I'll take the opportunity to plug https://keybase.io/
Basically they make it easy to verify PGP keys by verifying them against statements made by user accounts on services - essentially turning those services into certificate authorities. But unlike traditional CA's, you can verify an identity from multiple sources so as to prevent any one CA from being fully trusted.
keybase.io's implementation leaves much to be desired, but the basic idea is a very good one and I hope it catches on. Merging the WoT ideas and trusted CA models gives you the best of both worlds, and helps keep CA's honest.
Check out what Keybase is doing with the Blockchain. Since the Blockchain is immutable (you can't change it after the fact), it means you can get an auditable history of updates to a user's public key, without having to trust their servers not to lie. It's pretty neat!
^(* Keybase is a service for finding a person's encryption key and verifying that the key matches up to the person it claims to represent.)
Also see Ethereum's three-line implementation of a tiny, decentralized domain-like system.
Hey folks, I'm just your friendly neighborhood cypherpunk weirdo. I'm into harm reduction, medicine and herbs, self-care, security and smashing the State. I'm also the oldest reddit account on the mod team now, so y'all best to respect yer elders. If you're not familiar, maybe you've seen some of my greatest hits, like The dangers of just telling people to "use Electrum", or How LE might read our PGP messages, and how we can prevent it. Clickbait as FUCK, right? Whatever gets you people to keep yer opsec tight. You might have also found me in the comments making people cry because I felt that they're doing it wrong. I'm sorry about that - I pledge to be nicer in the future. Finally, I'm pretty sure I'm not an LE plant or a shapeshifting reptillian overlord, sorry to disappoint the tinfoil crowd - but there's always a chance I've been brainwashed as a sleeper agent, Sirhan Sirhan style, so Keep That Hope Alive. If you need to reach me, feel free any time, and you can always find my OpenPGP key with fingerprint 69E7 EB65 1CB6 19DE 9153 3A2B D16B 4CC5 857D 0298
at /r/publickeyexchange/comments/2cmfob/sapiophiles_public_key/ , at https://keybase.io/sapiophile , or on the SKS KeyServer network. xoxo
It seems like many, many people aren't aware of the scope and difficulty of the Key Trust problem - I'm glad that you're here to set things straight.
I just want to add some potential solutions and mitigations -
The OpenPGP Web of Trust, if properly implemented and integrated, is probably the most secure and tested method we have at the moment. Downside: virtually nobody has it properly implemented and integrated, or uses it virtually at all.
https://keybase.io can allow some "cross-trust" references between different online accoutns, like how I have a Bitcoin address and GPG key listed under https://keybase.io/sapiophile - this still places trust in KeyBase (and one's connection to it) to be free of malice, but it's almost certainly sufficient for this use case.
Next-generation, blockchain-based identity systems like BitAlias, BlockStore and DNSChain - or potentially even Namecoin, despite its first-generation issues - could be the real "killer app" that finally solve this issue, but they are still not really used yet and are likely to continue to evolve. Folks should set them up and begin using them though, to build a network effect, as the potential benefits are enormous...
Hello, I'am the author of the blogpost. proof: Keybase
--
I've been running this script for a few days and got really good results. I bought a few "juicy" domain names(e.g buybitcoin.us) and made good-looking templates in bootstrap and then just set up a simple admin-login over at admin.domain.com.
--
The python-script is simple, it downloads a list of all fingerprints that allow exitports and generate a unique password for each one, then it simply POST the data though that node, e.g:
08371E51EC422173DE1D748EF07E2096A6C046D3:myuniquepassword55prefixpadding
--
The phisingsite obviously logs every login so I just need to check who logged in twice. Not every password is accepted to login, I did not wanted to involve any databases so I made this part purely in PHP by accepting anything with a specific prefix(e.g anything_prefix)
--
In 3 days I discovered 4 nodes that was sniffing, the sad part is that only 2 of them logged in with the same password as I posted through the exitnode and and the other ones just visit my subdomain and tried to login with admin:admin. Of course, these two could have been bots but I have of course robots.txt disallowing any indexing and my site has just been up for 2 days.
--
Then we have the "leak"-methods which are unique. I have a few really nice methods for this, one is to spoof secret PDFs(like the one you can see to your right) with included links which are unique. Now I just need to upload/download these via legit filehosting services and wait for anyone to press on the links.
--
There are many things you can do actually and this is more a technique rather than an actual script/tool. It's kinda simple, you post juicy stuff and wait for them to grab it, if they do you'll know!
--
I would be happy to answer questions and thanks for sharing my blogpost (:
Never heard of keybase.
If anyone wants to know me more feel free to ama me here.
Edit: just signed up to keybase however the site is in beta and said they will contact me later on. I couldn't make an account.
Edit: not that this changes anything but i have an account now. https://keybase.io/42points
Randi is good at keeping her hands clean. Why do you think she has a a public PGP key. It's like this generation finally figured out how to encrypt stuff they didn't want public: https://keybase.io/freebsdgirl
They finally learned from the Drug traffickers and pedos how to keep conversations private. They finally figured out that IRC isn't this super secret haven of discussion. (Security through obscurity isn't security).
They've finally reinvented what us old people have used for decades (PGP came out in 1991) for secure communications.
It's not technically difficult at all to set up Onion sites either. I'm shocked that KIA hasn't done it yet. With all this whining of where to get freedom of expression and keeping prying eyes off of discussion it
I've always thought to myself that at some point a critical mass of posted keys will accumulate and popular mail clients will start integrating with GPG, but the track record is looking pretty poor. Keybase might breathe some fresh air into the effort by integrating with social media.
Facebook's encrypted mail feature is another change that gives me a ghost of hope.
Hey, Adrian from Coinbase here.
I checked our logs and can see that IP address has tried to access a couple of accounts here. I'm going to temporarily block login on your account in case they have access to your email and manage to confirm that device.
Please PM me and I will help you reset your Coinbase password and add 2 factor authentication to keep your bitcoin safe.
Life is about risk, and I personally would rather risk 'hackers' than attempting to get gold or any form of physical wealth out of a war torn area.
Good discussion about the security of brain wallets here:
http://bitcoin.stackexchange.com/questions/8449/how-safe-is-a-brain-wallet
Discovered that the technology for creating brainwallets has been much improved since last I looked at it. Recommend checking this out:
There is a 20 Bitcoin challenge up for grabs to anyone who wishes to attack a known wallet with a simple 8 character password. Since that reward has remained unclaimed since November of 2013 it would appear that a well done brainwallet is pretty darn secure.
Yep. Proof. And yes, you'll note that I actually do have a bitcoin address on there. Just because I think it's stupid doesn't mean I mind it when people give me bitcoins.
TL:DR; Expanding beyond one PGP key through a personal hierarchy of device keys, with their custom protocols. For use for a bit of everything, authentication and more.
Edit: Looks like I can't find where I had my old private key for the site. Generated a new one, keeping it hosted just to keep things simple (I'm not gonna use it for anything sensitive anyway). I'm https://keybase.io/natanael
Edit 2: just got a few invites to share. PM me with your email address. Serious users only! Most features are command line only so far, you need to be aware of that if you want to try out all the cool stuff.
They use an "internal chain" with proofs written to the Bitcoin blockchain
It's open source, so there aren't any details to keep secret :) If you look at their FAQ page, it says
> The public key of a recipient needs to be imported into the local keyring before End-To-End can encrypt to it, or verify a signature from it.
Seeing that this is a product by Google, I was hoping it would be better than that. If you read through the whole FAQ, things sound even more "meh" :/
https://keybase.io/ I think will be a good way to "socialize" public key distribution and signing. The problem with current keyservers (http://pgp.mit.edu and others) is that anyone can submit a key for any identity. Keybase is annoying in that it is severely limiting restrictions, but I was lucky enough to check it out, and it looks pretty great.
But another thought is that Google might be able to market End-to-End well enough to make pgp crypo reach critical mass. Here's to hoping!
quick edit - maybe they'll improve key distribution before release. That would be awesome! Maybe even tie it to your Google+ account! (somewhat joking on that last part...)
Ohh hell yea. I was thinking about designing akin to yours. So that I could implement /r/bitlaw app onto it. This is perfect timing.
As for the dns solution, I think we should scrap it all together. It's unnecessary, and I do not like the idea that names should be valuable. We are making this more complicated than it should be.
We all know that names are impossible in global naming system. Why not use a 128bit character or 256 byte character for global id system. On top of that, we use GNUnamesystem. A person wish to be called alice globally but it isn't enforce. You could name that person mary or whatever name as you wish. It would be exactly like phone contacts. Even better, you could hop to other users. I want connect to charlie but I do not have his connection, but bob does. I could connect to bob, then to charlie.
Alice -> bob -> charlie
There's more on that subject here.
I think this is a better approach.
Then we could use pgp signature or some sort of identify validation. Something like keybase...?
Edited: Fixed the links.
I have signed at key-signing parties before, but I'm currently inclined now not to sign keys unless I've met the person multiple times and recognize them, or unless I'm at an event with a bunch of other people I know who all recognize the person (i.e., they seem to be the person known by that name in that community). This is a lower standard than knowing the person super well, but higher than just seeing ID once. I will sometimes sign keys if I get the chance to examine a US passport or an in-state license from my own state, where I know what the document looks like. I really have no way to make sense of pre-electronic passports from Elbonia.
Anyone sending you files ought to be verifying your full ID in some other way. If you're sending unencrypted, unsigned email, the key ID be modified in transit, anyway.
I've come around to being a fan of the Keybase approach: even though the actual names are a centralized directory run by Keybase, the protocol is all publicly-verifiable, and hashes of their DB are stored in the Bitcoin blockchain periodically, so you don't need to trust Keybase at all to verify that the information on their site is accurate. You could just link your Keybase profile.
Key substitution attacks are absolutely no freakin' joke. They are easy, cheap, and completely and utterly destroy every single piece of OpenPGP's security.
Keybase.io is great and all (heck, I'm on there), but having very robust (read: not subject to National Security Letters, malicious CAs, etc.) mechanisms for key trust is not optional.
As already said by another commenter, you are free to not use the WoT, but I don't think it's a wise habit to get into.
There are three main things to worry about:
Classical computation being the wrong model, e.g. quantum computing becoming practical (or an even more bizarre physical phenomenon than quantum mechanics being discovered and becoming practical). Post-quantum crypto helps us there. Note that it's not known or particularly believed that BQP contains NP, so this mostly affects asymmetric (public-key) algorithms, not symmetric ones.
Physical capabilities of brute force. Fortunately, key lengths and security levels are an exponential measure, so even if a 56 or 128-bit security level is theoretically brute-forceable, it's quite possible that 256 or 512 bits exceeds the physical limit on the amount of brute-forcing you can do given all the energy and matter in this universe. Schneier has an analysis using Boltzmann's constant where he calculates that the entire power output of our sun would take 32 years to merely count from 0 to 2^192 in a thermodynamically-optimal register. "These numbers ... strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space."
Algorithmic breaks. There's no great answer here, given how young the field is and the lack of proof of P≠NP. Block ciphers, in particular, tend to be pretty ad-hoc, and there isn't a lot of work (that I've seen) on provably secure block ciphers. There's no proof that says that, e.g., AES is secure if DLP is hard. The best approach I've seen is something like Keybase's Triplesec, which uses three block ciphers of three different designs and authorship (plus scrypt and HMAC), as a way to hedge bets. Their use case is uploading private PGP keys to a cloud service, so the intent is to be secure on the order of years to decades, but probably not centuries.
I just found WarpWallet and it looks like it would be a little more secure than the standard brainwallet (but I imagine that a user still MUST use lots of good random data, like 12 completely random dictionary words): https://keybase.io/warp/
Your tone wasn't ideal, but your message is appreciated.
There are many good reasons to hide your identity and I have tremendous trust and respect for some people despite the fact that I don't know who they are and in a few cases purposely stayed away from finding out/declined their offer to reveal it to me.
However, if you're running a business, or intending to do so, yes, you should absolutely go out of your way to be transparent about your person.
On that subject, although I don't run a crypto-related business, kudos for referencing a truly wonderful service and, also, my ID: https://keybase.io/jwiechers
I am the creator of this, so thanks for posting this again. I have to say, I constantly find it surprising how popular this project is, as it is just a simple boilerplate.
Thank you for some truly fascinating reading. That Nyms.io system seems very good, and would be a significant upgrade to the traditional OpenPGP keyserver model, as well as adding support for identities on different services (like Twitter, in their example). I cannot wait until some actual code is released to implement that design (am I correct in deducing that at this time, it is "just" the planning document presented on that website?). I am familiar with Keybase, which offers similar functionality with regard to "tying together" various online handles, but it lacks the notarization and obfuscated querying steps proposed for Nyms. Still, it is further along in its development and is quite well-made, even despite it being in "alpha" status at the moment. It is also helpful that it has some "big names" behind it, namely, some founding engineers for OKCupid and other successful internet presences.
As for Namecoin, I do also have some concerns, particularly regarding the actual necessity of proof-of-work, as opposed to something like a simple published secure "timestamping" record (as discussed in that email thread). There were indeed some references to problems with that approach, but I didn't notice any of them being described specifically in that discussion. I also hadn't fully woken up while I read through the messages, so I very well may have just overlooked that...
In any case, I'm very grateful for the opportunity to learn more about and discuss these systems, as I do believe that they are very important, and the problems surrounding Key Trust and reliable PKI are still largely "unsolved," which is unfortunate, but perhaps even more distressingly these problems are un*known* to many, if not most of the actual users of these protocols, which is potentially disastrous.
Here's to a secure future, for all of us.
We're not releasing traffic stats, but it's been pretty astonishing.
Verification via my keybase https://keybase.io/estsauver:
-----BEGIN PGP MESSAGE----- Comment: GPGTools - https://gpgtools.org
owEBWAKn/ZANAwAKAT6Rrh9JvhpdAcsoYgBWEsURTXkgdXNlcm5hbWUgaXMgZXN0 c2F1dmVyIG9uIHJlZGRpdIkCHAQAAQoABgUCVhLFEQAKCRA+ka4fSb4aXSvID/99 kV+yBc6eW61ul7K0PZDTPDyQhnbwwzuOWvgk9rc+kLYGtmxcweXDbgYem0/jktB2 1HcxzzgNPvYOdn0LKRrT0z8773bQQ8m4FJ2H1K4tjM7Gq2pSdG/ydH3T9SU+O3WW JarEjLIuiE0suc93YbUzOSyjc3gTuwZwtdXQtjAE9kPY128y3jEVN7cvyoYc13Ij e85x1kliRLWyTu35zsxjRL8lK4Jyc2qNZQXrIrOgwTgSJBm2x5b+njng6qf/aq63 /K8JKXaQvq5W9KD6avjXfH05xpPtQm/KkZ0ACc8cv2I/1GZz32qPdyf94H0PMULc +5XTXXSITzUPuabFziskcGSebsN4LS34pZiGR89OTVfkX3mKC7L+kby+WSJUdRhn H1cixEk3n8XQPNhyBwQ9kowPXBIlA76+Ws21XaBk9yPLHRjBWBsjaUjO3wTmCE9r jXNj7Ye8wui8IGpxipjSMVI/CwCZ5JGGxz0TfnbS34Z8UeHSy6t20+AB3gqmdCsa 6sj+rPGYst89ns2u1IOSveMtpk2cxmOL0UBlWWavLc/0NJ2OVtvfHRoCJeCpNhdp Okmiy2uz4A6XMac9btj3HrzPzYzrXViseg9N/yWFlGBtzcVBjknV2Pu1pPsFA8Ff tpbN8tepAt2fbeRFnTKDadgr1FW9NxGfexQZZPY2lw== =fbFK -----END PGP MESSAGE-----
Cryptographic proof has been posted by this Reddit account using the same key that I've used to verify my well-known Twitter account with almost 23k followers. Proof is visible on Keybase: https://keybase.io/weev
When brainwallet.org closed, we all had a sigh of relief. It was known to be unsafe, yet people continued to use them with low-entropy passphrases. When they permanently closed, I decided to roll out my own version that I believe will provide the necessary security.
Brainwallet.io uses 262,144 iterations of the time and memory-intensive scrypt key derivation function. The personal info fields that you see are used as salts, which aid in thwarting brute force attacks. None of your personal information ever leaves your web broser. The only reason personal info is used is because they are effortless to remember.
The idea of using scrypt for brainwallets was first implemented by warpwallet, and they get all of the credit for this. I am offering an alternate solution that requires additional salts for enhanced security.
I encourage developers to review my code to verify the security of this website. All source code is available on GitHub.
i recommended https://keybase.io/ and i think it's a decent option.
i'm a fan of google hangouts personally. in other comms i've been involved in, it's been normal to get on a google hangouts chat once a month together and discuss any on-going issues. pretty hard to sock puppet live video streams :)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
I believe you mean that Thomas Voegtlin's key fingerprint is 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6 - what you've pasted is the Key ID (only the last eight hex digits of the fingerprint), which is not actually secure as an identifier (see http://www.asheesh.org/note/debian/short-key-ids-are-bad-news.html ). Also, some of the Electrum files are signed by Animazing, whose key fingerprint (at least as I know it) is 9914 864D FC33 499C 6CA2 BEEA 2245 3004 6955 06FD.
My own key for verifying that this comment has not been altered can be found at https://www.reddit.com/r/publickeyexchange/comments/2cmfob/sapiophiles_public_key/ , on the SKS keyserver network and on KeyBase at https://keybase.io/sapiophile . -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJVqS1qAAoJEJdH3pe6/Nu5S64P/ioVxVxbiqDyHPLjYV2w0IWH 2JpY0SLifED++s4r3xPRdgsX3OLHt/CjJXM/Kfue0uHubTVbQ81sGV5lnhUNDb9J M//WMPVzkimJm2DB2LRx5v5H2jD8RHwmQV1o7KpLeTKTxoH2m7IchoB4kfE51Nd6 UBIvSIzcVLm/nEobVBKxIY6FFKvRO1QtzCOXgYziqzHRm5kbB+ERONXV/RlKuwog EBj2NGaS2JeOETIuIK6BAL2M7UyJCfm5Fq86SCFzmA5qZeoyMdqbAonuReRlWT9i bMBoY9ku3MxRE+9kfsBaMiCxJ2VHTYZEGULz/OPmjaBPq8SpJiq4UacXNkGehXwa tDhjv+bloyJ0wUSdAuaIzgjn33DmfF+Xcf3ajovHN8GWU0mM3ruAobQecb8LJAmy A5YcPWvlVDSCL/5K6E1or+YFi1J54HZqApZAv2MJydKpU5kOblcdDYT8a+DRg3VA ofcRS9taIUvbabEPEbay8q3WwIuEsz+J0l17VB/PTvaey9UkAMWvNiJrtlmpElE2 Pd71Qj/uxPaqFPRBYAPdKUGwBofT+J94g/aZ3/Nz8zMl1nJuVA8H7O5lbF3z3VsR eLszl6oU6RiWv1CANKucR8zIolw0ki7xF9VP24i2738vyGjG95rILNH2iLm3QmBB I9K+hxt4KPGvxmr6Hlhu =D+ZF -----END PGP SIGNATURE-----
There's no harm in importing keys. If you're interested in historical proofs of keys that build over time, you might want to check out https://keybase.io. (This isn't the same thing as actually verifying a key, though! I would use keybase.io to find a key for someone I have no connection with, but I wouldn't sign that person's key based on keybase.io.) I have invites; if you're interested send me a PM with your email.
My expectation is that owertrust is never set until I have verified the key with the person through an offline verification. For example, getting a key from a "pretty reputable source" is not the same as verifying with Alice that the key is actually hers. Given the interception and deception capabilities of law enforcement and intelligence agencies, I would never sign a key based on it's source online. The biggest reason I consider this best practice is that doing otherwise undermines the web of trust. By setting owner trust on a key you haven't verified, you're effectively trusting anonymous sources to vouch for other keys. Obviously a bad idea.
If you want to separate your personas, you must use completely separate keys, not just identities on one key. I think /u/sostratus covered this pretty well.
Centralized identity "providers" may not be necessary. Cryptographic signing and the notion of a "web of trust" is all you need for persistent identity. This has been implemented in PGP/GPG for decades, but it's slightly too tedious to use right now, for shallow technological reasons.
The guys behind OkCupid are working on a project called Keybase which I hope will soon become an easy-to-use directory of verified cryptographic keys.
Then all that's needed is a little bit of cooperation from public sites. Reddit could easily integrate signatures, so that signed messages are displayed with an icon that points to a cryptographic identity.
About GPG-based author signing:
There are systems like Keybase in place which allow for the retrieval and verification of keys without building up a web of trust system between users. For those packages where we do have a verified key for the author, being able to check their Hackage packages with it would be appreciated. This would be in addition to TUF, of course.
I'd like to add this was a one off. Don't trust anyone that says they are from csgolounge.com or csgoloot.com.
I'll make a blog post soon about this but anyway...
I am the owner and main developer of CSGOLOOT.com we would never mention our affiliation. If we wanted to speak with someone we would ask them to make a support ticket through our helpdesk (provided by Zendesk).
My identity is all here https://keybase.io/klutch The way I can prove myself is by posting on my twitter or github.
I hope this helps others identify fraudsters in the future
You can find previous releases of electrum at https://download.electrum.org/. Once you reinstall the older version, you can then restore your wallet and then try updating to 2.0 again as mentioned by /u/GibbsSamplePlatter above.
If the wallet fails to work after update (this should not happen), the workaround is to transfer coins from the old wallet to the new one.
Do you have a second secure computer on which to install a different version of electrum? If so, you can just send your coins from the old wallet to the newly installed one.
If not, you might need to first transfer your coins to one or more temporary paper wallets generated using, say, bitaddress.org or https://keybase.io/warp/, then update electrum and transfer the coins into the newly created wallet.
There may be a way to keep both versions of electrum on the same computer, but I haven't tried doing this so far.
EDIT: some clarifications.
Could be a couple things. My guess is, he's someone the admins know, and he has the admins' public pgp key. So he's encrypted a message to them that only they can decrypt. However, he said "guess I should sign my message", which indicates he signed it with his private key, meaning anyone with his public key (the admins, who presumably know who he is) can read it.
That's just assuming whose pgp key was used to sign that message. I don't know, because I haven't done the legwork.
Wanna give it a spin? Go to https://keybase.io/banjax click Verify and paste in the following:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
This is proof that this is banjax, and if you would like an invite to keybase, please PM /u/banjaxe with your valid email address. -----BEGIN PGP SIGNATURE----- Version: Keybase OpenPGP v2.0.8 Comment: https://keybase.io/crypto
wsFcBAABCgAGBQJVCk0dAAoJEA8gcbw01EHliC4QALmr6WzK7iWUalQriUTLlH8T Sx0mt6Tu9X2QzCq18YBZfuSdrokqfha6jMTPD5fPpmmjH1k1HBIJ5QqYPTRxxsIQ VI6qnYRxDZYceoHZBUnLXP9UnEtXwnD2axlQ8powDD90qNeijzhfYKyLefEUstyB YlR4voQnQhukZggSw/kCQFUDqDETrJuttZmEXbyiiLfznltruvH8iGLq7EZIP2tT p/ViqH6gJW7t0YTQm5yQuPeKdX5fbyE7INul3W+FmVmC7jp9/AQI6Y9BoBCYRgED bv9sTJaDi3n3kYDee3ViYgg79BtWC6hN6Cz377abu06b9GOon8J8L01cObmSeUQF qqnI3UCSwhFvmPUz2g/WBDFE+etPJd/4oZPyrWYkr39hJbeMEYJWfIu4SwwR2hoD isNDYVEUqI5+I36MoWfrrd9kPVZho7u9WpE6FvNuDdtSHgHEUlop5hcS9evF8cfW KGmAK+YVpyVHiBfxXlLh526YufWXZsyq4t9CMD0GIBE2XtXAFYkC+yKM4B0uW9JX JmSzNgB24X45DFDvLAMWW/omLd9EUQaTqswhyEPHzejS7SH9CwA6CcsClbWb+Az+ JyGhdpKVo4kOQiOGBTDh0FSuPO9Op1EsapjHAWS8KozXHugdbQoWuyFaqKRSmeQ3 jCjwzriux05/PbNNIgAQ =0kjW -----END PGP SIGNATURE-----
I do use brainwallets when I have to (eg when I don't want to carry a paper wallet on me but want to carry a couple of bitcoins). My go-to wallet is Warp wallet by Keybase.io. It uses scrypt instead of sha256, and it prompts you for salt. Even without the salt, a simple 8-letter alphanumeric password is infeasible/unprofitable to crack.
Ah I didn't quite catch that. Agreed. But the learning curve of proper public key based authentication and the lack of necessity for most people do not help getting it to the mainstream websites. Even things like https://keybase.io/ are still in their infancy if it comes to usability.
There's not many alternatives for a globally distributed ledger of information that can be securely verified.
Keybase.io uses the Bitcoin blockchain, https://keybase.io/docs/server_security/merkle_root_in_bitcoin_blockchain
Another alternative would be Namecoin, although that project is somewhat dead in the water so perhaps it's not as good of a solution as it once could have been.
Here is my key:
https://keybase.io/evilnight/key.asc
Here is a message to you:
-----BEGIN PGP MESSAGE-----
hQIMA79Ww58OKyhXAQ//a1T5QOixLzziEGWp11eNS6E/iKHTr96qPzMG7Tw3bHxi Fu0XZ/WODzdomt+h0eDXmUtD77CGPznQHLo+STVAYiLMzzoBTvuPfhSxG6gYlZWg W3Mfr2cwr7iBJmziV4RT4SbRcmi+UzWGOKkHLzaw9PGpF1Xq6Wh/2Q0iir0Pm/Cg P+xvukjFBhRR+KxsnyLN/2n2esA5cNOO/9QrOXi8cehs74sTTWGmbtjczx/Lya3z mMkOWahCfutTtTkx+OB88TszuoMEBTcTFbcmJDjzxkr4tjWr4q1Mcj4UQ1A0mHy9 GY5GmKHBOxCZ0njeAx+VDJT949TYDbJTkkNjuD8Cv4h901xhZ6IDCjD3PsDqvDmk HlrdKEkIGJAt4iNvvgujSTY2JGKdpqDv5Y9D8mZTeQe2bRzn5Y8LOdzTqXW58shl pZ61KHSs8p1oQ+YDzhc3gWCwXbGlsL3lWoQkm2ScTOp7nfT2K3VHKJpT9BKToPgS YqGmFHvGXXNnutW30wRDnnYbjmFGx45/DCWeU7arnpUhI0zAq08deJGUSIUbURoH SDw+sKozPCTrFlGBXoB7sWkjkswn+unQ8TRHD0wVGLwUdyODSKy69MJXMqBobUg0 97Pl3fmqrmsstSHHhwJje0EW1qxsnjQ/rl0mqAQUt0r8LO+4hYOCmHCWdYHcgP+F AgwDLGOJG5tPCY0BEACFOf83T6f2otxMEEM57uoX/s1I2od+C/As2rL5EmzFrwgl 0P8o1DiJwY15KT8ba0v6SLdMv8O4yzfZzDaHD+W8BSsj3m8BJOBszuH1iyTwd5KO 2Gyhl1mah6Ls1HmV48OfIqukCUU/xiOn3ugLEMUjCFP7ea+yXGpWhXqkHqaxDOUB wfxV04DzEJpP1xgbrbyyyCEOqNsrZJEkUaPIuaDMgtLC1SOdSyREbFBXffT0pzIU xY3NO7gnpn3hr4g83D29NBLrKH8Ky5VCe+bYuHroyOp6SEvnC8Dgu4mFLg6GTBG0 t3z0iX1FxQk75NkS6Zrx4dSebFcNcOFOpeMCgGvSZ2cATHrETWQzKMjULxTi8YpQ RZmiPvydggZMgGrE1LOmcavixqxbwXm4m/mbzSSuFmzweZCdcoUPtd/c/qucjwG4 9Ntq0po0p51x35Bg6/nWqDMNAq1omqLYz/rkozV7AVHbB9Hg50KbLBm7ntF93kJn L4dKbsJOkdTMxY7HLPlw+U5wmHV+xrD2yia56SqVpZCjTCNp32IqP6WHyswAVg6r /lafQATYqFFkMx/xv6BtlyAcky3F4Zn6hgURgKMyv7NDwYL9rRYNpD7UdqlPCjyb iBnAaya7lDcPyJDb10nyl/jK72ASI9lfMSPqKOY8xhafyFJJi0Nv9ZC/hxe6iNK7 ATHM0WtQyZBSgWowpYpRVdwxDVfc/2EuwPLhvetovwLLw/qIuZksnUwFoEkB7bIk iO2f3+e1HhTGmDPhhAnwR8UNGRw6wbj4b7mFOeb/ethIzlQKPbht6xzUtpvczcmG cFOL8V8z8cIxBDdqNUeqDzC3at/ACdARFqYmOu45xhm9Msf3EFPBoyDp7+EmBg8y p4eJokAX6mRG7p0LIAm3AnB+TYpTZT3b0ns+Zcu5UWBAhNu2z9HxqH0qFQ== =zQiw -----END PGP MESSAGE-----
It helped me, thanks!
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
It helped me, thanks! -----BEGIN PGP SIGNATURE----- Version: Keybase OpenPGP v2.0.8 Comment: https://keybase.io/crypto
wsBcBAABCgAGBQJVcLAIAAoJEOCNQSDgk7JsumEIAILc6R8gVU4WPRyPZQDWMEcZ DzoObko/cO/BRQu3Hk67rLgiJqJQmyGcf8f9JGeIFD82lZVO9C18tbdFmXjpxt/b bot173+EZBRdMl8N7JzjDkj7Pv3z+j1ZM/opqKln6kNF4oPwam/fBYC/3cy3T2w0 yTWcHeIaXp9uOE4GyW/c8FuNp3dNAzuE1nPyB1zXRrOQq0K8i7nJwFrgU6ZcKTCS NePRYq+ZpGA0jqbRlBTceTnyDlA4++CuAqIoUl2Unn83uMvnrTkGCfPeIs4wy6Pg hJke0tEbukIMQrUrGQVK6Ts/aGrjbijeR6zmjA+VzlMXvVkHzJ7BrWjAZRCIIUQ= =XqUf -----END PGP SIGNATURE-----
Web of trust means there is a chain of trust relationships between people that verifies everything. At Keybase, it is not a chain, but rather a number of certificate authorities that verify everyone. I'd call it multiple authority public key infrastructure rather than web of trust.
Tracking is more of a saving copy of person's credentials for yourself than signing his key or whatever. It is not WoT.
They explain rather clearly at footnote in Keybase Tracking documentation:
> In the web of trust model, you know you have Maria's key because you trust John, and John signed a statement saying that another key belongs to his friend "Carla", and then Carla in turn signed a statement saying that Maria is someone whose drivers license and key fingerprint she reviewed at a party. Your trust of Maria's key is a function of these such connections.
> you → john → carla → maria
> you → herkimer → carla → maria
> The PGP web of trust has existed for over 20 years. However it is very difficult to use, it requires in-person verifications, and it's hard to know what trust level to assign transitively. (Herkimer reports that Carla was drunk; John can't remember, but he was drunk too, and who's Carla again???)
Edit: formatting
ETA: Alternative proof: https://keybase.io/saizai
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Yes, reddit account saizai is owned by me, Sai (http://s.ai, LCS founder, etc).
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJVP2SvAAoJEDCGjUe2Uz9JvE0QAKKu1WZeAJ2SMKT2esT1AIFC TF7Qalx3VCkOl0C/WBoZy0gDKas7LRDdE4pBINJK8KDRpuKGna3Po27+33XXqFVn WX1WM+hrn3H83HNTAXBVsGN6Go76vyHNd+KGf9zU2S7F7/1kwYnZYWnD2LMWbcDC mHIUR8fc5DjyH80aMAVNARDWOpVbySuFqxGiRmWYtlOT5s/XuZQdxFitStlzlv0M qCAtr/XvwcnqU2cNyg1Y8e9Hh5xTS7DAtI/7dCZybccDbp001bwEpJ9FQUrEWy7l afDmCT2tnkE2y/GtFBTrP5tA9MJ2UsXgOVcvihksIa9r1eXoDfyBh6uKWe1uVym2 7fvAzAhZMeLKYt/cjUTzNUrv8FF9iqFS0rx3DWhJUr7sh+pjFfGuzGm9JS3Gh0kI RcVSb+AolRHJOr3MYRMt15/LW9zU/5epWNB61YQ9fawBe+6/cKz7VKo2gPCcEkEl +TfFFgwIt42ZZzd00zsijxNePbEwFvqCCutMj3+l7iSDHzWjowFlT8nEIBv2ZMXu A3gIAc83uMucIXh+sZxbQoxnYfXdNY2umzIoAFecx0SIWhYrNCTJhFPstYKwa6I9 64q2nxaECPeddwrmBNXOJ4SwVJ9F7LqLSvy17rC453XWjbZ7pybdmTq2CtR3IVU7 VHI61j/oRwjuIXn1iVjD =u9sO -----END PGP SIGNATURE-----
Keybase.io attempts to link humans to accounts by allowing you to "get a public key, safely, starting just with someone's social media username(s)."
> For now I want to stick with keys generated from passphrases
With Keybase, I'm using a key generated with a passphrase. If you're interested in trying Keybase, PM me your email address. Or encrypt it right here with my public key!
I'd never support using, or would use (in production) a general purpose digest hashing algorithm for hashing a password or other critically sensitive data. It's just insane to me. You should be using a hashing algorithm which supports adjustable work factors by default, especially with rainbow tables and cloud computing ubiquitous these days. At the very least bcrypt(), but mostly scrypt() and PBKDF2. By creating a relatively expensive key setup phase you inherently mitigate, at least to some degree, the range and effectiveness of certain attacks. Without having to do anything but set a reasonable AWF. I recommend between 10 and 15 -- anything less than 10 isn't very helpful and anything more than 15 is ~2000ms key generation time. Pretty long in most situations, unless your user is expecting to wait; like maybe you're pulling or generating other data asynchronously.
If you absolutely can't use strong encryption hashing algorithms which supports AWF (for some insane reason) then you should be using symmetric encryption libraries. Keybases' TripleSec comes to mind. (tehe)
We are now spies, doctor! Spies like us
-----BEGIN PGP MESSAGE----- Version: Keybase OpenPGP v2.0.8 Comment: https://keybase.io/crypto
wcBMA+nGocviN9DJAQf/RH+4xzlwI+kkXqhDrnkvwVVnU7JOvbsZBcONp8+sx3Ea WbPySDxR8VUvzrgYcUl3W5kCN6Zgl7Fo8SAxIRQsNMP2QBYCq2xbOpxi46E3Wk1C DyeVYHmDobnj3grnNG10wEN81aTxseTl7sDxQ84boOKg/1KcYfqoZC69+vlM2vZO bYnFZpVGvud7QtcKVkbG7MXNL7vPDOvpdtjs6mNqcw1RyUZ3dPdgb9qWEo3m9L0I c20yLmtzqsQ49blkop1eVBIErC2cwmxjwB8mYa30iQDQGPV+MP+lSkFVi30XXKEM Y4BcAz9pYzhxbdLEj5YX2DUFECqKSvntloTQGPtBxMHATAN3oTKyJd5p0wEH/RZY mQW1Mx9ukAh5af2mWrqHWJh17wg1HdrrCWU2JhMQyE1AjnK6ntOX7Mul7wBWbHQb UYjTCugyagHDYpt6u7k5bFMfSVTcOA3dLMAb0JoXGLSHn+wgdEx7RwnA9WVLAhWF 5KHOR2t4lWQmCBrhaYHUIBxf17TUxklOhLz+l5m9QSgK/IZQ+G8fXZqgu7UPSVv1 o8rIuGRZQT3nYHoSE66aqG6Gm7LLl6I8RABZjpqlePbkeR/DwV8Yu4eVcuphAt5I DdtwE7u2/ryh8GKltOR9xCtAcKh8xPB0Q8rsqyWn1u6qR5Is9dgZnKFj9Tifw+PB zUoHxfg2x9Oa3TwGstrSwPgBhSutqGy0SmWd/I622CriASjlSU2vLD4tegQyGqry UoxQuTKBBAGJEgtMhbvIGPNuJR93vNlEY6h8HwSNsp6iiLNEi6H28YmMCKk1gfKT yle/dLTzFkEk/6Igu/lHAgLmbdcIFjvQEw/UGmcLM8RkPTDZdyO9pqsshhGXEw+S V6fdw8A8w6ub6EgWXjIBh3FSC7u02D3GlZZn5QIS92+PMYrlUiL0G5aSg7Rs4E96 GyflkX58dXJZ1mfA8DgUTdbpvdQ2bsoTFzf+pKzycMRE1y7P3I18rsgzMOalpui+ D0F4OCstrZmnYFk+vELP0iz2m/gCZ0a0NeTCMRPhH0YZ/iF4GVl36jAEyWdC/wxm SFhgciOsMwRkD+ldH6Gpr/ji933N/I1/N1YAS5tuuEV5CVSMjYJDw+JZCgCs+4Yg KTqAp4AmKwcFWfFN4Ih8+NILTAzj266EaYtvtoPRDm95iZvTDpjj0k64tDYdtlKM nrM+1mgRtxJYED97jFvd/VFsJZR8wISaT5ihlPZv+mEbvPmyDUOc0y8gh11P92b2 Pss1e7FFJZLy0wPUWjMEb5/N9HMANDD1Pw== =8pnt -----END PGP MESSAGE-----
/u/patricklodder's pointed out https://keybase.io/ which probably covers this quite well...
In theory, we really shouldn't be re-using addresses, and should get a new address to send to for each transaction. What happens if we're publishing addresses, is if you know my address, and you know someone else's published address, any payments I make to that person are easily identified as such.
I'm kind of curious, do people find they're doing personal payments often? Most of my stuff is to merchants or donation addresses, which tend to be handled okay so far.
Of potential interest, payment protocol allows requests to be signed with a conventional certificate, although that's from certificate authorities instead of web of trust.
> de·cen·tral·ize
> To undergo redistribution or dispersal away from a central location or authority.
In this case the central location(s) would be the key servers, so this is decentralized, everybody hosting their own key.
^Note:
^We ^are ^not ^preaching ^against ^keyservers ^and ^services ^like ^keybase. ^You ^(can ^and ^should, ^in ^my ^personal ^opinion) ^still ^use ^those. ^pgp.asc ^should ^be ^seen ^as ^an ^add-on ^to ^the ^currently ^available ^options, ^and ^my ^personal ^goal ^is ^that ^we ^someday ^have ^mailto: ^links ^with ^somekind ^of ^attribute, ^and ^I ^don't ^even ^have ^to ^search ^for ^your ^key ^anymore ^when ^I ^click ^on ^your ^link.
Hope that answers the question!
If you're going to fork Cloudbot (which is pretty obvious, because I (blha303) wrote this plugin [proof]), why not just use that handy Fork button in the top right? It keeps attribution going to the right people (not a requirement of GPL, I know, but it's a courtesy) and there's nothing wrong with using someone else's code base.
Also I know this is an old thread but I just thought I'd say something. Seeing as you're talking about your http library in your other comment and a lot of util/http.py looks preeeeeeeetty familiar, as someone that looks at Cloudbot more than once a week.
edit: You've added attribution while I was writing this comment, thanks. Forking is easier for keeping commit history though. :P
Gratipay's option is just an address, entered by the user.
You could always confirm through a service like Keybase. For instance - my Github and Twitter accounts are confirmed there, and they are both associated with my Gratipay profile.
I would start using a GPG key to sign your messages. Something like keybase.io..... and here is an example.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Hi Doc! -----BEGIN PGP SIGNATURE----- Version: Keybase OpenPGP v1.1.2 Comment: https://keybase.io/crypto
wsBcBAABCgAGBQJUNVBrAAoJENBy88Xp1/2pSZQH/3lRn+95HhhMvRi8f4/zBg/s oUExRT+nVWCzX/tI9lXNWcYW5cd0RgicWVPVNEKkXdfksVMoilAQZfdkrrdqN5Wq hv3xhGMeKW34UwsnGZmqqTtv3tbljGumH9H9BPs2hBsszi7epUzLu0E1ELLJ6RF/ DttL4fhyLbEgzWwH0c1SVX2lM5KwqNX+zzK1UHjW4qT7lBE6VJ5offOqzT3crisE l81INGC5+mjpPfJQCvd853hb9o37180HaTLp3Pe+eVT7U96RBYQpjFnTlmY6FQFm A8B5QXYE1nUZw/lgr6r47+Uw3Vgd6vH0X7MLAjhs1Vy0P3K50yc2DLyVQuS/Qv0= =lCiA -----END PGP SIGNATURE-----
Will the scammers follow, yes, but you can enforce that you will sign your messages. If not signed, not you. And if the check fails.... NOPE on out! If you want / need an keybase.io invite, PM me.
P.S. I really enjoyed meeting you at MineCrack Con in Orlando. :)
This is a good idea. The trick would be to ensure that both the Android and PC wallets use the same deterministic algorithm.
FWIW, there is a deterministic address generator called WarpWallet written in JavaScript.
My public key: https://keybase.io/lucaswerkmeister/key.asc = https://lucaswerkmeister.de/lucaswerkmeister-public.asc
-----BEGIN PGP MESSAGE-----
hQEMAz6srRC7qqyBAQf8CwGt8JZQAfzeCeuOZns7fQcLumRiI9WorixiJwISnt4y aI2clUcbGNByZZCT7/kfmU/rPGaI0qdghnv6fsce85JiYNSZQFrtwy87zZSLmxbp SDbhRoK7GZ5A5HpM9FS5nUhxd5YRWtMa0MqAQTOn4yjujGkgJVEV7J/WXn7jp/NX u4A7ijcn0GkRwafu7y1OAj4rWhbqJ5LWjMlJbWyX7s0uU2ZzeOCBqC0Yb+nNKR/W /W/rMAhjtIhWgTajJgrlB3IBxgyU47DAJ58xOHHXKJCVx+LJBZCuSQDFk5f5aSP3 +SnJGsYbeBp69ixdYs+YBaewLMybYvjVDV493RykidLpAVtok0exleMlXNIbo7mK 9auzhyRMq5eOytqimcAxAN7dK13VM2IpXidET9IshNsiOGh6P7f7J7+zMRodMmsc EWhwsj7UoHrEM4pj2/zAMK7/owifafBRVk/18VBQo4INE9sJ0rpWjySUTKcpL4TL wblyU7saV64nGK4HgE6NyJ2Bq6Hgtik+8HRmqJzGLcm4czVHzXPoC+u1Sby2MxHF xN5ml2j7YAnUAFWpb6/nlKqjtU5iVPVtX9VVZpWs1uhvwpTP/ENxn6PCMfXMrZCr PJU9cUjzET3EC+3Kg1MIw/ys4oj+ag6iYvaYitp5QMC5Pk3eRjrQizlCp01YPr65 KFTNofwUuNNtQeA/6FLZ+RdWp+mAOiYAFvpxiq+6//LXhcX5wtcLW0JO+gsGu+k8 nV6hXdSE2bK9SncK9T1hfPPtQKZVZGZow+UZaPDknQCIY1ff/o6kaELA6R3V463x zqoRiKL1+yd0Di96XJ3SnusbKGMTxyNgy47bKqhxwaJb9+JpXYBvaux0bzjpOBaO xWEv6LnNe+uYkuXJecR1ilDgvXAe6sikcQTJPLbVhe73wczdX0Bq+y7dS8SBeIP3 mgB44FxeMApEJDcgzl6QWvmzoIQI4Q+S98TXaB700lBE7FbZSqjG0HRy7/QpJSmK bCX3LZFfgG/bN33crNKXMJmWGWzqxlsSWyNQij6wfWZz8WSmYMFBJFHa24DhT38R 7mpl3eHKu8LrbK+ZRYtrOmGeX7eetceRPfOUWXZ5+Hz2aau3Ep5ldkfoTQHobsOI kBVuNmxrFhT9DTorbH4RMfnqLgaAwRPw3q6LUk+kxJf46h1VO0R1J69aB9yyB7Gj UUl1ykIkb6xDTLoGKVGSWKJdCiOgQ3dN =pK7g -----END PGP MESSAGE-----
Here is my public key:
https://keybase.io/evilnight/key.asc
Here is an encrypted message for you:
-----BEGIN PGP MESSAGE----- Version: GnuPG v2
hQIMA79Ww58OKyhXAQ//aqu0klEWMr2UWDFgrTe2P3cSXUoqf5DgtEiQRlaPFdFP 6na8/p+NsPToTrC6/9qs0SaO8KZzOSFYfaOBDD3DLxacO23QWUUBru+yDItDpcVG Nd3OHvZ2ZjJ1qxkAH1JNtZSrEJZSe1JdTo48i94FIKJ17oxOkbhso89d7guB8GXD rWm20dbeSDUgHlwDFe5+ykVbZ6RDqjipz19IaHYbMiZE0uC4LP7T3LETxpyyeBVJ lmUgRpI58nSese5JN/DYcSF6fnBcPCeU3RjK2CDTt5RSWxZbl2bykhFjdPAn3qC6 6LGiQeXuJX6XJ6ZSNoJwTYOCIozV3OfHFwxsBGM4NRWpeqz8Xjc+HRWs/Q+Z4m99 V51Y0QvpKapiMee1rY4Yb09u9LXprd3DLSriDSU4ewGCNLjRop+wEcRDInOaK+jU QPUK7qw9+Ggd21sQ4UYYBYtA5tqlpkf7zAs6mRyDct8CGSDH36Z3AqPIE1msBfER MK5DAtZesJyB4PEdeEJUBMf5e8aNSjmrju4C0hFTgIs+K1kXC6oJMWc/L0+BVyDE p0HJUNZJRiCcUkEBWgQtU+Ft/NvsN1RcXiNelkUKZhXvfPCjlKujptlSon8Oqbld qGYGTpKziWVst4rGrJH09DSwFFP2143Ntl73qSwv5bLqxQw9oQN5GAGUQnm+8NeF AgwD9r/67RmgY6UBD/49RhHzBNSd9y4xkal1swk31Z22laPrVYKsN2ZNp1Yj0xLu IenGlwTqq/1cOsoL+1FjGkkWIfKjXqgKQU9DSkw+/B7CXxhqyt8SerhwZksQwD51 qXmVd6tHxf53/Jkr0FFX/8YuUck8vp00d0CjLbdhOzTSL9X5FhD7TlCsKurp0Q6W XCtHIqQnRDMNwVa5JpTehy25sm45cfdU+bdbXZ6JT80erk/Zh4Ss3NH+IKVSAbpv qwj551rEjOpI3p1GIWTTLYhHLmuAgFDRd2+ve90hlODEqZTiSHwoG5VYrCeBCGJ2 C6B0N/ei4lUZaZOq3IyWlGXhLNF0DXiNmDq3beQlD3cf5J0589i2R6JCkJ0nwsQI B0z+gqV4dLlPZ3H4y8l9aKWtTRCJH39OmfKVLAL1PAg9yfg3Yxkig3cqVvTnaemC LVfe8NqxHVpsuUcUG2gXF9gLl6/9FyZLTwuQ7TZ2OIRnMNyHiz9tWTbcOVcoR3Q2 Lr4DnGCBGhlKh984q/gBlnj5xynElDy+FIvsTgadKpa6AqUkGkRZPVxgWyRn8gQN D9GsVVnvKIUXHCLnR7eccFaQoxfVQ+rInjuuxVgq+LTTVy5bMlN25U3VMTphxYC/ I/UvOn9k+XLIob1luNpqegojK38lQ7LUW8CjqFGMIIl7sub7n27gWHKJqze2qtJY ATwdF02o5sUYJuheC8Xf8moDez9ry+KGF5+1Bzvh6yTQDZzhLwnzXVK79fHwgQrN bLZEj+HZnHXjqTJozuxCMLqyYX7+VJhqvQFJeLYkiSVTVCYbaxU60A== =ls6C -----END PGP MESSAGE-----
Remember to hit the reply link under my post so that I get notified of your reply.
>PGP traffic
wat
There is no "PGP Traffic". It will literally look like email traffic but instead of seeing text like "hi let's go do terrorist things bro" the text would like
>-----BEGIN PGP MESSAGE----- > >Version: Keybase OpenPGP v2.0.46
>Comment: https://keybase.io/crypto
>wcBMA2Fun8SyMVGTAQf7B/3GaRuFEJvLB7QrlImFJnRO66CSng2ETvzCFuuKZkZP kq4lFl1F191nEGEgqiHaubPzOT/RB5RbyTpdAbAV6AU/Jvl0lvySEus16mRR/T3+ 6EIJ8iLvAe2DzHsy25Txd5hitCTzK3MkL0nX9ySEHLd4E9Kvz5k5YYUwXOZUymhE +HwSvDK9FFpF1/ekUxQ9V0sh6t3LRsvYbhdnOwOjYyv1nPI6jhwqA/M3n8F9e565 S2INb8WRAyXfvT2Y41HMOcwFNj7Zg7ReKIeoC48c5OKWLJYr3fBBIuoZcjM7JOzn nw3EIf7igbPrEWhVp8lbe9gZ3mVgFQfYGZkaOTQ3IsHATANhbp/EsjFRkwEH/iA3 a19yXJp8iPrT+4ttl3FyRfsj26YShOL9yqi1XTDydSiKRQFBfPqkoK35AiYzcwvf XdFKtirRQ1X7Gp5jXNC5r5pCzOHEk1qmhbFwQHkM+K+ahGtUA/5bcReA4Rg5lKht 8/YPy4IMLevFci+NCFNoahmrjXtgmhGK9Ivk5W4FYwhtHcVS/TftXu7y5sOF8C5s yIK1GT3xR1EfetSGT+2ZMJFbnVPr+0PhVeKZsVuALSBK/c8S6a+k7LHYe/ABR+5T K6YWg4FSti8+1juyQFhBMG6QN7QbOyfrlEjEgzMT8ArwIK0Lb2JPh+KvxcYdRvdZ RyBLD4EIYUDKvemsYLzSwNABqmsBPyVaB1srkFOYzqxvuEDyRY8x98AWj/vRLJRf UTHkcZXmOR6Wi6CYh1NxID709rEja3bxUyM81+ylUvmuBAJCWdlEmtv39jcajvzx PlUrgoQkU2lJI//3Bd9m0IeWdhbW7k824ixhuS87hJnxLfUj+/CtbMx96gANYpFc NK8pr36pQoh2Y6ToY5TlDmB9LE2LOArjXo8hmD9t07qjScFNSVbMBrlTyeF0fcWm 9CdULWItJoURNJPXCQV8K/zkyIJ1oww+XZ/7Ix7sTG4IxUM7QeDHlig1NKm7W81t DrzMCmCuXcE/hxfy0JnTTsuVLgfAykF7UUHf+Q5o+Mmf1CXbNWuQVH81UGUzF6pV UYhs5OPCMtx6cAx3OWNNK4l4y5KrS9w2uzIuSKNhO+ARFqlxidlxWgs1KYfN4Nwc j63gdd54pmZQSTPfHVquwDGjSVue0Na0vUci0Ao/EkSlaJuHPA1DmLQ4usdiasLs m884nx3s/fgz+s+revg72Dh5eHIl0MHNQblMNwtLF164 =UrDP
>-----END PGP MESSAGE-----
I guess scanners on email firewalls can pick up that the message has "PGP" in the text but they wouldn't be able to really tell if it was terrorism or two guys discussing confidential business plans or following regulations saying certain communications should be encrypted
Here's my public key if you wish to respond: https://keybase.io/ameo/key.asc
Here's an encrypted message for you:
-----BEGIN PGP MESSAGE----- Version: BCPG v1.48
hQIMA4Lj4wt+TKmpAQ//Q0k+3gr3M/ytup0WTBpwr8ruZm48clonhYbEFOC/bOTb CR+yCljEWEPYdGojeCqzIxD304a13O5WqUxFAVVaCiMEMS84N1/6OGH7w7CeddpI 1i30z4uv+mqIpPqQiaCzfskZNrRnRnamkjk85U4DlUtpSRhhTzfPq+cmwLoAgLdq KL+OEquRSbBcjLEXs2a+r3HPWMhPKbRgr6VoVpsHgq8/T2x8W8u85FCj9KonYCL8 L3kBVRuwmRdOFnTFT/L3npF0rBsnm9it3IW0FskjqazJFSuW0gwMatJhsB02vaZF a70sI2BIqodXHLLsdou5oaRUB9+WbWd+qdxc/UdX82PV/YuWNnufNOJsNRN8h+0/ dGFGGGwaPlBd2/RS7QmQlTq8NfujLvVrii4T5BRKAoLWfnshJBX7YniqDQIZgGoZ 20xW5Er8irT8PyjEU/IhepbSZW6KClVO08EbrWygoVyn9uDQjGtKj01UHouaOnIT leA9Ujmg4sdRI0gJEsWhM1IrWRYn6Tiv2OZcxmkOtMHcGyQSEgpafrwKH/EBvv0l v5IzR5AiSyNJ56garh1/ChKvKvqDHzLkiJSIsKkikP/39rp18FEtSZdMizW2dTnF qM4D74Yoj/bRLDKOLsKdrIYGaXVDDo6oZPYIlch2OdA2/OJZ35ZzjW8LZk//BafS dwEjQY3DunlWRdDN50mm8fZ8mlj2QYGJhs1WtrkQX3OVTWfg1lvMRWgBac6frO2d i/BLZ9x3PdetHH8TNsuA2ZfEX0BDmIwvR6xksG05bmhORNa96bQSkgDm4DNh6vBU 8y2/zMCTIpMz/K1lRcVz3mNx5FCSoShu =vmF7 -----END PGP MESSAGE-----
I guess now's a good time to plug proton mail (https://protonmail.ch/)
Although, they only periodically bring in new accounts, so get on the list now!
Also, keybase, (https://keybase.io/), which helps make public-key crypto super easy and accessible.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
http://grams7enufi7jmdl.onion -----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJV640NAAoJEJdH3pe6/Nu5bVgP/AjAVwTobKXHDr6TrVdGaeYT ktd8BVRUXPlY61T9Q3X5ZrX2jAY9ZPMwDVfjcmcZuhslasOm297LqmPr74XG5bvy HdbX/bXAX/xy+bRzfLaStCdcpq3SK0UMATxFF+hkSAAWXeNsKhkMMkvLz0kTMq0z p7hR/a4PnlWbevB5ZsqO4Wdm/8TgTmzkmBRQcs1XVqfH0Cz7ddO033Gb2CoJ31YC MjxjHKfQtMFhFbPM2ls2d1Tus5ZBFYBfbVofwQu/Jnwht0xgsqp0CDilkMIgJ5zB dMlHEagarO03CWH5yqraM4KscVcMznKJ/2nSK+KAr29LhJNKT8JrFhwJHf400OQZ aYDFy+tSjEuhZ1+sSv3YZCUbTp2Pl+EtQpvQwmc2z7lFWVgqiCi0qy8m/LJ78CtA bfU13ZYI7B6fin4ScbaT23U8AOw67cDg0OB1b3P05jMyQfpZ3pfpR2SpqNpd5L5O P6QUrKZO4z3GOsOtvjLQqG56RR/N2/tOAqolRiQkVZtmiWfYbozLqlDNR2kXgytH GVvdEPBSLo94bBQT7muKW8A9J8pf/hv4ztZFwArd0trQ2krikKkX0XPvcTPFhP0g +VJZv5kxou0jS7xcxVj6FDI7/ug/jQTsZrKUqbSE3dsXkPTVlcBruQCBVLqc9Ym7 atI9L0HBE/EuTh4GALVS =jsgA -----END PGP SIGNATURE-----
Pubkey available on the SKS Keyserver Network, at https://keybase.io/sapiophile and at https://www.reddit.com/r/publickeyexchange/comments/2cmfob/sapiophiles_public_key/
Ooooooh, definitely please get me involved in this, this is my jam.
GPG: 69E7 EB65 1CB6 19DE 9153 3A2B D16B 4CC5 857D 0298
- on the SKS keyserver network, at https://keybase.io/sapiophile and at https://www.reddit.com/r/publickeyexchange/comments/2cmfob/sapiophiles_public_key/
Keybase: https://keybase.io is trying to do this.
Create a public key server, fix the web of trust tracking issue and then create an API people can use to abstract away encryption in their applications from the user.
I've wondered why FB doesn't do this since they already have the platform to publish a private public/private key pair for all users and then create an API for third party apps. They recently let you upload your own public key, but that isn't enough.
Hopefully keybase will succeed.
-----BEGIN PGP MESSAGE----- Version: GnuPG v2
hQEMAy+CQmJkV9NsAQf/Z0ZXHeHsZJoX9w1n8RkEQJze7LQrSd+TcIMjEO0y70oj uIOoPdGwIi/KDsltjnRdq1aU4/c7AOfMnDtWYCh7mNox/Zp8kBKUYMKn0vhxTWPH T+P3TBFOoa749M8oAGnRs38NYedj1Mg5aIQy2VGAz5T1SfpF+/EIuo4MOXxpqWTk A3UZ6yYBnO8lCINV2JtsZHSvj2LCS7DW5zYPj1akE0Q9yAdb5uygP9/7m+i/WGJ7 0LGMNjGx5hHextpVPlPhIYkvcyvmjVTKVqvM1g4GKG5UqMfy3i6Dxf7u8HljZhuH PLHopOjvtLUVoLJGFpuxfQp0M5VwPnTvg65AO0Pzw9LpAdru3Z2X5VLWfdB89xq1 PcXESK66YnpI7YS1vDHOnQdAgFu4Bc6oiEGzZlslJEGiEtGWGsv0NkbugJOL7SMg fWh38TU+6JDpUIfQeT3/4RH2SgxLLzbe0nYqMuvVTh7DCpBxL6XEMwTRVPwe8Cix ocE92EoM+K3FbUDbTdqS5ZmfLy+EGYUmNtc2cUmkTeV9XsJmGHoX34xziUvcN04/ 12zoknCY1LDhWlyGAY+OTkSvtvHw41rzMrNuXJW0q0QfbrJtvNIDjqY06JrIcPdy iyGqyaZI2DTLeFrXXyrKh7lCUYOJhOZkSWQ1iP9+vVz6RUSs/oWvXM5fjxzBG90c 0Sq4puSqkLn3yHjVqjISCAkeRV0tIAa5ZeJX5v1R6jifnoXGbopoGKgEQWIwV1Yw sZQqNpTsfTX8saXeiqsPrtrPqn14oSmqesQJodF3sfbYR9UgzOTIVauT20MwRjwY 79GbJp8PrILJJGYfOCNY0da26B94coL+KVQGacrMODnkGCgSLKQtMslI5Sbn5L7y 2Xd4ObrsPFPj09t3eZi4VE1UpqCUfc62KC0ZkCOHliouNK0YoXmvCbhdfPQ9LGsd PI+I4kVMywmEWEy/V2ySRoRSGWCSlcJ+dHsxcPU0BycgkXM3ishvk+Z6l+5QYD1W z2syoWrVEmWS0b2z1AvbEZCbx1BBXyOcr3h4eM3KIBqINgPSkAxCNbLTESEl11Hk XvZgmFYchaFr50fdQfB9FL8vmMx+/9R1MLv/VnDzWoTyhIFDLL08exVHfXBZAb1i 7rtsZFbsFq5cCKPr8wXRpF/lanXkI7Cx8IvUyZFM9Pr/dZQgFzokYR96om1flI1c QDgGkmJjQeAH+Uf37rsNOCyrBXicJbUtxC/SiCk= =esc7 -----END PGP MESSAGE-----
And the problem is always a timeout?
Do you receive many small transactions from faucets? Feel free to answer these questions via email or via a private reddit message or even pgp if you want
https://keybase.io is a new one I found just today. I recently tried to use the PGP.com Global Directory but I wasn't able to because they require that you run javascript and that you put in an email address to verify you even if your key doesn't have a linked email address. Which is silly.
-----BEGIN PGP MESSAGE----- Version: GnuPG v1
hQIMA8iAGJjBUPdIAQ//YNStegUnZVxSxXUSHvIhMK+Lssa3y+uM1fBVVhrissSa A7lrU2QI+Wx5XENqaizvLPNJq/WXI1sOAhlSyHZRR7Q4ThpCJApTYEWRj1dtvi3Q 38uFZpxq75pyO1jRsAiOWU82/0e+hJQIDy9cbYYB4m6pbXBTtSVUNKI9+gfQoLUx EywbtvUmviJYWj58uchr3DRthuAHnOmMwf9K5k/Fqa9DrMQLII0uQTAepz6jEQNV BTQlKoEqHS62JAbSbgdE1rVT10tu9VljQy+oaiSD9/gpw3Pyvjkq43aRmb0ZNkeh Osuu6Kqq1AyxO+5ww80h7ys0Nh9uoZu7CYOV9br6pmnECBFycEw2dspH9EgqJUeA P7LVcV7ZUa2wWIhp9CHE1gJal58M2s4o01drKEQb+LNg4fDaLznjuuD5dTtgtRou EwE7YSNVmZUHLRwq02WAXQ4zHgLA2TvxX090aB3c8ap4LS0zf3KZehkUASqXPf7Q ytMXtsIVN15MowMC0BtUXPBYDQontz5TroQTECrlzsby4OPgLZ6WYT1bWx3sRRUK 6xHmeOEKvooKdQ+RHU3NaFVTT4AV2eL9eqIUuttYAEIkqk4d84qXsNpnTpijnPmA /hZVcqqaTYC3O70fRFuyO4pIjmYIxa+/WC7r6HRpaXM+blEAmaPVTCV7DwdO0e7S wHIBh1ki/RRbI9QU8r3RlZuToyKEkxX39zblYLGKCn/LJY1X/dvoSFdCxKOtM1aR hk1LbsaAQBj4emTxnh3d9Nm3m8oggOwuddpqeARjTmQT1UnyuvFwzX9fIzlopP6w SEZde1xeoZhcEUSp28sUNH0Qf7XVaiBzPXzkUeCyzGo761vqNxhvPmnirtwyLSfq RyzbV3l+c5YNkQKEjeaC4m3CAdpYjz41RGXKxtUt5t1nXKbyLu5Iwg6iFHa1LGZ4 4CqIysU8kzrNHEAsEzG+O5lyaasA7HdNYcT0CjBdztyhHKLaGdVsU7BwYDouTlcV kPC1n3dPZYk03++rgHMicbWhgk1a7l9XiadPQwkuH3DxnsanJxitM2y8o1ttlpLz NvOrAs77V6zUfYGSypBMzFKHCu8= =GU4M -----END PGP MESSAGE-----
You can find my key here: https://keybase.io/bpeden
-----BEGIN PGP MESSAGE-----
hQIMAwAAAAAAAAAAAQ/9G9M3VB29TCVZ3LMbhG0SYecaAZ32PGrqhxK/VuhiJMpE 6QnJxCRnQfaPWI3svVtL3N5czaIce9CI5VK4lNRaDGk19MEn7rsQ5ARO7XWrPFHJ 2mPYe0W4UlAMFqBENjcr2F6cBFzQiEKJkVbXFker7qIJXktbK02BoPbnlX7GDsYZ MlWTmFrD3wH+ll2Q8egQF7PEif3wkW6A51Fgbcsg77NjfXX7cMo31IpnPIkKPqdn AMCA9jBPxo4nN4f+AcSL5szvkU+3z0IMhdc2+lLPJtMzYVOVeIphjhezAVWqF354 K2Uc4eZIWSkLiKfi+ZFJjs5FbqOagiq4s6QPMI4MYm4Ub55Jks6XyBpGUOkUrJvP AHvmOQU/kWEDCQmwV6NzjB+wJYDz8zO9s7B2kwwiSEuCApulBm/fT9MpMoR4hRuO 4nsNd9Cs6b/c9pVUEdl9jfbqpjY4MLvNE7gV60kFBfhBPCzn+Q2nrcof2KzyEbD8 otTx1cAISCnEaf1niPLtyMuLd7b46wpXrkkJxFS/l/9mhNZAyEHza6dgBwyUSxjM G7wqxgQ2Oa9mT40EltOJRet6l69juTbaL0vKplbKrBmHC3e4UrhlqILLRF+V0abC sY6AvkaikC2Nz9cN+IqyRRp8NzTCKE68QaLLtf0uaIpCXdFGPvbr/FFNk4MVjRHS XgEjIPy8wuE1V4/kw+Sn7olVuRk1I/skbJSuEiojs1xKWMTcmTT48+dA6d3bVlhC PW/liHir7gEg06RIOj/aNRSW1y4sufiMLj3yJERqrv7et/l3smhr9LzDpe9Yty4= =V5tF
-----END PGP MESSAGE-----
-----BEGIN PGP MESSAGE-----
hQEMA4UGFXSvSusyAQgAuCZlC48aVZPF/SDgTY0BMS1LXBkDd1OEQGJO7X8NCdnp gQZ6MU7hlGq0PsQ3VagK8PLnlEpk6+uS5p+sz7LYEXffhj+5lL+o/bMIUCwWSdOH tDkLpppnE6/JEvl9Skd5eAlGDvnGVYGcvc8OyNoD4S/a3vmcGdjpXBUUEHF00+eV P+ttcdkyP3FID+4QdGUXA2o5Rv7muyzCcLrWIT6D8yotlbHTdUCDfBvFncmJrJlz X+1QVbQx5E0CksF2CQiEnOBO65ap/8guKmo1Jbn2tGBFjC7I/lNfXfJiv2fLt03O kKBmsb+8sZ/A2PR9wSubh3O79x5Iw/FBrzy+Y0BdDdLpAdqhhQUz53YvETQp/bHw ugI2IUFRa8RVRNyE3dozguwjLJ8cXQiMY1PdHgh/BUt6bsfdXSov/6nFU1Kb9OFZ vkNscsg65EJEsvk2pNaPodknUfs3vZa1MSrmbjsXG2Cq9hHDkNVq1cH/6G6zhoPx trKmCin2npLcJiFhx9yD2TGE8frJHyASMUZpybwhFLj4XX+DHL+DCh8tc1EWyYe8 3SsZsrasjup7l8QR+EWJ11DbGST4gXVOI18L0opuFGxyOw2JOt3cCZusUVz0Wuqr Jon7IJe3LIynRBTg02ZW+LYUBKFB18iNvy3CDxLSlXlVPPBCRRsmbXtWm1Wk80ZE pwJEYYiY1cNECNPgKOQECUTRaNBsbL5dcS8/cO5Cq9NB119sdV2sKUqQmDy0A/ER q2L7TYhd1U02L07TDNlbQ6AgOGPJ/DB+AsHlTgmm+6zstPf1yW3QS8c968FJZYYA 9p5VxQi4574Gun/QeRdgYsElXAGlgtMZxkcvESMfodceCmtvBdFJfSdxV020zTl4 rPQCs0GzX8NWHpLuK/Xel77zk7IusrcLx2szkae6P37sTTd4jX2nCipldIV4T6kf IqouNonR0+mYcOvDc4xLY/ITzkSlRxKKKwoRKNz8gNRj/zPYkGqQ2jvX7N/Ax1ox 6CjJJYw6UFknAPHGI9kON2eR/HDpBtrzZWx3TL5UE0BH4rXtvkrRKXX41xfzJHUz M50pWYzOpPYPkMVcRQYiw6QfH5YTcxoww+bfvadF64KYNNPgA0rpuxCzues2wTDx r7ana0hFZagfCRoqzcLdrt9fho6YVrpKEWm6kAEA5scwsPVp9mORVN63B/tfFShh RjgGg13mo3dBXucVzmQVWEH9BQ== =Q4np
-----END PGP MESSAGE-----
My public key: https://keybase.io/bluedepth/key.asc
Message:
-----BEGIN PGP MESSAGE----- Comment: GPGTools - https://gpgtools.org
hQEMA8Qd2a/u64p0AQgAhZFs7uIuUTT0ErhPDCcSThVWN/Kx7S56XNtMTbZOMFh+ N9+Kuie64wuYVfwWDR8xQc7ynDaBkIBJ8tZYPYQy+2Y1oXBU6jtllVMcZaYMtEQE yxnrBax0pL9Kt9R2jGFHWyaKDLB64OhG7Jyp+vwBAGeAREUYYbomNvNpoxXOnkSX KOwpYOfKwIuN4fxNg3ILY2VoRk6vlnnwFVZayU1TY+oReFMImox7qs/gC3hJimdh KxbDwHmnjc13Y+1WZAMsQlbLfkRqU3V9PeKg1LrFZnX2kuFJzpkMR5Cp2ujbhBGH 4WWQY+EJlGk+LQiN27mSgPFgG3lfqbmgoFqrgG4K9NLpATXjs9EvEcEPT3T/LpXt xjFTPB0KQNCqX40nPZHBkJESTR+vwSRKl4kPK+Xrmj07GJZoUuXWgeFjIn8ss4C5 WfzA+1lEJPgCvGnjqPj0R6BBNHoIAvSe9ctAxuH7eUBayQP32y9UY7jGTjmJxjhU +pw3TPPKyfuaLLiUSr8X1jD2Jj1QywebrA57L92uff/D0/t1IBZ0uNNoWppxQxLH DnoJcWub8IEJ+ik41tWbhbwfPHc6AF/FuVj7414Buqqq2AHZWWn/Br9ConzpL7Q4 beTP2ig7U/V/wNFAKSG9jmdjMtGa2phJjfVZUf1eEPdxqGfhxdFlGSJwG2dAd9CC nuquW76ANOc93wEoLzbZZk7yjgb5gct3rzGAXtFKcNNOtJmWAzkKRqkpuAIwlZOS KhJOcUYvPeaARtL6eT/1qjKXzD2J008SBsllaqIQgbEEOxtUHRRGzQ9sfY8IXcVv wl2kgispDKJHinPzwcuAqzhuCAS7ZkXKtbeznEvFJE2+qAnl/SiRG9uxT4TtBIMM qmgEMYzKuUzB1/+S94vLsTMhDUvktxuLtLFBBuVDN9NStG8uP4sDkur3ya7EC2W2 v/Mog5QB76ciQpME9FOnR1bCrib7BqPCvlHK5rjgLvh0rB+W/9VQRUeS6MEzK1W4 6n1hKfh6fKlMeDxR+svqQ0jAUqjbZremhuXcCp7EfMlPzt9u9aCBPsUh00bOsrim p13kSACzeNc2GyNwV8mtVHADZ+l+wSVWOJsqlCEdsAa/UNMoLlKXNEGUqm3jPedl Kz8LFqa0ST6tZzRBPambsJFyos4SLE+HttgGqFv0lFIfqr06YI6KcQfy9R8cGdPc SkGv0sCO9DInE43CUZRKgydu9M/853jhl+C16m2m6ttdUz1WHdBww3Rt7qkkGz4I u2NhQILh+t2vJ8Bh4qXC8ESoy2ejM7r+Weqsy+R69t1cYhk7jtb8cseLY99lVN8Q O8YRuMOI/34KNNclb72dAccQ21hZ4LehaDh33xJRdcXbbaAfY3koMGC1cDJOPrUZ N2Xu0Yo= =hIKk -----END PGP MESSAGE-----
{ "body": { "key": { "fingerprint": "e7ed81871f327e74fec81beb9eb2616fc25d40a9", "host": "keybase.io", "key_id": "9eb2616fc25d40a9", "kid": "01014b81e26c487a7f608847be570388f68539df7b3a4e3ee5adbd9f369c20339eb40a", "uid": "3572ca6fec81406aa6edbb9ea807c619", "username": "ven47or" }, "service": { "name": "reddit", "username": "Ven47or" }, "type": "web_service_binding", "version": 1 }, "ctime": 1436651609, "expire_in": 157680000, "prev": "8892785960055538a3be3a9b1736cd9af9049e5ac5c724bf81df7859df864b61", "seqno": 13, "tag": "signature" } with the key from above, yielding: -----BEGIN PGP MESSAGE----- Version: Keybase OpenPGP v2.0.20 Comment: https://keybase.io/crypto
yMIOAnicbZJtSBRBGMfPtHxJQ1BQsRCXUNKzdm93Z2b1S2UFIfXBtxCVc2d3VpfL vXPvxew8ITEKNFMuekMsISIIwaJUiCxfEsKryBAMPwhllFB9qFRIyebEiKD5Msz/ +f9/88zDTCREWuIiYm6/nj+gjI5HTI0ir6Wsr6vCz2Cn2sTk+xkH2dg03aglpsvU DQ+TzxBIVMQhyGm8DRIoaERBHCZYItgGOKApNlEVWFlirEyd0x1OUAyW3WSv7qQa Pdh1lar/8Ts2CizHcgJGHLEBRUBQhhpgERIgJiJkeYQ0gEReUjWIeVkgPCGirGJV 0nggKTaW5ymY8ijOu4HjRWhTZLDRpsACWQZExbRbGbFQAVz4Xq+bmIZcT6jbRwwB Ok0mYGWo6NMVEp7AZtEkqqp7/g2U/w14mlxhpZFg+2bWjnVDpdOjER8x3brTYPI5 6lQ8ejjMCTwAIgdYycqQUy7dJHY97BAhQCxdVsZlEh9FIiTZIBIlwLKiKPJI5jHh ZQlzkAeKKsmaxAoSnYMiKtAmYA1xdDzUr2oICBhwTPg1DYaTsnnap1xLmW691pA9 XpMwgbGnVVGWiDjLtq1bwh/AEheb+OdbdEZEr3sfdX5tLH63PLeWPpyhWE5/rAic jO1K6rtx8JOvJD8005GW9PnZGJ+YmhZ/9NLMfEugyAtQzpGU73Ot6TUv8Vp13tuO 9ixX47XRheDKLe+FsqmRaXznzGLDnmaYPPAq8vrw88jCmuidD9tDV3dn6pwkv49Z XHxSl3E8fcevyaGl0Fn//V5HXu/FpPQTwaJDV6r64xdA4XYx80Gru+VF5ePLybMd E+PVkpC7qtjbCgZDk3WZUaWF60ODpTnIMTww86Pc35ZdPPKt+8OXYF7GUk+vem+k cjb13LHmuf037wb7tZ43u/ZNn09IzC5YWe6vr0nJ2VNf0Z3V4Dy8+jO3rOQ3UxQj KA== =+Ysz -----END PGP MESSAGE-----
No, seriously, move your coins. BIP38 paper wallets are great. WarpWallet is way harder to crack if you really want something that's like a brainwallet. You might also be interested in diceware.
We should be precise about what we're calling "encryption" here. If you're talking about unauthenticated block cipher or stream cipher encryption, and your keys are independent, then no, you cannot make it less secure. If you're talking about, say, encryption + authentication, then you can run into problems if your algorithms are similar and you use the same key. If your keys are related, there are things called (IIRC) chosen-algorithm attacks where an adversary can convince you to use an algorithm that specifically works backwards from an algorithm you're already using. They're not particularly practical, but they are well-defined. If your keys are related, and your second algorithm sucks at leaking timing information, then it essentially introduces a timing side channel on the first algorithm.
I believe that you can prove that if the keys are unrelated / information-theoretically independent, then you cannot possibly decrease the security of your message, on the grounds that if you could, an adversary could just break the first cipher by encrypting your ciphertext with a key of their choosing. (Since they don't know the original key, a key of their choosing is necessarily going to be independent of it.)
The Keybase folks have a setup they call triplesec for using three different authenticated-encryption algorithms in series, to protect against algorithmic (or malicious-author) attacks on one of them. They discuss why they think their system does not introduce problems with composing algorithms, and they mention a section of Applied Cryptography that talks about this.
Here is my key:
https://keybase.io/evilnight/key.asc
Here is a message to you:
-----BEGIN PGP MESSAGE-----
hQIMA79Ww58OKyhXAQ//UmWJldjZQQzGQkuxZkLxVKMfHBtvHnudJGVEllgluMNi qhvg1qipkKPX3fmsgnROPyRZOjFaYRmfoPGn7CODwLhlCSTI/+FaZ+m9JOuKsbeT YFA9NpKX/BIkmZPL+za6L4K+T8/Mp8kjZ+xHV9dbvuJrRo0dEIoS0Y5+Z7IdpvUP 5rOgoyTPu6wDA5mw4s9DisLneZG9cY8+x9x/IiuwyjUCkqesuWKrTCxUJKJYwHcu XteHm/odI9i9iFSiQEAFFIXCp1UDwuPshwLqqRhdDRoMKY5uCLNP+wCSGVzDNTNU RejXGG5aNPSbfvdzA6S3fIlNLg0nBU3CTh5igiDnKyf0VYf04xeNYcgmD/jQXxCv zHv+zgexMpFtQof18oaZSjlbHlrhTt6b/2O7Ap5DEISYHVDl0jD+ewxWtTXhGOk3 wtq1a4ovR55ldjOHsgo+qwviTLgu/2FWy5NkuN+MvpVTJd0DwDbHXrTDYkLfL/Lo mSgnguQCv2B7BC48h4tkbdupUhSc8CXvfhKn0ari6O0Awn0qPKjW4qHJyucRyHxQ 81YYTtzNGXJnzrGRmH7mTl5URDgaS1t8k1rvREBrqZwdWVYn6WltFHd5CrVP2h5D jKRv9SeoqIv1AFJut/VLJZ3ByEpsaOSj86kw6BfLEZAbEp407QE/IYeTPsziPzmF AgwDW8rEy0kYvr4BD/9MGX/DIQPvDFZriA3vil9HE2/yPF4Z5X24ZmOwUpmZbj3/ V+xg6tSkkdoCJ7ihiqXxUJAcbMcmGPHDbUSi+lnaLunPEMBCEUKs0V9p//e7gtOg CoY46aXtlHq4psAux6uq0J86QJ7A3aKa+vM7+jsrUAfIFxc4+znKqLkqmYlSBlp9 5A+rg+vdX3tv0LuBE/zmiNnYsluorn13Gs+cugSXQQqlH41NsiA/uSTZuEEZvKCK k2ahAEiFfBZ0ztVNG2PbNlshwYybHdQGTc8J7fSZ6DoSXn/kNJGpbR6Ya1nSWlnq 3EbNk7ZqbGFN2mQAS/zlonDmPtJW/X3nICxzW01wGrx4Oirv2zMQZKsGbDWv35O5 CRpbEkqSratMo0fKaPZdON5P1PznlgIYWISzqBpx8suHh6RIcSMl2Uewd5NUZ4xi crhjX5e5/e7clUg+9bs4LAINLBLBJLHTnwTrnniTfTNiLVywnXNr4WNbN/nVXBYH UliOYl4hy/ueZKmxJF/pW9+X9DKBMEYLnzw5cUKFwQNzrPPqNT9MMGqJYrFaHnpP CfAHxWP47EI8UyQ0ectdeCcUIE3eFZhNn2Pj/fzHU/zQDxpW+KpJ+kJs/zqdSPVK 9teZGxsSJdnG+NTnDETdVZPyi714VMv7JAOTY2SzaEf/uVKwQ3ZR+8mIu8U7+tJT ARxGWAcrujrF4zVO6OBQg28wbnOohO0Yu0jX24+bmhRGIxlm8nA18hGFRXzl8xwz MzLQ1Akv9jZGRNdURdyi1ZCOA+wvtQ+P9sTPiimoR13kbc4= =ZhbY -----END PGP MESSAGE-----
Here is my key:
https://keybase.io/evilnight/key.asc
Here is a message to you:
-----BEGIN PGP MESSAGE-----
hQIMA79Ww58OKyhXAQ/+NIM49SKabfqfH2EpaN//c+SJy/ZhpggjTA6PbBja55f+ Jjab5YvyxUiekNKdHZ8ePyG0wgx5+B2vhD5YUZeluqGM3jIJWkkrsL1GHHZc2Gi4 kt8UZ6lWn32Up11Ets5ZtuTPiFHuN7Nt8GtMKuoYnztH8D6EPCcJLbD7cnkQ7LOw 0qwIH2YmskPXJW+32pGW7vmPkwuLuRnEHUS9RYKgvGlrtUtNHLgQ0dxh+l2dPJYe pJfNQXPiMBxJN/fe8tGXxWHurhgwqdVznOdGt04bCo2cfGKaJjW8EdXPsTy7NWaD JI1sNDkvWssCoXX3RC5F/5lJKcEqWax7sAM7B2veXxSiGBzHc2mGqjgcuV3parI7 tHYw9yF/y7vi15Ft89338WbFeiVIVa+f8eOEBlDrDB/nsjo/b7vQhTMLP+UTyGbl c/0P4E15+8YAwNjj4+iPbcqMorNPrBwyPv1kpBAfbnUKlOGDOw/RHSNAVxQhE0qi zApNRghcA6h2z8D+oiqzbO7dG+7Si5rzfihjccD2YUBiDqy1nj7RHDexGEduE5cl O5qfBZZhvX4klSNRpXd4lLPsqriy4YoRTuWuP94SaLeeISsViQvs55lgqfanDV7t QE80txuoIET+h6pVF8ycp2l5QR+qmuqj0L+DIplMAWdwvWJzm5TYD9AkyS1Xbo+F AgwDh6GlYfY+EjwBD/sHQHB8Iqr7YCGcUZdGiCouvFMDk2KwyQTeUno8iw84s8J9 J1siSrn/JcNmWakqio8oNGHIDUwD2+WVgc37R9JPol14Vgf/9sbUJia7LHCwc7jK 44MtO/E7C0pyy0xvom4PscraQisOOGCz5PdzwJR0kqKuyoxUX7payHtgquDe31iW IGdj12zp/ERciSiCYTqktTpR3Q7SrFb61/mAeDk+62J+Y5vlsFCjjaLh574wY3T2 1XJF6pU2A6I/YW6kSL77eETXv8rC4025XJpPbPh2R3mURR5MGPpyYAXqxpxpkru3 5xsjSh1/A+greKPEXAdWD5EhmZYLSjiuz8rLKazCoyJjtX/+owwnQ2IGaxQ+IvIg DftBvgbqzqUMi+D20w0VNu2niGvKSi+Im2YuoWg7dWDUf0o9xcuMgsHUF7pczyJo KINtGbMAE5X0/ybYn4/K91X+rXeTL+nR8I9bybxK7aO1xz2127NS++Py60fv3E2U intJ/LV60ejjnzQgCh5MR5YQlb5V80Nk41vzR4tXz2iKD48gpZtWY0iERG6HylBV 9lWJzriGq6k84byV+SG777soIfwIfZKUwPDaxxWL0e2ScfF3UC7e5j44/a7Nnj3s 33o3b8pnGsd+ZQSC9GWFDBBY9ziVRy4zWQi8hgklF9aupBPUe46wX7KpPuyP3Mlr AX+ps6Z+RftIiN418UlhssYyZqpW3oyGLKIMM10UoTKQxfATBr3O/XEoz0Pf7V6N mGREeqwHbcYUYetnio9x2ypdtnV1i0LuauzhsFOSwtKgNtB4Yx67eO+jwHhGndnf GApTT24Ci27DtjI= =PPCR -----END PGP MESSAGE-----
Here is my key:
https://keybase.io/evilnight/key.asc
Here is a message to you:
-----BEGIN PGP MESSAGE-----
hQIMA79Ww58OKyhXARAAuvOnKe8hH2KdHmigApRJeL2PYFJYXpeRxg97Z1Q4HxuC NWjzETGnbvMbUkmz4PA2fJ39frnGcuS3hFmdt4WiCXIJ4i64iLwF9vB7Wgp9MPi9 UYFfdzysHauAkJmsh2+aSLPUpcdZbjF6RfJsS2cg86CgyWteF55oet4P8kHfGy9o NPPbOY8HEyjPKWL2z8Jqqbh2EUmzkfJ+DESj9DOIL0nRXfteFFi6ZQdM8RqY+f3X V1oydKZJHmm4uAvDzWaR63j95bL7Cu46NUV6VOuWxuVMVPr+3rfYIUdH7AxF6TWb KTllLxqna6vRBoqCX3MlZQroFViBj9B9FqnAI087AoXtpRF/KHPX/QR4MOFR5BKX m8Gz+iPHNbCVrfxi9FeHprxWIqZyB9FarWbUatXGkLj1TwqMRSqbieYxt4zTlAXE Iy263xP02J/8iZXwjXtrhwISw9afYaKB2YiDNfsIGzRDMfrEby5/rPukrt3m0ETS V82LqiuoV6fG4xX4Phaoe8kM8vK7w6qIT/Q6B3iXFL8vaEf+8F8MrAh3q46uYuyT Oa5Lzhv3OldDQ4v4FeOsa4ysDwbeEf6d8YqPr/mvKKPMHT3JGjxjL56ihjlvkdhv qco0SSKK6xwV9+U1q4SORlly6dP+wkII3AS9dSJ5trXyqrhTirRInlT7BHnVmKOF AQwDFCsruFDH+0kBCACmkiezfBNBgMeUizP29tG46wzi/1L1+zQG6QDm6TyJVDsn T2GlWsfsPzhX8UIhSpuWrYgmeKunWZqavVA4YKnC7twe/uOmrMkbNlkUghetu8pv DSAIMf6FSklh4NztoxFNjhueZWQAhVMtoybGgpGNAopEZ8yDwkKIScSeqenv1QAc XjQ3JxKybrsHnNT1txZqxJ+/XSfMel9wukcWS7WiZ7jlGfrwLLbqmHAX+YuHLjvE xUy+VMCqngxBTAcHJboUXD4I2JXyADfzdUUPlUdWdXLCqTFTg4RdQcJZEQI6j0Yb c2ZgaFu01Cojl+uCMSbxDJ843d7KhP1ksbbjNtAl0sADAf/qF8Mgbh+gysW1STn/ VMNLYqqxyfDODwDBzIUCaQnI14ziOJoJXjW2E/3eggX2USnD6ROlqoJpa1l0AUJU 1kvlzUCdfK+rL+0YR8NNQUHeP1WXW4EOTo93m99nhRpDXHv/88+hHe0b/zwsz2Pc GVkGulOov75f8UIZAs/WyIZVx9Qof9itBbYyO7UsjIP4sMVCiuvXITvp4d04bp0D hQNg9pPh0+XMgQqyfvH6xo1h2ASkJtj0pFtBUsg96TKFCiCo =9/TW -----END PGP MESSAGE-----
Your public key is not formatted correctly due to reddit being reddit. Everything after -----BEGIN PGP PUBLIC KEY BLOCK----- needs to be on a new line or gpg (at least what I'm running) can't recognise it as a valid key.
Here is my key:
https://keybase.io/evilnight/key.asc
Here is a message to you:
-----BEGIN PGP MESSAGE-----
hQIMA79Ww58OKyhXARAAtnLRhaxZETKUKvsOUBfh0hQw0lquoX5GVBJY7p9iGllQ 87UlleFOPXs8Z9hH1ZQbwdQCymE3g/TAU/cuSl2NbYK8eF1TenqAo9QCPPySNz9n NwpXhC2g/tIOjkBJreM7SHfdHs4l7gdleow9zcqQGvPz07eNYwl4D83OkguyqSr6 /UukTkTLwmKtwuXpsbJyfimMQHLYl0UVhwO8E0SZHnlmYbIFE8LhAkfyCgP7MRka ujjHUftH9maSyjJY4/HVtBB8RrA2mPYo56Uy6KiSlUsAH27IW9enud7gmeyWueP1 kdNtWGZV4f0peiC5Kph2BXBs1mfhpxEFTwfdpTnAa6w8SG90tH6WlOEuLUoS/I4h 9ByANdnEahAXNmN1+zqDC+DAeGogNxrtAWNS7VtgbIqAkX3OIIkNYVu31pj+mzGr GVTasegtaBrsU1nSxG79GZvzNDfX6ybmqvi9KPUb0RXL4K3JonnJAM2CMa9LzP0N 3c8VGyifM0FSMWFg2GKA8RVY1FNnU6iGtJXi77aQ1SjwRBRXnqPckWEulS88RAHh 9tRz4ZYm5MO7LsBKiTt+zFh2LyhJgQcTXU5BOlkULTx9uN/XVE3DtF9xV/+TEkHf igzq9ki9JXMgPcGOjfo5wg53rJJSwCUqZgeIMJYayMSoeBDXV7ynSWdPcA9yCjCF AQwD7IKaA9l3mNwBCAC6SRrQKFYAjD1AWn2E0eYJXluxYuEbsIxt32XrEx2sEoYH WQ8cV79yvsGIbsN9+7q5Z+gVDbMVdRiw8FEQneKDiZHZ80jHGth/yM5ld3y8hNTC ADs13PsypKYyd8YnazAN71ggIbdnZ7TeK+mbTuH9OhGoyD6lcdI4Ip+SxwaDSJ9M 13Y2cErCbbFgpaCy2icsmzAUDYz1uIvxBzcvhb6CTokbH7a3wIj2mz6fBXlD4+i6 Bo0FOisb0OyVUodY/bIKY0UxzDmDNxc08oCy3GWXztcpgBykoxv1WvQdo9sKPLOR hN/rNQC3u9bq7c6ls6f/BGl8UUqY/Cn9jb39aIq70sABAVwvqA/iyy8nHUvOSwmV ro2t+Wi/7Mj73b67TX719KYEDSJYimXv9lscHwnBj4VuagbS7dQjCwkhJc9mOMXH Z1QBC7poElnchoPgS0J+o0nb9BmuiKKcV7Wci4ZsYH7zMOtrb7ONxacdUXdmBLLs +vjB98tEAv3ZCFeLOadIx0zGojL92KCy98Xu+263MTbAjFfMuHYfKJIi60s14SZA WrDzcusCYjOezTFm1Yavg8hNo+hzSRi0GX8ty6ZAScNbSA== =docp -----END PGP MESSAGE-----
Here is my key:
https://keybase.io/evilnight/key.asc
Here is a message to you:
-----BEGIN PGP MESSAGE-----
hQIMA79Ww58OKyhXAQ//ce5LcpVX9kHzRNdo2eZmu8SWzChyZMGUZxu80bfdhG6j 6ZOuMSIy/hH+/bKfjBYDip9NBu7mkkOcKkcmPh1/m4/NzUTmcBWoEGfyayMBrVbu KVuON2I6KXSvCHSxkR1yHw4sjlhzOlnh7kn6HDddySh0JUxN4L0UKYI7NGoq9RGe 0QjTgNf6lkjlSfuEmG3Mrje0LqFXYqsB77l1hoVykL7L7HeI6tYbly4B8popAhxb rfluwQK/RbDgiSEzRUj8meif08LNVLUaMZ4b/MuZBsLvViwdey2Q7pZKQ9X+CTVp 3eEGjVAk4C+jZ1/HR/Al5fn5uSK1xIYIIiHkx09SmDbgn84NE5KdH2oKfsOAlu6M TQ3Sa++BytOX4fOnPQRXY9Q7RbSinXS8LCjzgHhZYMtg0pzfBcZUPxAQkz8ddeUw 4Z4l74Sx29ZyyXSjxz8ju51IzgIxGFD6x1UlJ6+GrWerdEhwvPSddXX2q1YF1vDk qWrWh6fE+g1xxbbWtCkCNu2I7CkF8V22rxttYkyvFEKmiCBHmn73Z85KEPFRIR/f B5pKslnthux3vAsLsW4uSwPll9RWwvqiFsSBzTOcl5jYr8gAX9mFzUnMPqvY7AjZ toFdumqhPNRaEDZYbNaSwhMJR9cNCj7jnXxtd7Sh67TF+kO/CHfR1Gb62fhgvzSF AgwDrXlalrfMFskBEACVHcqEhZVsRaRUkxWphekWF6EF9SGnmpXyfCakkcvBFFNc t/uWOfvFSK7Byw4LdKAFsOfn2qUozlVuGqXjzwimAJROBuRswIepzyuu7xZ7uG85 my/55JTaDQKl5+HJj4Gj93QXVo8dKQaDjB59dSIi/Wz8ljOF999TN5cRaiOnwIXv k9AzY/uJJiJdMU3sdOYVENUrQBss3lyggbuAvTMPgSyWabfMCAZz44K1ISpX8hqn ZNbScbYWaySVUtLsVxw5J54yvVHpF9KiHmmBSOSXOVGjU7QREmgIcZo1eIda24f7 tSugc+iFBC747GDqPYbCJl+5AQQinf2PrALYOiOpkXHDdJPXb29oXyVADKnR/qBp pi9QPZtapW6EwTU9z0iQj6KunQAcnWw5B/Xmky+aPEbB2R3j8OL/ZbUuivFOPzXr KgQRBKsd68Gopw3V7Uf2M9kCdb9wTQAytbaEhxfS7H+MUfnt8duAJb4Vpy9uJRmJ fM3ppT5iIIZ4d2G/RDH07aWOHfMX/Eh72LGTR0wLpPm2wfF3jjqFyvJdf9EaGojq 6ESKtx6lgRgO1Fju6Z+baV9Ut34vwYP1hub9wO3VncsuPfS2BeFhb90hKiFVRUOj RW4Dx0GqTAxspX2DO/d7Rh6dHa7HxolVGwRLUg8Pq6AsJrMHeuAfyG+UUjal2NJx AXyLDk/+peIBWc4/kXhP3lfBNLUHH+Q9vz3cI9ldosU1TZDKubBOXmkZ5FA10Jfd 9lIW1K7z8XCpftKiknLhiTF+6Qd+fI2BT65qFI8W8Hlw3vQMdy+i47cy9XGEowDQ aCduTQ09iWsSEIIJ96JoeI8= =uQaG -----END PGP MESSAGE-----
Here is my key:
https://keybase.io/evilnight/key.asc
Here is a message to you:
-----BEGIN PGP MESSAGE-----
hQIMA79Ww58OKyhXAQ//VeJqW+Dufs0nDjh9RJ/3JXpfLqRD+By6I/YZxFRkDkq0 eHj3HiF+a/U/ccSwm+EVuBKfNaBesfHaZjS9yoWHUQx64WP8s6Sc5QEKVNf8CB+r I6ceIxsuIejliWQizVVc0FwxOD0Qd1ChRZ0GviiNDe6qnXvEjjvh9IzJJ2RunybB h2vc5U1TfLDjN+nHM4FUOM3tg0FvBGYfC+CwXYhmQ8qq1H8st8T1wEetQEOaFb3v OCsJw1mZPZCrKbwxLI7cmrKn9/ylfVEuP+JyNyY0QmymLLpCqMZuoavECfrL0fhK GERaELY0jQaITS8V6gcj7gi81Y66ZHGMZXpdURfFbmCHSmjvugMOZlGx5F/YPou/ Iej39+jQ+rMYC4f7Eb97GQbb1HSnW23ActCyrj+NB03Pjq19JRy/uwodrryCGV1c c4D56s7tA818wGdmwxEll0YPUZsEYBRYsPDbtrYqLu02ERasku+vQyeALmQYOthh WVvRqlynid8KIHraGHTUyLzo/79vz3z6BPFAQ4aZvO1SeyK88Ky2EmOTmD277h1g 2HsozLqecY3yzukYUPzCev5tGJ/Go5DEzYTaKCy2135ogONatjJP+bgkxwWBvmfg vhbx3NBOdtsy6x0Lh7FZWPCetEUjFl7WP6i+GnbklL1w6uLkb7zqStYp94ej2ySF AgwDiH6Zfoq5yxcBEAC6eJz0uWxpUg0tnlqk7ZH/EFdMCBJebDEwl3mdQPoDlIbK Z3sszcyJT1IrXzk2OZdA1Xvg+ckaIJdvsHwxEbqitq2SGzg7jMOu8K/Siv3ZHutG YEtl3yVSggdJG1CsaAVSyvRuUrsqXbWi4yeJWKQJ84pXDq5tFbQJY+5AaC48AXZL UDj1hcdgX/xWch1scUpOv4m075J01Feg2HBtgowm3+/QmFcz0Lobf4khZnrewVGO L7Jkqg11Sm9YMS4qVNoRY67gFxieefXQPMbel1QO5s6vng3mQ3sm00AKGZo/EApo 52/B9B/b7rLW8kdW0KQSReNcGuTowLfYkKQNWic3azyCBY1EYVIUV9+4Dz6V2X+u oyJje9yybiIe8/3+zfhPI62zId0dGW4Yuwce2ZyEhogSJwKN/PIfwBT5Db1l9Bvo iwjEZwgpQB5UC5TFuLXIEysApV2KvnZyryY+vouOk8+j1s5qNGaGN3UOTxnMjJL6 Pbhk7u/+tr/1HUmHtxiv1XEQpvKovKc08Vtv6v7SgY4c250wbdWoYl1lNtJVbCZX G8hr6O8QdPz1pEmlorMG+kxxtMMQgtCaFrg4RXvOH0UcVqvTmwE3MjUIP9h0t2wr wuoBmQ6X9brchVKNq8Kw05I6tFOOGN8yl2OE2IbyOcv/Txsxbe+oZISlVrZNDdJz Ae4EYRY3VE5gxYAZL1xVGsQz8QPcRWeeh/DU3GEimRm3xs0RP0w1kdVFQguxj5IW UKPUZYmYo9zqtpg8Md9cfm4IehO1kljNZt7rp03cIyDUvRS//HlfIBifruyoEJgO SIlE2++Ao+aFCvXcRIYbNpB0fA== =Zaip -----END PGP MESSAGE-----
Here is my key:
https://keybase.io/evilnight/key.asc
Here is a message to you:
-----BEGIN PGP MESSAGE-----
hQIMA79Ww58OKyhXAQ//RcdecPStBAUFqYM4NhPMHI6ezCL4RmUCqIJEFiSKEa3P PKUvzpSADFf0wH/Ru45/7ZMT+O/s0HMvy8syw+j5OFOvagC0a4XYhVg0jlOTYqK5 jyO1k12fzEoBxH+v0uWuLmSUA74RAxIB1kyijnEXmRsi6PeTKkxGmmNUUjZbYQ2X OUjT4c6DzWQiL0JIje8tyVbm+EAFxUVSoChXoHhpn9YpyyXZA7z6pZw20nzLzy+G 26wX/7ofSx+HE78yuFJ79Q0xpAV7ZQSIPNTDV1iEV5iM0JvzQ4JYoOcY5YAyVA74 LWGwRsLf7iwgTDlFNdZhJ8wN6vegS0Lpuv/TYwm4KGuDZhqaDKRrmtbut0oTv+Uk t7VWJZC1/90+DpVFy8mp9S+SkBpNiA4t2MtCHpCbI+qoW6fYWC6jSe9BWwwg3/48 vr1DBP4lyaUkr6r+Uf9QLRrIuuzHVGJ2DlPzdiVY+ZLwEnADy3ff5nMBKyr5QUNx C34D6fzruygcGl8jYvPSPJZ0h5gPd+2ua6VnVGhErNAqF6fe0xPNFrtlmR4JW8/T XlGLMXbABJpdJo5Gk3xVZFSuRZ7gtZt4xVs/U7n3IliOzVRdO3bGi/wG7tHlw1tl eN1QkeRxTQIQM6xz+qEljzB86nJKFDeaNsOkNMZp3bvMeef9M//BXQOzIkbNDxiF AgwDW8rEy0kYvr4BEACEHd2e7TnAqQz9TUUhHZ1YsKHqR3veL8R4KgamxOhZGUY3 LBJohoQiOQkVA90WPOrA7yyXI+KQqgeBqU7qN58FHBck/UDYaPp0BIuzk3yhXnyr 1iPEcesDs6J3LCpaHhT1R7cycKZQoaAMxQdWPTrLhcq0eOhO4ZnUOD7TD5XhluSH pVF+5Gep5a5wYdsZpnOUJnHQ79Kent6b+5/aGQeXZjRxggDr76UvHcku8X36fChd vrcwpy+SGV9UIJsLYfSpEPNdq99gRrRqt6e/IxWnDnQzqpzRyUKaQyX4SE8xImvR NHAHtrIGgw6x9vgAgZ7FyWjMkBrKzOh9eTTYeMPhLcjSuMlxnwaR3u9dIL7nu0p8 1+eW2US81SbRlTE6kioT5Mr3zwz3dJpOJxnZdHZEBs8N69ejWLv7XuN6rMFu40iY YlbmIWVcqtLPDaCxlywq4xQqDXwRiPRYF76rY0fMPmYg/a5hbgaUpdEfbWHa7mLZ VuIJTLRH5JqXnHtQawHUVVvs7Y+bREGhKYm9496G0uKmUsY1jSVWily+siobR/nt 7EjbOULaJX2SBOKVDGnzNYTz1rqssxV/7GBLnRvTDi1UT2aEFW2IKXRsEqlUdI7Y ncpBf33/Axp1DuinGjWm2NV/bPctwQDMhFJ0VODo/x8kcPMIUlKDaFPzp1mrOtJR AXA+YGyMCDpp0WGxnxiSS4ign3i+7yFFCEC6xm74OxUTL/CwUCPSJSk0rLqE+u3h QuHpZaPyFVc/Vb1daVTLQnpM5do3CPzRfyUtNLaCWmVt =Im8O -----END PGP MESSAGE-----
Here is my public key: https://keybase.io/evilnight/key.asc
Here is a message for you:
-----BEGIN PGP MESSAGE-----
hQIMA79Ww58OKyhXAQ//RULo4DaM11rXzhEeOZQhEuEKp9G9bR/ksFYcxfnFuWsZ hjdofl9amlDdmteak5prbMp+6uR8yG6SK2W+vqLHGMyWMKM5wPNUSVZJrw8NkQEX bsnRZtzq7TL8OE5ZFlAethdfrW/Tyn3l79DqCGSQK2hXyPAt0KIT9i9/MsrDNz2F VrPcpr3OdEZ+yXPPxTdB04ysC2yR6s0qh+B8ZVo+LMJaGD5oGulNSkW+rUoofRZa Dk/eSJn5jo2RZshKFBEWXj8PPv+SEbVEYZk3c6t3y6kuDmnBVL+bUtPP51UuRuu9 KOj41wqRGsKifFub72wUuNKQgsJw64H+7+I8J5SxGaAbNlBaXq/TmLuBFgk3WNSr p/IyRu3gAwRqq3OiPIrrLpPW7E/q/rO569aKTxHr3NP9sgZOXPecTCW2eDrbCLEJ sfedf0Ggg7sveNRtLgKF3Gn6tU61I9CCawsIc2R+XXfUMjjiKeroN/GesTj4V3mV wnw0AhS3Q43W2c97S90djyIRbkR8T/IwKvLbB35pYwm3CQwP/HAqWqs/2U9HkvvB UqNH5miubhZrT17nBvo8RhpN/a2CKhEzOhO86QmsSzUFRFMm0qwBDnECv3o+IcSK KEC3yYDrf5EG18/0rDkQUdWG58mZXL1yQASQkLrMLz569sl3BanLhk1PYonw9mGF AgwD3ICyPX+7laoBD/9HeluE0a3lOU8dduw8T+Rkli4dJYRbIhMf9D8chsw8JcmY Z4IxDZhcNUtAk57ZVcnoGpG8o8pEiNbvxO2n4vwau4RjVamtSCjsOPW3ddl9MVSX dxcLQuDeUfr0Zunp9OYRlJlQglHDHJ3MsCRwfaj3+K88R8NEaom0DXuLAH25EY/+ vMjeH3FKdBPGZCGBh6dBbx9wKCPtj1uZd4b9OurdGoCtTvr883booEytDZvoWqlQ wrJjcMtQtPPVHFlhlfjqKmRCvAlURmTal2OSVJ7WRIGNqBSd+tPZ8B0ZwBhLTIfk sbIa72QL/tajfaLRkBbqCZk74tow3yZfO5ABbgbpRJ+hpUO0s4zBXx7LL+vda/Bm MpzR/vYoWuv3yQpRZsD7n/H1YMQpNEQ3xHwtZ+Ix8fddz+10Kl/lEAcZloO1cbP5 ojVkZRQ4q62acXQb2QQ3OCvUJsc5TGN6RUCbQPat/qMwrCZOHwVfJKg8vTUR/WfE 1q4iyq3kEEBOSpqZ1KclDMVkERZjbSIA2ZsyL7Fa9MOWmn5lgwzq1K2Hr6jwg/fR Er5XgpAuRUdF/yTVNzBG5ZfVVw9w+R1sheZ98dYOfEIy9Oj61iuTIr6WhVJXJlqG FFSzSbzLI/zVEQVRdWk+Q3v3b6UzAgce3Sg4rcOFQViga4rrJvsqs0nEuHtHutJv ASNPCC92jGLGjS9/Z6vcJiswnpV51kVLHlImnwB6hmpq/bIjKP07H0ZXu44UAXrO ALZeJ4+7gXVgmwGimPCZdk11J6A52H5PY9/QEX+PZwr3Q3e8BLWVCizEg+cYQqbv RyztwB3r5ZyI5cpE6dFC =8U61 -----END PGP MESSAGE-----
Well, the idea behind keybase.io is:
You publish evidence of your key ownership on websites and social media accounts using a special "proof" that's machine readable.
Others can then use the keybase tools to automate the process of verifying that the key mentioned on your website, twitter, gitub, etc. all match the proof you published on those sites.
Other people can also "track" you, which builds a historical record testifying that at the time they started tracking you, your proofs online were valid.
The net result is that people who have been tracked by a large number of users for a long time have a substantial history of their online identity being tied to that key. It also provides a way to identify when an impersonation attack started (roughly) because you can see when through history their proofs were valid (i.e. before someone started impersonating them).
They have a page that explains it in more detail if you're interested. https://keybase.io/docs/tracking
The egress of the VPN is still encrypted if you've configured your client properly. Not that it matters of course, since anyone can join the swarm and decrypt. The protocol wasn't designed with deniability, anonymity, or trustlessness in mind.
Regardless, if torrenting is your only concern, I'd say you're fine. The whole idea is that the RIAAs and the MPAAs of the world that are lurking in the swarm just see a bunch of traffic from $vpn_ips in $unfriendly_countries from $noncooperative_providers and can't do anything else about it. Your local ISP just sees VPN traffic and has no idea what's within. The whole operation hamstrings their go-to methods of coercing others into compliance with their self-serving "intellectual property" laws, and the rest of the world can go about their business in peace.
There are other useful protocols and crypto tools you can utilize when seeking to avoid intelligence agencies, like tor and PGP and OTR, that can be used in conjunction with a VPN or standalone. We know for a fact these technologies give these agencies nothing but headaches. https://keybase.io is an awesome example of a user-friendly way to encrypt your email and provide cryptographically strong guarantees about the identities of social media users. If anyone wants an invite, hit me up!
Because we all have something to hide.
I blame Reddit :D How is this
-----BEGIN PGP MESSAGE----- Version: Keybase OpenPGP v2.0.8 Comment: https://keybase.io/crypto
wcBMA7OJ0oVke4qhAQf/XHr8bkrQApDKwJ+xRsipPGiYu1pw8eVUR8qBoy0GXZ37 LmAwnEPw8WMZHs1DrO08J7gmfpEomCluQW7+8Ri/5k5E5i02W52SQNTr4cGIhtqm 36ztCHzJ0ea2WmbgEYAHFlSmdcz009/sr9V9iDAvJZQuMGx1CrIDXoYfFc4krN09 ZmlizdhrdZWuPc9OnTS4ObhzZzi+KrWlGeAXds8r0kfUfOUL57DPOIZKkjLLSdhW rVuiaEdq/1E0xBd7C4R5fEAjXjCTygT4qUXwX+zoJanO5dEQMyz32uHbFpt8BnCU kYSrNLcDe/4iHBtXD3+pPJz+VyHPD4B5t5xh2APKtdJTAfB9pQQV+vz+u0vxfkVk SK3Vtyk2O/kVpWKTWGXqruf2TdCf1wYBwPGj5q0C0Ppp0DVsHmg19845wb+xavpX p86TrtDXqCpFd6VMAa+8wpSvGaE= =ESCh -----END PGP MESSAGE-----
Keybase version
-----BEGIN PGP MESSAGE-----
Version: Keybase OpenPGP v2.0.8
Comment: https://keybase.io/crypto
wcBMA7OJ0oVke4qhAQf+LagocVu5NfVt9dPdPBvZsQ+AH70YxOJRHZtqTAjxNBv+
Dq+zXFNhunycq2D8Bo604aARX5+w4aM78SXcj5B2PAE0ew+aS6CNTmENGrCB7NPB
O5IXvhXQgfkZNDoDhi6OjmnM862CPEHaDpHa6CT5Aftq9/p75Yks231K6D0PtH3x
M8VgF8pUPKa2jvuLavMWaT5vFVTxnKjzi61jKyKZnsouXzQTbw7Zt8OquSpvvcQa
XQO9rPrW8pNT1pTTyi8R/h+34FsjR6FIKTBmtr523WpnWyOUrmG6qKHWUK/34Ls9
B2YBfRSVv6QWiwNu0RIFDD3Dna94MsF7wSRxnev47NJTARiKYRdYiRQSYGA8V1qL
6nUSxxkwgnPB2Z0CT2OIkweOikjFle23gyfZZevizhHk982MBX4qmiIqy7epVCAu
KzzDtjXC6+pxEp8FPz1YNvJLpAo=
=CX1T
-----END PGP MESSAGE-----
Yo
-----BEGIN PGP MESSAGE----- Version: Keybase OpenPGP v2.0.8 Comment: https://keybase.io/crypto
wcBMA7OJ0oVke4qhAQf+MT9+DRagMedPRALABbR4nduuaGqDjOH799sFWOAXTwZa KIRCAFt8lxAqTwZOABsvXzNqI7JC2asaGaN0iZXswW+/3aAae9bDUmgJFPXK9me5 H70WuKnWUQyeTux96P4QHzx34ftvOnS1QF2o09HYFln3bvyO6FBLvb2/qWSeQ5vL nz8aPIyfNuYzczzxbSYhWBNyUU2iHTCOf4GvSEFMgcteZhZyENfXI0NeI/fCyp5L PFkeQLqbY0vJRCtPNxFIputBYoXRgBGlLvCCQCmKLeDbOR+dorsmW4gQnt8KwKTV 99+B3TT1Q99hcirF6Ye2tLn7uEhyQi0TNj2Bl1SVN9JMAZh8JZbqvBygIkycj0/m Hiz5ezoQ/YSRzxS03bRdLSh6Eaog4qxKW6fn6yMDuscXjlktrCBrl6EmCvspl+N4 Dwa97tWcFXAN2TojnQ== =3iPg -----END PGP MESSAGE-----
> https://keybase.io/waynemarsh/key.asc
This is the key I used. It's the one you linked in your post. All I did was ctrl-s it to my desktop and import it using OpenPGPStudio.
https://keybase.io/waynemarsh/key.asc
-----BEGIN PGP MESSAGE----- Version: GnuPG v2
hQIMAzkk3vVPH0N8ARAAohe8eiLkUlTO8rJnLkJ2rSAMv9P/9GabEDK4skfHY05c yhSkThPL0uPOshl7D6kgRas1KF2ney44WStGcYR7rNbDjwNxHEmmZTGfcZxGVFvk KYjsE6aMg7Jox0JarvLu2zk2SQ/hGYGClEOqJNfH9yelSwEjX5jIvbKJycQF7a2x tJ/Fp6tB+pmz6C6nZw1NOilvFM1DlNojNnscsAxGoWYkbQT8IS11lZ6peFNRWvon SkywbbMLianwjpOn8r5S6tHG0aY8gL3mrodLZz98nwgC+pR9YyjT9DV6lG2GV0oq 2+d37ORbujpzwrrbhEe11HUtIDDQb+brXoMzFI9XxLBx5Gwv5HVm9OwZdjfpzrfg 7PI1WHl/Lwtama0ZeqpoP5xMwkTNpDD/rRX+DC2ULdAp27OxETFyCE9hClhaggDL nBZlp325xIFhbzvIKHXjxuFzVvDoTqcbNp9IQwJ1yLfy3dDCxNQjL7uf1WHegAUX VvFMiZNzh7bmM660jORUcOAT7wJkko+YVaHXDB0Jom7mggE6biekeswDv+LTUVmG Kf8U4GVG4QpiA1XRX+1fEpw0qiUvz98D6D9b0r6NIEUnFnCc6pg5+b77zLbIaSn0 Y/0/7hrcEAuR3eJEBVmF4pH3zR6HYq8E4DEytCG9H9+Dlpc6OG7iP8a+JcTvFdjS dgEk/t0WIaF//pbP/j378/RxrhoYsGsZ1ltZTWyvaOxBS0Erwy8qNtTl6z5jv222 Vlw5TXYF2Spm+PBe6SQXm/4TSldeVV/Hxf+xp3nK5l46Np8uBqjKi0QVFqeIR9ni 1XE6we5jtbw1k07NWczsoLDChbxlcbk= =3C00 -----END PGP MESSAGE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
+/u/dogetipbot 500 doge verify
-----BEGIN PGP SIGNATURE----- Version: Keybase OpenPGP v2.0.8 Comment: https://keybase.io/crypto
wsBcBAABCgAGBQJVS9vqAAoJEHT7j9M3/tdcd3gH/2EX2Nn89Tix7MjBjNu2UiHB qBdscSZW5+J5V1dBlG6q+8LOT7l8wTXwg1FjKH4Tn9QrTaQr6tvESsMTq1ETlGk8 +yIgsStbCtxwwFothts0rancEvr21DEMeLERv6bJZ75d7elSH2nQxGDsYXgCf9TS EGSc4ip5ppWrnCCaDfRY2TW2/sfzMk/WvcAz35dfP79iBcAlXBlg4vMZ4ok+AzeO 0oU291ASSLPDYFk2SMzDLCRns0dH6dQnEPePDYVGeIC5YdqkrPlT5ynkwgWakaLr mvLBoDBYk7ntDJx+JtCA6qb/ig0nAfzMjsizLXJsltgk3i5EoiNVyEOGijBZds4= =poC3 -----END PGP SIGNATURE-----
If you have TouchID enabled on the device, it will be used to store your master seed when 1) you create new wallet or restore from backup passphrase 2) or after you perform some operation with that seed (e.g. send some coins). In other words, the first time your secret data is used, it's relocated into TouchID-protected location.
What's exactly wrong with sending a payment? You can send me details to reproduce it to (PGP 6456F1F5C5432530; https://keybase.io/oleganza). The simplest is if you send me your passphrase (PGP-encrypted), so I reproduce the issue exactly. Of course, you should never use it again in the future and please don't send it to me if it has >$5 worth of coins.
0xD16B4CC5857D0298
69E7 EB65 1CB6 19DE 9153 3A2B D16B 4CC5 857D 0298
On the SKS KeyServer network, at https://keybase.io/sapiophile & https://ssl.reddit.com/r/publickeyexchange/comments/2cmfob/sapiophiles_public_key/
-----BEGIN PGP MESSAGE----- Version: GnuPG v1
hQEMA63TYp1uNB8YAQf/TensdpmgGKh7XDrMzgoRRZud/VAsfWPlWC7w6bQpyeDJ vFrPWgrIsckiDQIKUQlFAUuZ0G+kucn6wbNYsAsrdI0MyEhTZAcdjO7qVG7IGwlo qdJAu7u8H5xTHyPPNA4YAf7I97l0R/Vc9d6tZjACjv+PTPMn3v7gnS7a2Zh9+dT8 UkNQQpFaNBESVzbhcxEURzv8Z9wdVU24JgpKYryaHRV5qQTs3szkrPGiERpzgG/V yNTEFQsaHOs2hjzh9olIFSBSAz7KsNxZxz3C0TlrshfhN6NWGJwTbok1rMLdWXTS ewK7sUW1fvj1uJWgB5ZoP+IyODdrF/ssoigm+7EgIdLpASrQEAMKs2ZmgiUkj7qY /8odP8uMAAtujQH0Gjv8opNGNjihtfBB/1lI+CFAwdaprsDsJXZq2ric3jjz30R7 InBSSMfSBgvjnBrFSe9oqwYWTveWS7E4ckwxxIi2rYbZf+FbYsN+6qOIm17K4kJF xW+ovk1yblKyOR8h4tps30vcu5gBSGY1VlcvVldltT9s7tL+gwZBxcwUqXQV6WKk XlQlMCXHgvxFSpteUqv/5BO0M9tDQg8MEpasLCvVhiV3dkBL4Fz9PYo3555dOji3 LJFnagVwV4WnKw66gzM4S9P3b4RqsGfAGNWaoctSU6Dc+bjYhqifEJKXAvnLbmKS etFvQNid7orxgWZo7Mtiu9zK/zcpb30aG4OZPHIU/hsyXGm6dKQz75bAy6LxjtXM 4zutsPUbiAH0TA66WNxdoIwYTs3YKNrj8ZsM7T0eji4gZatiZS8ZCoctRWNeWGbG JxfdXMBL5EiDGF5ZBfbpLmtGgdNuAetQk/mYMpp4hGTftmfxI57lXkZkuN0cYg86 fHXPrF09PWGZWbjovGvKGZIAtbkf7ROe5eWuX5uv9+LdLMZYjQc/0jDqPrtlCj9a JtCXbaZexbmMPTigIZqNeHCbINq78t0FWSZkCiXvhs4MIs/YKagybRnCr3Nh+J0m DOdSA8B9EKWS9H2PhmdA5s3Ag56sPQMYcZxqvj8RPUODHbp8imToCUqteRcZfJi2 IaylKm9MflAGRikwFssjzEgd9eF6jTBnRo7hUf3xFz8Xm/wIdV51F5krX/1gzyg0 CuDKvTW0AARur3XWzG8BlrU5e052a/VnkG2hMNXSEOijIQ9MBJS08iZEoFL21TFH UdQOzvD2hyeRrJRcwMNMU9XB9p6igKwHEXg6r6bDuocPH6Vy+3ghohNV53F9QOWj +uKhBUiA5V4eCXptoxf5Gd/FQQD9JHvku/n7tFJpMFTjIKGvDxPh0HbD+v41rUGP dHoXorNnFt/aXswVlz0IvShFfXTxNGBT5W+3BSZB2bcev1B/tU2TmJvaHGLSKM2p J3ZFcYCBJrGfScEfUOpox3Y0b9JEHa4nXId7BdtGuwuOZ2OqnVMRs2i7+A5BSFvT +UAwnCzo =sB3t -----END PGP MESSAGE-----
My key is available on Keybase. And by the way, when you post your key, you should make sure that the formatting doesn’t mess it up (in the case of Reddit, put it in a code block).
Well, instead of having a huge-a** key signing party, you get a keybase account and prove it is indeed your key though your various social media accounts, like github, Reddit, and Twitter.
It's all about proving what your real key is, because anyone can make a key with your name and E-mail on it.
My page is here: https://keybase.io/metanova
Such a thorough, well thought through answer. The AMA proved unnecessary after the first post; but an ongoing discussion on these topics would be interesting to follow. I am sure there is one out there somewhere...
Pretty eye opening and kinda frustratingly obvious that the burden is put on the Service Providers and their interpretation of the hard rules. I respect the 'personal beliefs are often at odds with "best practices"' line, and appreciate the transparency and diligence.
Were your AML/KYC program staff and technology bought out of house, like as a service, or did Kraken hire/build one internally?
Identity is an interesting field. What are your thoughts on https://keybase.io?
I saw you at one of the SF Bitcoin meetups about a year ago. Keep Kraken going strong! Thanks Jesse!
I'd recommend finding a wallet that supports BIP32 (HD) and using it offline.
As far as the brain wallet is concerned, I'd avoid it or use Warp Wallet.
How to combine:
Overall, I think you are trying to reinvent the wheel, hopefully someone can recommend an existing wallet that pretty much does this for you.
When I try to verify yours in keybase.io/jonsimpson it also fails, says author is unknown. When I verify my own test message it says signed by terryg. I dunno? Can you verify this one on my page?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
It's awesome to see someone else using clearsigning for comments finally :) https://keybase.io/scuba323 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBAgAGBQJU2pBSAAoJEOhAqlqrUQWOorgQAKmpQ9r6xTA7oSkgW6jCXK69 msC0nZ6k/lRlUYoyJPd3mRiGVBjs2+BZz9M4C4lUCfNitkQKWnw8ZCeXpuJcdoIo ZPsajk3iuQtpIISGkWRyD4+1RUvVjsQVErB4Am+DMH7bXap+i8yn7fRlDzjzUPrb B+5PPzmxW2oftob1TsPvJFCvOmI2YjmJbHqhVWJ7c9v52bfw/QOUxWvWIDx32Y2j KNBUA+lxl0vuRT7oM/41397XkQ85+29psimxCb8HSIlisOPQq+NpS5cosuIlZAna PUfAh6v9l3f5voeq7SFyvOx1HJv94Tn+IyNMx0TIFMrTPJrPbWCzuQO8iJOHGJcy 2NSgHOehlUkFdI7FoVgMrUI/Qv2l92OdCPpHrhiZjetsCo+xbZCm1GcawRdLDNNn CpywR4O4PfLfZqL8GPALYIIg8bTqAt5jvqGlZmaN32KAiNoDZ7ZfVX5lvMiRsqWH ZMHf7yRfnCLzQw1F91+GjaDa5KpyVEs7irPEpvYrMhk5Gcd1d8Aw57XFxC6Wiatk js7LemnUZKQ8AjKj5KcauDgKR0n4dID5s56QedU0P8tpWCmN+lEUl4UcoZXrcVMn FqsXNdKOzLHyFiT0pbmnZFZXmmGuVleNUCPgyXBeRnhvKEWe8os/X2GLgoiaFndt tp9aoMLyh9KS9TU2z1OJ =Zi6u -----END PGP SIGNATURE-----
fair concerns. Lets see if this works:
It could be more of a bitcoin address database, with those bitcoin addresses signed (lets say, using GPG, and with an account per project at https://keybase.io). You open gratifi, and then a list of sliders and percentage for each package you have installed appears, and you select the percenteages, which get saved to a conf (encripted to you possibly).
The only solution I can think of is repeatable builds for packages, signed by the developers, ala Android*. With the developers doing nothing but just signing the packages (which they need just to ship them), gratifi can hook up to the package manager and list all the signatures for donations.
It also provides incentive of package signing on the devs, which is good, and what we want, as is better security wise.
*I have to say that I love Android's way of distributing software, minus that it does not have repeatable builds. You just trust the first install of the app (by google play, the devs webpage, or copy pasted from other device) and then, as Android refuses to install an app with the same url but unmatching signature, you are quite sure you are getting what you want, and the medium to which the app arrives to you doesn't matter at all. It takes the security burden from the distribution to the developers, which distribute 1 package only. And the distribution can continually check by building packages from reviewed source snapshots (remember, repeatable builds) if the devs are misbehaving or not.
Edit: about reproducible builds in debian: https://wiki.debian.org/ReproducibleBuilds
You seem to know your stuff. I wonder if CB uses a different algo. It seems silly to assume.
You should take a crack at the warp wallet challenge, I would be curious to hear if you can get it (at the bottom):
I do not trust myself.
To me, offline storage should NOT be encrypted. If you encrypt something, you might as well share it with the world. (Make sure you encrypt offline though).
My plan is to diversify, that is, to divide my holdings into:
This allows me to spend any of my coin without going to the bank and if I forget my passphrases, I can just go to the bank.
Write up the contract on a computer, and using a piece of software like GPG, the two of you sign it.
To verify the signatures if it ever goes to court, they look up your public keys from a database of public keys like https://keybase.io/, and use GPG again to make sure it matches the signatures.
Obviously, that depends on people creating and publishing their public keys, and then protecting their private keys sufficiently well. That's both a security and usability problem that hasn't really been solved yet.
I'm really looking forward to this. As far as it seems this could end up being the project to go for linking off-chain and on-chain objects or events. And it sort of reminds me of what keybase.io seems to be doing:
> (1) each user has his or her own signature chain that grows monotonically with each announcement;
> (2) the server maintains a global Merkle Tree that covers all signature chains; and
> (3) the server signs and publishes the root of the Merkle Tree with every new user signature
You'll only lose your money if your entropy sucks or you leak the information source(s).
Also, not all brain wallets are created equally: https://keybase.io/warp/warp_1.0.6_SHA256_e68d4587b0e2ec34a7b554fbd1ed2d0fedfaeacf3e47fbb6c5403e252348cbfc.html
https://blockchain.info/address/1AdU3EcimMFN7JLJtceSyrmFYE3gF5ZnGj
Warp Wallet has had an unsalted, simple alpha-numeric 8-digit password protecting 10 btc (with another 10 btc waiting for the winner) since last November. They perform a ton of key stretching using PBKDF2 and Scrypt to achieve that result.
Not all brain wallets are created equally: https://keybase.io/warp/warp_1.0.6_SHA256_e68d4587b0e2ec34a7b554fbd1ed2d0fedfaeacf3e47fbb6c5403e252348cbfc.html
There's a 20 BTC challenge up that is protected by an unsalted 8-character password. It's been un-broken for nearly a year now (since 2013-11-19).
https://blockchain.info/address/1AdU3EcimMFN7JLJtceSyrmFYE3gF5ZnGj
There's always GPG encryption. If you need to talk about something privately, make a GPG key (or find someone who can give you an invite to Keybase, which makes it really easy), get them to do it as well, and then you can encrypt and send messages safely. Keep in mind that Reddit's message formatting ruins GPG messages so you have to put four spaces before each line so it looks like this
.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
such sign. very /r/pcgaming -----BEGIN PGP SIGNATURE----- Version: Keybase OpenPGP v1.0.5 Comment: https://keybase.io/verify
wsFcBAABCgAGBQJUKMijAAoJEFkwxoVAMPzXz8kP+wUAT9ifbkLPwOO6GsPtqC3Y 2yDWmpVRQl0a/U3V8sdOdgNAAcZVg5dO4q2t9K7UNctIoWwoIOvBlSh1/HnCXsEE EHmGIq0JXKbsES53H8J2ufwHyJWr5nvvV5reuVBs5929bwWsrgl8X2mHw8DEOszQ pFGfRqtjKurIuht8nYcJfoooH1XLqsftwUh4u5vsOdfId4BZLd8nvt9xI0d14fi9 sAVpmHA+HqIc2US4q2tBkNq6Zl3CeGlocPVJwJlN5P3/1Kr0H5AqUy+VsNizrfOq j51xZRJ2r5BLoyt5afSRfznDmhytRd2hREDujMkmmGJgBGLCMXeXt/juSUbKXujM WKPHiYExUhBdmUjSt8eFsBjl+PT5Lr5DD8JxnxFdyH69sWkHIGV98vqwYFUiHAEg 0zTH+vfVJv1TDbS44UcM/k5S8NrifLYQos55xyz+yKt6fnRPIwLm6VBqUlVCIt3x boFZ74vcNRgOBLEaiXG25i4HtTSnFf+Xvh6lWYESVOsMI8Idv+erGEnxkf04a8vr kWS8RPrrtD1jpX38+tCxwcrKPd3Cxln7vyBDLLxSRcPhVuj4mLZ1hUvfOQjSbdtS p+tjj0Ai4vkzp8MQeSttzT93ZbDB05iCdzJ3rOp8zvwocczvVzWFxw395qWlsBF9 XkCn90aGWz9Aa6myqePh =Ch+6 -----END PGP SIGNATURE-----
asdfga asdfasd -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
testing -----BEGIN PGP SIGNATURE----- Version: Keybase OpenPGP v1.0.5 Comment: https://keybase.io/crypto
wsFcBAABCgAGBQJUG7sFAAoJEFkwxoVAMPzXAmUQAJp5bnQ2OvxmRlFd4FKcfMDF 56kq531wK1BJRc0WS/mCJfE+OhrKlnNobUt6xKkU/9kNA3kbPotqQ/eCoqAm5GfB KZ/WoJkQv1A9sg/wgHCN+IV+XIc+/yVdp3oxateC+kYLTO/77IX/AUvpRx/p5lUi MbOuI/hsUb2MvUbufQF3Ut8QWUhpc/chwJDgSCASQWHSMgQvC5pXqGwpfnJbWo7H Rg88ZgzMv39DqNuImNivWBS095pqAyjo++ArWlg2MBtkPdODGzpEZ/nDcJznQRL8 2TBkW2tl446kqV+2gohPQ+eDQDBjGY5D6w34+LB89FMML9DH7+mee4dAbWgxlw1G f6kBHy1izTNxjwkRLPsC4m2T4AsxMNr3t1B7pZArWMYDSh62/w9IG7QcYs7nSPN/ 0I66HARibQTw1mfHrYFqtkH1buytUDC6vDqdGUeGMoDQCJ/Oy95xpKukSttbgaAv 8nVfMcN6BsAujBM7lUEmxjPDy+DEn7bKxv1wS9+e8uF8R89KKCzE7foIyO4yUaVf Z3NCxOaB0rvC/wJ2c8OzsHrKpxtj8Lgefs7knrlDECubAcXfxcxW2/5ckXq0VjGj kKCBdnYmKQobvQkqvltSwdezj3SUMw3zaF4lElN576RzLLI1zuBBfh0DcfqlnVGO lyLJ8E28KneAy48lTERV =8TcI -----END PGP SIGNATURE----- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
nasdfklnasdl -----BEGIN PGP SIGNATURE----- Version: Keybase OpenPGP v1.0.5 Comment: https://keybase.io/crypto
wsFcBAABCgAGBQJUG7sfAAoJEFkwxoVAMPzXsF8P/3Xvp5H/qo49wfR0zsFuy4zM ASRkz/kTQqmFulAy3KPF/Yw9Ar7IzSSoP9k+8FsxILvIA3abMctxUX/8ji2UqnxX D5wMzOqPhYtXx/uLB4tzuyUpf2cHutXfsK62hgVYXKOHrQWAeKgicxr/g6XJ+n8z xizNHs/AW/2e1MF6Heqnc0Vn1AeiWNJm0rk+DalXegcm58E86WQAF6CkB0jFPEEE PoevLr//Ue+CqgcTj08dW3beYS0eIR0AZA4OffJFZBO52i93LBssLfLFqAbxQk9C QDoTF9HWyqiD6bBJRq+Szzm45/KFTLVSvZfrxjgm/bdFa4aSoBaJL8oob4wImSwJ O8tgk9PwVnWzrw6CaWxb5A8xtCb26xd7fF44FCCf93QTMarvkGvppeR5PuntP/e1 MiI9Mg1Lg2CfAgR6lbCq5+pcu9sYZfvG3TjizplUX21+pg6hCvi/Uck18HQHBN1s NJBc2w6BoIBDWADcsmS5wY2yB67I1QzbigN5/+88X1+RntOl/gIGfji1BwMBS6UI 6prGDbS3Rw3nHUtRGuOY5FRlXEDf/xUdzzrtdVs7FrBAe20Ss7N9KcCKiw6MwPCG 6WzKNFa3dfTPIHXMw0QFpyGOChdHoupx62+/EaZFwKRS65BHOk+Wnd0IHH1EFYLN B/BybcBHtxsgZau7cwuI =Cict -----END PGP SIGNATURE----- asdgasd