This has been a pet project a few friends & I have been considering. One of our guys here is already on it to some degree. I've got a contracted site to finish real quick before I can move on to other things but I'd love to help.

TOR is a given but you'd be just as well using 4096x4096 RSA crypto convo's over it as opposed to plain text.

I'm sure most of you know how to use strong crypto by now but just in case, here's an illustrated PGP tut I made way back describing the situation of the time. It's old but wtf, it's applicable.

Here's the original thread detailing people's questions & answers for the sake of brevity here. http://forums.lycaeum.org/index.php?topic=17417.0

Of course you can use other equally strong programs if you're running linux, GPG etc.

First, get PGP & Install. During install, you'll encounter the Key Generation Wizard. Do the following: Select the SHA-2 512 hash as your preferred & make sure 4096x4096 is TYPED into your key size field as this is not a default size option. Select AES as the cipher. Expire your key as desired. 5 years or so is fine. Less if you want to be real paranoid.



After generation, highlight your key and click on its properties. Make sure it came through as selected.



Digital signatures: This is usefull for plaintext transmissions as it verifies your message's authenticity and that it's not been intercepted/changed. This is where your hash selection comes into play. Also, it determines your key's "fingerprint" as you can see in my signature at the end of my posts & in the pic above. You don't have to manually verify the digital signature in a message if you configure your PGP correctly. It will automatically verify it for you. It adds a bit of extra shit to your message but it's worth it.

You can request a certificate from your IT system admin when you submit your public key in order to get your key stored on your work email key server and your digital sig automatically appended to your email. Alternately, you can enable hot keys in PGP and just Ctl+Shift+S to scan your message, hash it, generate your digi sig for verification (all of that is automated) and enter your passphrase to sign the message. It will appear as so:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Encrypted Chunk O' Message goes here......... Blah blah blah... .

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.5 - Enterprise license

iQIVAwUBRMkg1MuGnTghtvTHAQoT1A//ZXuJWxzXUUTUqUtBTZG9yQt8UQWfYI1D
bxYWI0FKEnNpmOaAATNEjuyLqjQlCO2YAmzpZYq8OT4DMKqzefZMoWBF/4aLS+xc
cB3ImIlfivmg9zKv+hSmOGgo0XqQB6jECIIwrroDtiavEWDgSngSktb65ljhSUV7
jkv5N4mygI6r8sxPdBR0HFJiVrvhVVHZ64p2Zzr4PpVhedXskQlPRh/yebulGc0R
2JxpIck0LdExcraRvjt1rD6KX/06Xr+ODsrnTbqWwnIIEvfZHFakFPw4WShSyLCU
2MDPQ8kV9I7BEyoRlpqStNKbCJjAQ+PhSsLGRoGP4F+BVlmf2hPQcTGWddqTv7Ft
3wyt44kOX1FTKE7e5vATRj+7vH8nxjQVF/9yGm398J+5/rgpZVEt3uc+BTnxYeUr
YcRtQpy38JmsgYK0hFNeTItenLXEREUznluzs4JZKDLTs2Nj42BOatbvhPhpQ7xK
L556J+FzuIerwEj27IccVY9ldKXT7rBr42tLptcEaJFeKO9x8U/+8Yyxom73+YBb
aIJY3dbMV4TLo9xj5CAFdulfR60otNZ8N7p9jKx0/7fxU4NlYRyfrdlb0lBjDNku
2+4AF5JNi5b1IbyBjHordBy1Yl7yEu8NDfMLFzD1/XMGbOrbgi0MuB8rro91kH/l
JbjVAWdSL6c=
=dCPP
-----END PGP SIGNATURE-----

This voids the "man in the middle" attack on your info.

SR was running unpatched for a long time...    though, they eventually got it fixed-up. It was fun to play with the internals of it while it lasted, but that was a quite some time ago.
I am all for a TOR-only version of this site, and an optimized version (I know it is minimal already, but think about it).

My interest isn't really into getting *This* site to be ran on a Tor server.
I just want to make a distribution of a secure Tor server to make it super easy for individuals to setup a tor server properly to create Hive/Vesp styled tor sites, more silkroads, and anything else that helps the spread of knowledge and substances.

@WizardX -- How big of issuer does 4096x4096 RSA SSL cause for server performance? Wouldn't the trade off be worth it?

@WizardX -- How big of issuer does 4096x4096 RSA SSL cause for server performance? Wouldn't the trade off be worth it?

RAM, CPU, and cache tweaking helps server performance. The http://127.0.0.1 cert is Size: 256 Bytes / 2048 Bits, PKCS #1 SHA-1 With RSA Encryption.

Yes go for it.

It seems like a lot of us here are also interested in computers and I honestly would not mind creating a section specifically for the discussion of computer science and how it relates to the law, or to drugs and the things that surround the culture - but I'll wait on this and until now Law & Security can have most of the technological discussions.

awesome!

didn't i start a thread about exactly the same thing here not too long ago, or was it at the-collective?

my machine here is all available and running *nix and pretty fuckin secured, me being a security geek and all.

and i am totally up for it.

i'll start looking into it soon as i overeat on beetroot and mayonaise and the apple struddel my mom is seducing me with.

tox, you say you've gotten j. into this?
has he been working on a similar thing?

Sounds like we could build a pretty good group of interested individuals with this project.

My dream/goal is to eventually make this an open source Tor server to make it readily available.

Yeah, I would be up for that, though I'll need to get an IRC account
Also I really do not have much to offer at all.

Kinda related/interesting: http://thehackernews.com/2011/11/new-apache-reverse-proxy-flaw-allows.html

im rather thinking something along lighttpd or ngnix than apache, tell you the truth.

both lighttpd and nginx are open source too.
reddit runs on the former, the latter was developed by russians for the purpose of running their rambler.ru on it.
it is just that they are faster, lighter and accent on performance, while apache is a bit cumbersome in comparison.
but actually, it matters little weather it is apache or any other of the popular open source web servers.

SSL was badly compromised not too long ago, one fix is to use a stream instead of a block cipher.
but let's start with the beginning - where would that be hosted?
as i said, i'm OK with hosting it from my home.
that's bulgaria.

let's just make an irc channel and discuss this in more detail so we/i can get started, i really wanna pull this one through (unlike most my 'projects' that i usually abandon halfway).