Bitcoin Forum
December 09, 2016, 09:27:53 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: Whats the point of PGP signatures in BitcoinTalk messagess?  (Read 2152 times)
BTC_Bear
B4 Foundation
VIP
Sr. Member
*
Offline Offline

Activity: 364


Best Offense is a Good Defense


View Profile WWW
February 21, 2014, 09:19:50 PM
 #21


Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Why not just type your message and put a nounce in it to ensure it's not a copy paste.

21FEB14 15:00 PGP etc…
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTB8JYAAoJEB2k6OhXVIbDCaoQAI6+0PhV4o0hSPKysmKKcXDo
beZrpnHbbc1VHZruy6RpIeRheGkl79DyH5tfTv1ImJzsBt2tOWBT3xnBeFg+MNBS
wWSYn+j1yjty8+RHADaIQtlnQZGuvVP+0TBQ9HlgZM5+fal0/tXD8+hA+Dog2QxL
ldFQJMGK/OnB1z8yGp6/BRXTR0JcZ0sbk5N13P7qQoGVETSaPRsSJ4HqG/ePAx+V
XnfrWgq9FhR7caNPani6gO99J4LeKHLg+OImzsQijAW7hcoAyIO4KTNvKGzeyWFM
wPim1VPgp9Cwuf2zB+wmr35bN73/SzDCQlxtQ2B61nMrzbCtWIL+tA5ITihBQ5BX
PfSYGRgiXRiruKTp3bsd7lhAPKcw5HLUF54wKGz8qPLIR73yWuUxRPYnRzuUTEJb
j+CbU+ZRtxtixHPHhzyZORWxP0oqN/tCZF7fmBFhnXPkovQlvQDcClZX9lhVCX2O
vvT6VSm7gaY4WI7XNpWKXinhlLU5PzSZ7TSESi1iXXS0hDZjHRgRv4hEcOW9bxtg
6VnI1DWnY8U+4yjbKm58xphM7eId+ozHm4ovomrv2YU6lb5PA92k0EEqwOqjS3wO
lX1pI93xz024n0uj/wew4c7avJ7NBMSSdE5t6f4BzgCJZQzjNsi8oPLtfHxqR4Y6
RL5ccKTdhEMNOFdeiE0/
=rYYY
-----END PGP SIGNATURE-----

Corporations have been enthroned, An era of corruption in high places will follow and the money power will endeavor to prolong its reign by working on the prejudices of the people until wealth is aggregated in a few hands and the Republic is destroyed. ~Abe Lincoln 1ApJdWUdSWYw8n8HEATYhHXA9EYoRTy7c4
1481318873
Hero Member
*
Offline Offline

Posts: 1481318873

View Profile Personal Message (Offline)

Ignore
1481318873
Reply with quote  #2

1481318873
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481318873
Hero Member
*
Offline Offline

Posts: 1481318873

View Profile Personal Message (Offline)

Ignore
1481318873
Reply with quote  #2

1481318873
Report to moderator
1481318873
Hero Member
*
Offline Offline

Posts: 1481318873

View Profile Personal Message (Offline)

Ignore
1481318873
Reply with quote  #2

1481318873
Report to moderator
theymos
Administrator
Legendary
*
Offline Offline

Activity: 2506


View Profile
February 21, 2014, 10:34:46 PM
 #22

One possible solution would be to implement off-site Javascript code like Blockchain.info that would pull down an encrypted version of someone's private pgp key that they could decrypt with a known password. They could then use it plus their recipient's public key to encrypt their message/PM and send that back to the server which stores it. I don't even know the beginning of how to write code for something like this, but it should be doable in node.js I'd imagine. All the same things could also be done, like emailing a backup of the key as a .json file, also encrypted with their "password". I'd also recommend that, however they do this they make or allow the password to obviously be different from the forum login/password.

JavaScript crypto is mostly useless because the server can change the JavaScript at any time to steal your password unless your browser stops this somehow, which is very unusual.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
whiskers75
Hero Member
*****
Offline Offline

Activity: 518


Doesn't use these forums that often.


View Profile
February 22, 2014, 09:09:54 AM
 #23

I wish people would actually sign my key Tongue
(subliminal message: GPG sign key AF9D0779)
Raize
Donator
Legendary
*
Offline Offline

Activity: 1375


View Profile
February 26, 2014, 09:01:33 PM
 #24

JavaScript crypto is mostly useless because the server can change the JavaScript at any time to steal your password unless your browser stops this somehow, which is very unusual.

Yes, this is correct. I thought BC.i "fixed" this by having a browser extension you could download though. Of course, that only complicates matters because then every time they update then you want to download a new browser extension.

One way you could run a Javascript-checker would be to have "audit servers" and every time you connect it would recommend verifying with at least two "audit servers" that the code you are running is the correct hash/version. From what I understand bitaddress.org and other js intended-to-be-run-offline wallets have this issue as well.

This is why I was kind of interested in what Sirius is working on. If he could make an independent audit server that random folks could run to verify each others sites, we'd have a "community of consensus" that we're all running code each of us has actually written.

OrganofCorti's Neighbourhood Pool Watch - The most informative website on blockchain health
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!