News Feed
  • DrugHub has agreed to fully refund all users who lost money in the SuperMarket exit scam.  
  • Retro Market has gone offline. Circumstances of the closure unknown.  
  • SuperMarket has closed following an exit scam by one of the admins.  
  • The admin of Incognito Market, Pharoah, has been arrested by the FBI several months after exit scamming.  
  • Silk RoadTorhoo mini logo
  • darknet markets list
  • Popular P2P exchange LocalMonero has announced it is closing.  

Important: For Vendors and those serious about OpSec | The Security of Your Private Key : OpSec | Torhoo darknet markets

For Vendors and OpSec-Oriented High Risk Persons
/u/Pills4You
2 points
1 year ago
Thanks for this crucial bit of information. All large vendors should heed this advice.
/u/HeadJanitor 📢 ۩ 𝓜𝓘𝓐 ۩
1 points
1 year ago
Thank you, /u/Pills4You. I rather tell them NOW, than when it's too late.
/u/Pills4You
1 points
11 months ago
We most assuredly agree with you sir. Safety comes first in this business.
/u/HeadJanitor 📢 ۩ 𝓜𝓘𝓐 ۩
2 points
11 months ago
Absolutely. We have to keep you safe to keep this going.
/u/Pills4You
1 points
11 months ago
Its genuinely appreciated
/u/HeadJanitor 📢 ۩ 𝓜𝓘𝓐 ۩
1 points
11 months ago
Any way I can help ...
/u/mcclayton P
2 points
1 year ago
Great post man. Super important nuggets up above. /u/HeadJanitor.....a valued asset for for sure.
/u/HeadJanitor 📢 ۩ 𝓜𝓘𝓐 ۩
1 points
1 year ago
Thank you, /u/mcclayton. Keeping it tight!
/u/newbieforever2018 P "You've got ★bail★"
2 points
1 year ago
If armor is omitted they could fall victim to suicide drones from malicious actors.



Excellent topic!!!
/u/HeadJanitor 📢 ۩ 𝓜𝓘𝓐 ۩
2 points
1 year ago
Thank you, Sir /u/newbieforever2018

Now your harems can't PGP you securely.
/u/newbieforever2018 P "You've got ★bail★"
1 points
1 year ago
They are safe. I keep them in my VeraCribt.
/u/b1ankface P 🌿🚬(. 人 .)🍹
2 points
1 year ago
Excellent you deserve a cookie! 🍪
/u/HeadJanitor 📢 ۩ 𝓜𝓘𝓐 ۩
2 points
1 year ago
Thank you, /u/b1ankface. Chocolate Chips are actually my go-to.
/u/DrugMahal
2 points
1 year ago
Thank you for the Gem above:

Question: Printing private key or Secret Key on paper, is it a good practice ?

Besides the paper ending up in wrong hands, where do you see threat points that can weaken the chain of data flowing from:

Tails on PC > New USB > New Laptop > Printer. ?
/u/tryingtoformanopinion
1 points
1 year ago
Read EFF's report on printing dots. DO NOT PRINT ANYTHING IF YOU WANT TO STAY ANONYMOUS/only print something from printers which you can pay for with cash/XMR and have good opsec around from identification mechanisms like cameras and KYC.
/u/DrugMahal
1 points
1 year ago
Yikes! Thx u
/u/HeadJanitor 📢 ۩ 𝓜𝓘𝓐 ۩
1 points
1 year ago
/u/DrugMahal, after a life experience that I had I believe in writing the passphrase down on an index card without referring to what it is and placing it in your favorite novel.
/u/DrugMahal
1 points
1 year ago
It is indeed a life saving tip. As long as my memory serves me down the line of age.
/u/HeadJanitor 📢 ۩ 𝓜𝓘𝓐 ۩
1 points
1 year ago
Definitely, we forget to factor into the equation the possibility of forgetting.
/u/JosephStalin
1 points
11 months ago
Greetings comrade

This reminds me I once stored money in an object. And forgot that I put it there for many years. I was moving the object once and then complained why it was so heavy. It was a funny surprise when I inspected it.
/u/DrugMahal
1 points
11 months ago
I had a similar experience finding a wallet.dat on a USB stick. Didnt know my pupils can dilate so much hihihi
/u/Amphora Scam Detector
2 points
1 year ago
Crucial information for the security-minded invididuals on Dread. Thank you once again for your incredible contributions!
/u/HeadJanitor 📢 ۩ 𝓜𝓘𝓐 ۩
1 points
1 year ago
Thank you, /u/Amphora
/u/SimplySteroidsPR
2 points
1 year ago
>gpg: encrypted with 1 passphrase

Is there a reason to use gpg over gpg2? I'm by no means an expert in crypto, but I assumed a newer version would be preferred.

Also, here's a little cheatsheat for gpg.

https://paste.daknob.net/paste/N3W2uqQKI0eTbIbm-V1uZt_IN8K93hCEvgp8wLdP8Fo
/u/HeadJanitor 📢 ۩ 𝓜𝓘𝓐 ۩
2 points
1 year ago*
GPG2 is sort of like a dummy transitional package that provided symlinks from GPG2 to GPG.
They don't interfere anyway.

GnuPG 2.0 is a redesigned version of GnuPG. GPG is the standalone version.

The GnuPG2 package pulls in quite some more libraries which are currently only of priority "optional" and made things more difficult.

The major difference came into play with GPG 2.1

https://www.gnupg.org/faq/whats-new-in-2.1.html

In short, GPG is the answer.
/u/CaptainGoldMelt
1 points
1 year ago
Life saver with the cheat sheet!
/u/0x7fff3e4d1d74
2 points
1 year ago
Hi,

I love this guide too, which separate keys based on key capablities.
The master key extraction on Yubikey can seems overkill and OFC you can mix and match based on you OPSEC requirements.

hxxps://github[.]com/drduh/YubiKey-Guide

Sorry if it has been already posted on /d/Opsec.

Happy sysadmining and stay safe everyone.
/u/HeadJanitor 📢 ۩ 𝓜𝓘𝓐 ۩
1 points
1 year ago
/u/0x7fff3e4d1d74, the YubiKey-Guide is awesome. I just bookmarked it. Thank you for sharing it. You can always post URLs at /d/OpSec
/u/Hourglass P
2 points
1 year ago
What would dread be without your excellent posts.....

Great as always! Cheers mate :)
/u/HeadJanitor 📢 ۩ 𝓜𝓘𝓐 ۩
1 points
1 year ago
Thank you, Sir /u/Hourglass
/u/Byt3s
2 points
1 year ago
Great post and much-needed reminder for everyone! You've hit the bullseye once again.

Keep up the awesome work, friend!
/u/HeadJanitor 📢 ۩ 𝓜𝓘𝓐 ۩
2 points
1 year ago
Thank you, /u/Byt3s! So glad to see your name show up. I hope you've been well.
/u/Time4McKenna
1 points
1 year ago*
Here's my thoughts from about 2 years ago:
/post/7fc2826925a17a9751e0/#c-318f26fc6cb472c757

here's the quote from that comment.

shell in terminal.
pubs: gpg --export --armor
secs: gpg --export-secret-keys --armor
subs: gpg --export-secret-subkeys --armor
if you give no keynames then you will get all keys by default.
secrets contain pubs (or can be regained).

consider symmetrically encrypting the asymmetric secrets with a strong password during transport though:
gpg --armor --export-secret-keys | gpg --armor -c --cipher-algo AES256 > secrets.enc.asc.txt

then copy the file and import it on the other host:
gpg -d secrets.enc.asc.txt | gpg --import

the piping should prevent the files from ever being stored in unencrypted form on a harddisk.
so you are protected from incorrectly / shallowly wiping files after transport, because transport is still securely encrypted symmetrically with strong password, even if recovered.
bonus points for seeing how ssd wear leveling might likely not overwrite / shred / wipe the file which is an opsec failure if the file were copied / stored in unencrypted form.

multiple passwords will be asked, for each secret and for the symmetric encryption transport password (possibly twice for added security).


just how many times has it to be explained that solid state discs can be a problem since it is difficult to shred files properly due to wear levelling?
and since when would anyone export private keys unprotected and store them in a filesystem?
is it not bad enough that they have to be in memory unencrypted on the same machine regularly during use?
pipe it from gpg twice, once to extract into memory, then directly into gpg again to encrypt properly.
you could even generate an asymmetric keypair just for the transport kept on the to be deleted and destroyed usb stick only.
or at least a seriously strong symmetric passphrase (diceware comes to mind) with high entropy with AES256.

maybe this is interesting to someone.

this comment was edited by original author.
/u/Time4McKenna
1 points
1 year ago
oh, and exactly thereafter i noted that there seems to be a section in the DNM bible missing these details.
of course, i also informed the moderators of /d/DarknetMarketsNoobs at the time.
has nothing happened since then at all?
are you kidding me?
/u/Time4McKenna
1 points
1 year ago
/u/Shakybeats
/u/samwhiskey
/u/dontlaugh

Are you sleeping on the job or what?
/post/7fc2826925a17a9751e0/#c-382e8717a6c5ffb6dd
/u/HeadJanitor 📢 ۩ 𝓜𝓘𝓐 ۩
1 points
1 year ago
So, I should go back in time and ridicule you for your post?

Is that the right thing to do?

Since when have you grown hostility toward me, and for what ...

Seems like you are forgetting we once had a connection. I haven't.
/u/Time4McKenna
2 points
1 year ago
i was coming from a perspective where security is like air - you only notice you are in serious trouble when you are out of air, for example when under water without breathing equipment.

This is why i thought what you posted is relatively dangerous advice, because it is not reasonably secure,
and additionally it carries significant weight by you being a moderator; where moderators are assumpted to have well above average knowledge and understanding, in particular in such an important subdread like OpSec.

you have shown in the past that you are capable of posting content at such levels, but it was not the case this time.
unfortunately, yesterday was not the day, i was in a bit of a bad mood, and i had a friend pulling exactly this shit and i successfully restored his secret keys from the usb which he did not properly delete, thereby demonstrating that the entire transport chain must be properly secured;
in other words people dear to me have fallen for this dangerous nonsense.
additionally, i have mostly stopped posting, because there seem to be way too many posts ranging from low content, spam to even actively harmful.
it is quite possible that you are a bit overworked due rumors of recent spam and phishing posts.

with all that in mind, i would like to take this opportunity and sincerely apologize for being to harsh in my judgement of your post which i believe was well intentioned.
i'm sorry, HeadJanitor.
please accept my serious apology.
if you want me to apologize in a post and / or edit my comments, please let me know.
this is now already a bad day for me, too.

kind regards,
Time4McKenna
/u/HeadJanitor 📢 ۩ 𝓜𝓘𝓐 ۩
1 points
11 months ago
Love you, /u/Time4McKenna

You are one a kind in the most rare and brilliant way.

And especially NEEDED here at Dread.
/u/Time4McKenna
2 points
11 months ago
there are many people with such knowledge.
there is much more for me to learn.
things i have no idea how they work, where i'm the non-educated idiot.
no worries.
we live and we learn.
have fun and take care.
/u/HeadJanitor 📢 ۩ 𝓜𝓘𝓐 ۩
2 points
11 months ago
There once was a scholar here, who ended everything with "have fun and take care".

That revealed to the rest us of that he was enjoying life and pursuing education.

We miss that scholar very much.
/u/HeadJanitor 📢 ۩ 𝓜𝓘𝓐 ۩
1 points
1 year ago
No, they're doing their job. They're not out criticizing people for things they've done with a pompous attitude.

Do you also want to count the number of posts that get repeated generation after generation, even in the same month, in this subdread?

You could shame them all.
/u/HeadJanitor 📢 ۩ 𝓜𝓘𝓐 ۩
1 points
1 year ago
Damn, brother, a slap in the face, don't you think?

Who said anything about shredding files when most people email their group the Private key?

It's been a long time but I didn't see that coming from you of all people, especially you.
Was I so deserving to be belittled?

I'm sorry that not only did it not meet your standards but you found it that offensive to draw insults on an old relation.

Should I have just told people to use 7zip with a password?

Thanks for the warm reacquaintance.
/u/Time4McKenna
1 points
11 months ago
more like a slap on the desk and furious typing on the keyboard thereafter.
/u/HeadJanitor 📢 ۩ 𝓜𝓘𝓐 ۩
1 points
1 year ago
The OP was neither high or drunk but has withnessed many times vendors sharing a group Private Key and transferring it to one another by email.

I guess in your absence you became perfect and I degraded.
/u/HeadJanitor 📢 ۩ 𝓜𝓘𝓐 ۩
1 points
1 year ago
The OP was neither high nor drunk.

I guess in your absence you became perfect and I degraded.

And yet somehow the OP was deserving of a belligerent attack, from one of the last people he'd expect it.

You came back after months and this is your 'hello' to someone you once knew? Sad.

Too bad I didn't mention a USB drive. And, too bad I didn't get an approval from you first.
/u/HeadJanitor 📢 ۩ 𝓜𝓘𝓐 ۩
1 points
1 year ago
Solid State Drives, USB Drives -- not mentioned once.
The transference of Private keys was the point with the premise being "exported key is sent over an insecure channel" -- not to "store them in a filesystem?"

Maybe the reader read too much into things.
Maybe you had a bad awakening today.
But, welcome back.
  • Sponsors
VigorSwap Instant Crypto Exchange
FraudGPT

  • Explore Torhoo!

© Torhoo! 2025

All links are for educational and research purposes only. Torhoo! does not vouch for any site.

Advertise on Torhoo