awkward situation.

I'm sorry I still don't see how keeping your PGP over the years is easier/more convenient than storing a legacy btc addy for that purpose.

It's neither, but both aren't easy for different reasons

While your proposal would be a nice to have I don't see any point or reason in forcing people into it.

So the solution is already here. If you are more confident in keeping your PGP, you are already welcome to stake it. If you like BTC legacy more, stick with that.

My thinking is that high rank accounts are actually becoming a little more valuable now that it's more difficult to rank up. You need to put in some real work to do it, people would happily hack an account to cut that out. Imagine if a great poster had their Hero account's password hacked, and they couldn't recover their account because admin wasn't convinced their email wasn't hacked too?

Maybe a better idea is only to make keys part of high rank requirements, not to lock existing high rankers out of their accounts or something like that. To rank up, you need to register a key (PGP or Bitcoin), and you drop ranks until you do for existing high ranks.

[DireWolfM14]

I am totally fine with using my old legacy addy as a staked address, have been doing that for years.

What I cannot believe is we don't have some form of 2FA, even if opt-in. 

I'm sure if there was an open source, secure format that theymos believed in we would have it.  I don't see theymos using google authenticator, which seems to be the most popular 2FA service.  I have no issues with google authenticator, it's pretty easy to use and relatively secure.

PGP would be my choice.  Again, it may not be very secure, but something is better than nothing. 

[Coding Enthusiast]

This is a bitcoin forum, so it is guaranteed that (at least) every legendary member has a bitcoin wallet and is capable of signing a message with his private key. Security of that digital signature (ECDSA) is no less than security of PGP signatures (RSA or DSA). But the problem is most members don't have any use for PGP so you would be forcing them to use something they don't need.

P.S. BIP322 exists for signing standard.

1. There's no standard to sign messages using segwit. Bitcointalk software would need to implement different ways of verifying messages for different wallet software

It really isn't that hard to implement even if different wallets used different standards, the difference would be in the first byte and the rest is the same. Every signature has a "signature" that is r and s which you use to recover the possible public keys (most cases only 1 possible but can be up to 4) hash them and compare it to the given address. The first byte is just telling you which address is supposed to be correct, which you can ignore and loop through all possibilities.

Also regarding SHA-1 here is my thoughts:

I’ve long thought there should be a spot for PGP fingerprint.

PGP fingerprints are SHA-1, which is insecure. The OpenPGP standard really needs a complete new revision...

Is it really insecure in this context?
To my knowledge the only problem with SHA-1 so far is collision. Considering SHA-1 is 160-bit and there is a known structural weakness, it has a time complexity of 2⁶³ which is very fast. But in this context the security depends on ability to find a second preimage (since the message aka the pubkey and the hash of it is already known), and there has been no weaknesses found to help perform this any faster so this has a time complexity of 2¹⁶⁰ which makes it expensive enough to be secure.

[asche]

My thinking is that high rank accounts are actually becoming a little more valuable now that it's more difficult to rank up. You need to put in some real work to do it, people would happily hack an account to cut that out. Imagine if a great poster had their Hero account's password hacked, and they couldn't recover their account because admin wasn't convinced their email wasn't hacked too?

Actually high ranks account are worth way less than before in the sense that they can't make you win easy money anymore now that good paying bounties are nearly extinct. I am pretty sure from what I saw account seller post that the price tag on a legendary account is way down compared to 18 months ago

[Pmalek]

Someone suggested that it should be mandatory for users to change their passwords every few months, I had nothing against the idea but the responses were mostly negative and the community didn't like that. They also didn't think it would make the account any safer since users could just start using similar password combinations or recycle old ones.
The PGP keys are also one way to get an extra bit of security but again if the community was against users being forced to change their passwords I don't think forcing users to use PGP keys should be done either. 

[Carlton Banks]

This is a bitcoin forum, so it is guaranteed that (at least) every legendary member has a bitcoin wallet and is capable of signing a message with his private key. Security of that digital signature (ECDSA) is no less than security of PGP signatures (RSA or DSA). But the problem is most members don't have any use for PGP so you would be forcing them to use something they don't need.

Sure, but email clients don't have plugins to decrypt messages encrypted using Bitcoin keys. And the software to sign and decrypt messages in a browser via PGP keys exists, and is mature. No such thing exists for Bitcoin, namely because Bitcoin keys aren't intended for the that purpose.

There's no good reason to be sending unencrypted email in 1999, let alone 2019. Especially a forum concerning leading cryptography tools.

P.S. BIP322 exists for signing standard.

Ok, but it's not yet accepted. We at least need to wait for that, then we have to wait for the majority of Bitcoin wallets to roll that standard out. Meanwhile, all PGP clients can already do the job in a standard way, all that's needed is to avoid relying on fingerprints (which is not so hard). And PGP has interfaces with alot of other types of software.

[asche]

Meanwhile, all PGP clients can already do the job in a standard way, all that's needed is to avoid relying on fingerprints (which is not so hard).

You are repeating yourself.

So can all legacy bitcoin clients with any legacy addy.

[Carlton Banks]

Meanwhile, all PGP clients can already do the job in a standard way, all that's needed is to avoid relying on fingerprints (which is not so hard).

You are repeating yourself.

So can all legacy bitcoin clients with any legacy addy.

I'm gonna repeat myself again then: there's no reason why Bitcoin addresses can't be used to recover accounts, PGP is just useful for different reasons as well as that

[asche]

I'm gonna repeat myself again then: there's no reason why Bitcoin addresses can't be used to recover accounts, PGP is just useful for different reasons as well as that

But PGP is already accepted for that purpose as well!

There is exactly no point in making it mandatory.

[LTU_btc]

I don't see need to make PGP keys mandatory for high ranked members. Even staked Bitcoin addresses with signed message isn't mandatory. It's optional thing for users who want to secure their accounts and recover it in case if it will be hacked. Same thing with PGP keys. For other reasons, I just don't see how it would be beneficial for every high ranked member to have PGP key. If you want - let's do it, but we don't need to force everyone to have PGP key.

[Carlton Banks]

I don't see need to make PGP keys mandatory for high ranked members. Even staked Bitcoin addresses with signed message isn't mandatory. It's optional thing for users who want to secure their accounts and recover it in case if it will be hacked. Same thing with PGP keys. For other reasons, I just don't see how it would be beneficial for every high ranked member to have PGP key. If you want - let's do it, but we don't need to force everyone to have PGP key.

Any account would be more secure if it had a 2nd factor to authenticate it. Why not make it mandatory to be eligible for the higher ranks? Why not promote using cryptography standards that have other benefits too? If we design a system to make it secure by default, then the value will increase. Right now, I have email alerts turned off, because they get sent to me unencrypted.

[asche]

For the 2FA part, theymos adressed it multiple times.

Including this in SMF is a too big challenge. It is included in the new version of the forum however (Epochtalk).

[Carlton Banks]

For the 2FA part, theymos adressed it multiple times.

Including this in SMF is a too big challenge. It is included in the new version of the forum however (Epochtalk).

That's interesting. So now I'm pretty enthusiastic about the Epochtalk migration.

[LTU_btc]

Any account would be more secure if it had a 2nd factor to authenticate it. Why not make it mandatory to be eligible for the higher ranks? Why not promote using cryptography standards that have other benefits too? If we design a system to make it secure by default, then the value will increase. Right now, I have email alerts turned off, because they get sent to me unencrypted.

2FA thing was discussed so many times in past that I don't see reasons to repeat.
Extra security is always good thing - better safe than sorry. But in general, it's enough to have signed message from staked address to secure your account and be able to recover it. Offcourse, you can use both if you want - staked address and PGP key, because both things are accepted as proof of ownership. But both things are optional and I don't see theymos going to force every user to have these things.

[TECSHARE]

You people never learn. Have fun destroying what is left of this place.

[Welsh]

Tying in with the badges that are suppose to be coming out soon we could encourage users to register their PGP signature by rewarding a aesthetically pleasing badge. It's been proven to encourage in other sectors of the world. Rather than forcing current users to do it though, I think making it a requirement to progress to a certain rank is probably a good idea. Legendary would be ideal, as true legendary should know how to sign a key!

[Carlton Banks]

Tying in with the badges that are suppose to be coming out soon we could encourage users to register their PGP signature by rewarding a aesthetically pleasing badge.

Right. If there was a "verified" badge for users, and a "confirmed authentic" badge per message, that might be a good enough incentive to drive adoption.