Pages:
Author

Topic: THIS IS THE REAL MOREIA!! PLEASE HELP ME!!!! (Read 6763 times)

member
Activity: 98
Merit: 10
https://keybase.io/serge_v
January 05, 2015, 04:30:42 PM
There really isn't a way to protect against thermo-rectal cryptanalysis on full disk encryption Smiley You're just as vulnerable with a laptop or a smartphone.

There is only one protection from this special force - MultiSig: parties involved in escrow will never sign improper tx.
hero member
Activity: 882
Merit: 1006
This will not protect from human error, physical compromising (soldering iron in the ass) and from disappearing of agent/service...

There really isn't a way to protect against thermo-rectal cryptanalysis on full disk encryption Smiley You're just as vulnerable with a laptop or a smartphone.
member
Activity: 98
Merit: 10
https://keybase.io/serge_v
One major problem is that a phone is very easy to misplace/get stolen. This would potentially make it easy for a potential attacker to direct people to send funds to an address not actually controlled by redsn0w if he were to put down his phone for even a few seconds too long

That is right! Only need to make correct conclusions... Wink

Smartphones have full disk encryption now adays. If you've turned it on and are using a strong passphrase and a strong lockscreen passphrase you'll be pretty protected from physical thefts. Additionally PGP keys are usually encrypted with a passphrase when not in use.

This will not protect from human error, physical compromising (soldering iron in the ass) and from disappearing of agent/service...
full member
Activity: 126
Merit: 100
I don't know of any apps that can sign, encrypt, decrypt and verify pgp messages. Even if there was one most apps are not open source so it would be hard to make sure it is not leaking your private key somewhere.

Additionally any address generated on a phone is inherently not a "cold" address

APG (free and open source under Apache2 license):
https://f-droid.org/repository/browse/?fdfilter=apg&fdid=org.thialfihar.android.apg

GnuPG (free and open source under GPLv3, currently alpha):
https://f-droid.org/repository/browse/?fdfilter=gpg&fdid=info.guardianproject.gpg

OpenKeychain (free and open source under GPLv3):
https://f-droid.org/repository/browse/?fdfilter=pgp&fdid=org.sufficientlysecure.keychain

Android OS sandboxes apps, so a malicious app cannot read any stored data belonging to another one. This means the only way for a malicious app to steal your PGP private key is if you give that app root permissions or there is an unpatched exploit in in your version of android that the malicious app uses. This greatly reduces the risk of storing your PGP private key on an online device.

I still do agree though that it would be best for an escrow provider not to be running their service from an android device.
If you were to give your private key to one of these apps then if what you are running is malicious then it has your private key and can use it at it's will.

He also did not specifically say that he was using an android device. Although a quick google search did find a few iOS apps for PGP encryption.

One major problem is that a phone is very easy to misplace/get stolen. This would potentially make it easy for a potential attacker to direct people to send funds to an address not actually controlled by redsn0w if he were to put down his phone for even a few seconds too long
full member
Activity: 126
Merit: 100
What conclusion from this story can make everyone? - Never trust to the third party (YOU DO NOT NEED TO DO THIS!!!), use MultiSig transactions escrow for valuable things, only this can protect You from third party error...

If you had checked this thread. you would have seen MultiSig could not have prevented this. It was a simple, and costly, oversight from redsn0w.
I am actually surprised as to how many people were using him as escrow in the first place. I saw him setup an escrow transaction from his phone (at least that is what he was saying he was doing). I highly doubt that he would be able to maintain sufficient security nor would he be able to PGP sign any message from his phone
Well it's possible to do, we don't have nokias 3310 anymore Smiley it's called smartphones with smart apps.
I don't know of any apps that can sign, encrypt, decrypt and verify pgp messages. Even if there was one most apps are not open source so it would be hard to make sure it is not leaking your private key somewhere.

Additionally any address generated on a phone is inherently not a "cold" address
member
Activity: 98
Merit: 10
https://keybase.io/serge_v
I am actually surprised as to how many people were using him as escrow in the first place. I saw him setup an escrow transaction from his phone (at least that is what he was saying he was doing). I highly doubt that he would be able to maintain sufficient security nor would he be able to PGP sign any message from his phone

Well it's possible to do, we don't have nokias 3310 anymore Smiley it's called smartphones with smart apps.

Funny trolls. Where are You? Grin
member
Activity: 98
Merit: 10
https://keybase.io/serge_v
What conclusion from this story can make everyone? - Never trust to the third party (YOU DO NOT NEED TO DO THIS!!!), use MultiSig transactions escrow for valuable things, only this can protect You from third party error...

If you had checked this thread. you would have seen MultiSig could not have prevented this. It was a simple, and costly, oversight from redsn0w.

You are wrong, I had checked this thread carefully. In case of using MultiSig (example):

1. Moreia want to loan 0.8 btc from lihuajkl and will provide own acc. for collateral.
2. redsn0w creates 2-of-2(3) MultiSig address from Moreia and lihuajkl public keys.
3. lihuajkl sends 1.6 btc to MultiSig address.
4. Moreia transfers his acc. to lihuajkl after tx completion.
5. redsn0w prepares 0.8 btc tx from MultiSig address to Moreia.
6. lihuajkl and Moreia check and sign it, 0.8 btc goes to Moreia.

lihuajkl is responsible for security of Moreia acc., in case of failure he can lose 0.8+0.8 btc.
Moreia is interested to return 0.8 btc, otherwise he can lose his acc.
redsn0w is interested to be everything smoothly because he can lose his 1% fee and reputation (funds can be returned back via private keys input).

7. Moreia returns 0.8 btc back to the MultiSig address.
8. After tx completion lihuajkl returns acc. back to Moreia.
9. redsn0w prepares 1.6 btc tx back to lihuajkl (-1% to redsn0w).
10. lihuajkl and Moreia check and sign tx, 1.6 btc goes back to lihuajkl (-1% to redsn0w).

Everything is secure. Everyone is happy in any possible situation.
legendary
Activity: 966
Merit: 1000
What conclusion from this story can make everyone? - Never trust to the third party (YOU DO NOT NEED TO DO THIS!!!), use MultiSig transactions escrow for valuable things, only this can protect You from third party error...

If you had checked this thread. you would have seen MultiSig could not have prevented this. It was a simple, and costly, oversight from redsn0w.
I am actually surprised as to how many people were using him as escrow in the first place. I saw him setup an escrow transaction from his phone (at least that is what he was saying he was doing). I highly doubt that he would be able to maintain sufficient security nor would he be able to PGP sign any message from his phone
Well it's possible to do, we don't have nokias 3310 anymore Smiley it's called smartphones with smart apps.
full member
Activity: 126
Merit: 100
What conclusion from this story can make everyone? - Never trust to the third party (YOU DO NOT NEED TO DO THIS!!!), use MultiSig transactions escrow for valuable things, only this can protect You from third party error...

If you had checked this thread. you would have seen MultiSig could not have prevented this. It was a simple, and costly, oversight from redsn0w.
I am actually surprised as to how many people were using him as escrow in the first place. I saw him setup an escrow transaction from his phone (at least that is what he was saying he was doing). I highly doubt that he would be able to maintain sufficient security nor would he be able to PGP sign any message from his phone
legendary
Activity: 1050
Merit: 1000
What conclusion from this story can make everyone? - Never trust to the third party (YOU DO NOT NEED TO DO THIS!!!), use MultiSig transactions escrow for valuable things, only this can protect You from third party error...

If you had checked this thread. you would have seen MultiSig could not have prevented this. It was a simple, and costly, oversight from redsn0w.
member
Activity: 98
Merit: 10
https://keybase.io/serge_v
What conclusion from this story can make everyone? - Never trust to the third party (YOU DO NOT NEED TO DO THIS!!!), use MultiSig transactions escrow for valuable things, only this can protect You from third party error...
legendary
Activity: 1778
Merit: 1043
#Free market
Maybe one day I will "restart" my escrow service but not more for deal that involved forum account .
full member
Activity: 196
Merit: 100
Hi
How is your inquisition going redsnow?

I think all is resolved now.  Mine it was only a mistake , but now  I've paid my error ( and i don't provide anymore my escrow service here).


*redsn0w  not redsnow /thanks.
I am not sure if not being escrow anymore if really paying for your error

I think he has paid for his error, he lost a lot of the trust the community had placed in him, his decision to stop escrowing is a result of this. In the end, the account was recovered and no one actually lost anything of value, I'm not sure how else you think he should be "paying for his error".
This is not entirely true. He says he is no longer escrow
I do not make anymore  as escrow for the community due to my stupid mistake. Thanks  to all you guys , when moreia will repay the loan I will send him the access data of his account.
However this is not the case.
Hello redsn0w
As you stopped your escrow service will you continue for this site?

Thanks

Yes I will continue to manage this signature campaign , if the admin of the site want (I think it is not a problem).
He is also apparently escrowing the prize for the auction crypro signature contest as per this thread
People are still recommending and asking to use him as escrow publicly. He still is publicly rejecting these requests.  
hero member
Activity: 908
Merit: 657
How is your inquisition going redsnow?

I think all is resolved now.  Mine it was only a mistake , but now  I've paid my error ( and i don't provide anymore my escrow service here).


*redsn0w  not redsnow /thanks.
I am not sure if not being escrow anymore if really paying for your error

I think he has paid for his error, he lost a lot of the trust the community had placed in him, his decision to stop escrowing is a result of this. In the end, the account was recovered and no one actually lost anything of value, I'm not sure how else you think he should be "paying for his error".

Yes for my stupid mistake I've  almost ruined my reputation here , anyway that troll  has been a very "bastard".

Your reputation isn't ruined, in my opinion, you're still pretty much as trustworthy an individual to trade with as beforehand. All this incident does is reflect negatively on your competency as an escrow, which you addressed by closing those services.
legendary
Activity: 3318
Merit: 2008
First Exclusion Ever
How is your inquisition going redsnow?

I think all is resolved now.  Mine it was only a mistake , but now  I've paid my error ( and i don't provide anymore my escrow service here).


*redsn0w  not redsnow /thanks.
I am not sure if not being escrow anymore if really paying for your error

I think he has paid for his error, he lost a lot of the trust the community had placed in him, his decision to stop escrowing is a result of this. In the end, the account was recovered and no one actually lost anything of value, I'm not sure how else you think he should be "paying for his error".

Yes for my stupid mistake I've  almost ruined my reputation here , anyway that troll  has been a very "bastard".
You see now how easy people here make it for random trolls to destroy everything in their path?
legendary
Activity: 1778
Merit: 1043
#Free market
How is your inquisition going redsnow?

I think all is resolved now.  Mine it was only a mistake , but now  I've paid my error ( and i don't provide anymore my escrow service here).


*redsn0w  not redsnow /thanks.
I am not sure if not being escrow anymore if really paying for your error

I think he has paid for his error, he lost a lot of the trust the community had placed in him, his decision to stop escrowing is a result of this. In the end, the account was recovered and no one actually lost anything of value, I'm not sure how else you think he should be "paying for his error".

Yes for my stupid mistake I've  almost ruined my reputation here , anyway that troll  has been a very "bastard".
hero member
Activity: 908
Merit: 657
How is your inquisition going redsnow?

I think all is resolved now.  Mine it was only a mistake , but now  I've paid my error ( and i don't provide anymore my escrow service here).


*redsn0w  not redsnow /thanks.
I am not sure if not being escrow anymore if really paying for your error

I think he has paid for his error, he lost a lot of the trust the community had placed in him, his decision to stop escrowing is a result of this. In the end, the account was recovered and no one actually lost anything of value, I'm not sure how else you think he should be "paying for his error".
legendary
Activity: 1778
Merit: 1043
#Free market
How is your inquisition going redsnow?

I think all is resolved now.  Mine it was only a mistake , but now  I've paid my error ( and i don't provide anymore my escrow service here).


*redsn0w  not redsnow /thanks.
I am not sure if not being escrow anymore if really paying for your error

At the end it was an error but all was resolved , so I think it is more secure don't offer anymore my escrow service.
full member
Activity: 196
Merit: 100
Hi
How is your inquisition going redsnow?

I think all is resolved now.  Mine it was only a mistake , but now  I've paid my error ( and i don't provide anymore my escrow service here).


*redsn0w  not redsnow /thanks.
I am not sure if not being escrow anymore if really paying for your error
legendary
Activity: 1778
Merit: 1043
#Free market
How is your inquisition going redsnow?

I think all is resolved now.  Mine it was only a mistake , but now  I've paid my error ( and i don't provide anymore my escrow service here).


*redsn0w  not redsnow /thanks.
Pages:
Jump to: