DrugHub login process suspecious - would like second opinons : DarknetMarketsNoobs | Torhoo darknet markets

Lmao. Do some more (well a lot more) research. Until you do use a different market, you will avoid lots of grief.

What are you paranoid from depositing 500 xmr? You overshot the moon. Keep your private key.....private.

The big problem with Drughub is the inability to speak to vendors

[removed by moderators]

You're tripping. DrugHub is actually pretty secure in their approach, probably the most out of any market right now?

The invoice based system means your money is never really sitting in a hot wallet for too long, this reduces the risk of loss of funds for people who for whatever reason leave money on markets in the case of an exit scam, hack, LE, whatever.

The login system is perfectly fine in my opinion, it skips the bullshit of making up usernames and just relies on your PGP. You could argue that having usernames, pins, etc would make it less likely LEO could get into a vendors account if they were to make a bust, but if they have the vendors PGP I feel like they're probably gonna squeel on markets, their username, etc anyways so it's not a huge concern for me. I've never used the recovery system on any of these websites, I know usually its a seed phrase but I'd imagine having the PGP key helps too. All this to say nothing about the login is increasing your risk of anything.

You might say I should check the username and profile data after logging in, I think its possible to proxy a login and display the correct information and marketplace while also changing the wallet address. I will always encrypt my messages outside the marketplace but it does stop wallet address substitutions.

I don't know what this even means. Nobody can falsely sign a signature with your address, invoice, etc, using the drughub master key aside from drughub, there is no secret attack, if there was PGP is useless as fuck. If you just verify messages/signatures like you should, even if you do get phished somehow, you can at least realize it and get a new URL / account.

If (big if) you understand how PGP works, so as long as you trust the key of the Drughub .onion URL you are connected to, your whole question/suspicion (suspEcion?) makes absolutely no sense.

I suggest you read up on how asymetric encryption works. You're not exposing your private key. It is not possible to "calculate" your private key even if anyone were to snoop all of the public key, encrypted message and the content of the decrypted message. At no point during this process is your private key exposed.

I think? your saying... that because you volunteer your public PGP key, it could be anybody on the other side sending you false verification via a PGP-encrypted message. Which is possible I guess. The safeguard against this has already been gifted to you my son. The address you use to connect MUST be verified by YOU, using their provided, and most importantly, legitimate certificate, aka the Master Key. If you can verify the link then you should be good.