Bytemaster's Account is Down

[Stan]

I was mainly kidding about the Stan thing, etc, but I think I sort of had a point even if I don't mess with PGP nor have I ever been to a key signing party.

Stan is so honest that even his stolen identity can be trusted...

[gamey]

I'm always astounded by people's inability to use basic GPG services.  For being in the cryptocurrency scene, you'd think you might know a bit more about it.

Anyway, a quick verification of the message signed by Dan indicates that it is a valid signature, i.e. signed with the private key associated to the public key he posted.

You can also see that the public key is the same one that is on MIT's public key server, and you can also note that the key was generated on 02-02-2016.

Unless you believe that BM's account was compromised, and prior to the gaining control of the account, had already generated a public / private key pair on 02-02-16 and then, waiting all that time, the attacker then uploaded the key to MIT's public key server and then posted it on the forum, while at the same time knowing full well that MIT doesn't have a field for 'uploaded to server', you can take off your makeshift tinfoil hat.

If you want to wear that tinfoil hat on that theory, I'll sell you a professionally made one, and not a DIY created one.  10k BTS.  If you need hats for the whole family, I do discounts, too.  Buy 4 get 1 free.

Obviously *you* haven't understood how the GPG web of trust works. The fact that the given public key matches the signature doesn't prove anything, and the fact that the key is also available on a public key server doesn't prove anything either.
That the key is only 4 weeks old makes it more suspicious IMO (or perhaps less, because an attacker might want to fiddle with that...).

The only thing that *would* prove the authenticity of the key is a signature from a known-good key on it, or possibly a different kind of signature (like authenticated information in a blockchain).

Hence why I offered to sell anyone professionally-made tin-foil hats.  I agree that that it is still very circumspect.  I never said that it wasn't.  Indeed, I pointed out exactly the issues with trusting the key -- which you even bring up and use, the date of key creation, etc.

But yes, I completely agree that there is no way to prove the authenticity of the public key that was posted.  All I said was that the public key posted matches the private key with which the message was signed with.  And then proceeded to give date details and offered a theory that still gave reasonable doubt to the authenticity of the key -- hence the PROFESSIONALLY made tinfoil hat jest. 

I don't think I ever once said it was a legitimate key.  Before you begin accusing me of not understanding how basic encryption and public key signatures work and the web of trust works, read what I write and don't make assumptions.  As the old adage goes ... when you assume ...

Unless, of course, you're a mathematician, then assuming is your day job.

Beyond that, you blew off the whole idea that this site is not to be considered trusted going forward.

I was mainly kidding about the Stan thing, etc, but I think I sort of had a point even if I don't mess with PGP nor have I ever been to a key signing party.

[bytemaster]

I posted the key to establish its history on this forum.  It is more to protect future issues than to secure the current one.

Stan's confirmation of my post combined with no counterclaims from anyone that it isn't me should be enough to confirm that it is indeed me.

[complexring]

I'm always astounded by people's inability to use basic GPG services.  For being in the cryptocurrency scene, you'd think you might know a bit more about it.

Anyway, a quick verification of the message signed by Dan indicates that it is a valid signature, i.e. signed with the private key associated to the public key he posted.

You can also see that the public key is the same one that is on MIT's public key server, and you can also note that the key was generated on 02-02-2016.

Unless you believe that BM's account was compromised, and prior to the gaining control of the account, had already generated a public / private key pair on 02-02-16 and then, waiting all that time, the attacker then uploaded the key to MIT's public key server and then posted it on the forum, while at the same time knowing full well that MIT doesn't have a field for 'uploaded to server', you can take off your makeshift tinfoil hat.

If you want to wear that tinfoil hat on that theory, I'll sell you a professionally made one, and not a DIY created one.  10k BTS.  If you need hats for the whole family, I do discounts, too.  Buy 4 get 1 free.

Obviously *you* haven't understood how the GPG web of trust works. The fact that the given public key matches the signature doesn't prove anything, and the fact that the key is also available on a public key server doesn't prove anything either.
That the key is only 4 weeks old makes it more suspicious IMO (or perhaps less, because an attacker might want to fiddle with that...).

The only thing that *would* prove the authenticity of the key is a signature from a known-good key on it, or possibly a different kind of signature (like authenticated information in a blockchain).

Hence why I offered to sell anyone professionally-made tin-foil hats.  I agree that that it is still very circumspect.  I never said that it wasn't.  Indeed, I pointed out exactly the issues with trusting the key -- which you even bring up and use, the date of key creation, etc.

But yes, I completely agree that there is no way to prove the authenticity of the public key that was posted.  All I said was that the public key posted matches the private key with which the message was signed with.  And then proceeded to give date details and offered a theory that still gave reasonable doubt to the authenticity of the key -- hence the PROFESSIONALLY made tinfoil hat jest. 

I don't think I ever once said it was a legitimate key.  Before you begin accusing me of not understanding how basic encryption and public key signatures work and the web of trust works, read what I write and don't make assumptions.  As the old adage goes ... when you assume ...

Unless, of course, you're a mathematician, then assuming is your day job.

[pc]

I'm always astounded by people's inability to use basic GPG services.  For being in the cryptocurrency scene, you'd think you might know a bit more about it.

Anyway, a quick verification of the message signed by Dan indicates that it is a valid signature, i.e. signed with the private key associated to the public key he posted.

You can also see that the public key is the same one that is on MIT's public key server, and you can also note that the key was generated on 02-02-2016.

Unless you believe that BM's account was compromised, and prior to the gaining control of the account, had already generated a public / private key pair on 02-02-16 and then, waiting all that time, the attacker then uploaded the key to MIT's public key server and then posted it on the forum, while at the same time knowing full well that MIT doesn't have a field for 'uploaded to server', you can take off your makeshift tinfoil hat.

If you want to wear that tinfoil hat on that theory, I'll sell you a professionally made one, and not a DIY created one.  10k BTS.  If you need hats for the whole family, I do discounts, too.  Buy 4 get 1 free.

Obviously *you* haven't understood how the GPG web of trust works. The fact that the given public key matches the signature doesn't prove anything, and the fact that the key is also available on a public key server doesn't prove anything either.
That the key is only 4 weeks old makes it more suspicious IMO (or perhaps less, because an attacker might want to fiddle with that...).

The only thing that *would* prove the authenticity of the key is a signature from a known-good key on it, or possibly a different kind of signature (like authenticated information in a blockchain).

[complexring]

If Bytemaster account is compromised how can we trust Stan's confirmation  or anyone's ?

You can't trust me ....

This. It would be nice to know more details on what happened.

I'm always astounded by people's inability to use basic GPG services.  For being in the cryptocurrency scene, you'd think you might know a bit more about it.

Anyway, a quick verification of the message signed by Dan indicates that it is a valid signature, i.e. signed with the private key associated to the public key he posted.

You can also see that the public key is the same one that is on MIT's public key server, and you can also note that the key was generated on 02-02-2016.

Unless you believe that BM's account was compromised, and prior to the gaining control of the account, had already generated a public / private key pair on 02-02-16 and then, waiting all that time, the attacker then uploaded the key to MIT's public key server and then posted it on the forum, while at the same time knowing full well that MIT doesn't have a field for 'uploaded to server', you can take off your makeshift tinfoil hat.

If you want to wear that tinfoil hat on that theory, I'll sell you a professionally made one, and not a DIY created one.  10k BTS.  If you need hats for the whole family, I do discounts, too.  Buy 4 get 1 free.

[Akado]

If Bytemaster account is compromised how can we trust Stan's confirmation  or anyone's ?

You can't trust me ....

This. It would be nice to know more details on what happened.

[cylonmaker2053]

Seriously though was BM compromised via the server (which means everyone should change passwords) or his own stuff...

good question...

[sudo]

bts1.0 have bts id log in  fuction
is it possibile with bts2.0？
keyid  keyhottee

[gamey]

Seriously though was BM compromised via the server (which means everyone should change passwords) or his own stuff...

[pc]

If only we had a way to verify that PGP key...

[fav]

If Bytemaster account is compromised how can we trust Stan's confirmation  or anyone's ?

You can't trust me ....

Ip's match

[gamey]

If Bytemaster account is compromised how can we trust Stan's confirmation  or anyone's ?

You can't trust me ....

[Stan]

I confirm that BM is back.

[bytemaster]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I'm back... I promise its me
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJW0l7xAAoJEAZ9j6cqIrOw8TIP/irDc1o4l52vIWTtnJuExFqv
7Wvflfb1kEcqimWAaHfAOllHURW67CKWtJ8TMs1YHyuhX6AyUXZg+ULufIVg516m
BgEyIfFWOwfFKOMaqwsz+Z3siaYa+bPq/aJHYkWP6F0hJspITcty1j9v+DE2EcjN
0mD+Ta0woEq04NK7kOW/BEuRdoDmjIpE3UPHfNEavETQNzxTG+wfkFPD4KxpVSI1
X2w7BwXpfHGis1fO+ASOFRujU5DiS3sfWQLU4U4+gJF9UZR/Aw/KcAHNWRGeq1uy
piiS4EhRHVRhXcgPPRXdGzgAD5He7jZse+TPSkELTTFtEfoWV/x76vxHKYLGGWuI
gbn+p/97Tr+6AUp0TlXTPozWv0ES7ckxYW1uq11tn/gGGOjhp9HDqGkxZtJRTvPU
/5xEctp09VrACDg4GHxlxxHuSXYoyqMSf8KRaOTiuB2aEpqUrl+3H3K+yyXtbfgl
27Cw3xBEnbnwGLNKBLHmtyEmEHMQ4pvcZzR9M3gcleOSEK8e2I9xq9qncj63Ie6M
xEwvp0kkmfP3GDRQwYlUdTiA0ksJBEcfl09OBnIyE+9t9J8sk1XYVDIlOO/d6Bv9
u7c7D+T6PID9bCL5rRB5FqNqQfOvBUKL9SyGzPnM3ca1gbXNvnHuHLpRAJxxL7zr
8Q9hNooMA4FN8lCRWS5B
=T0Oy
-----END PGP SIGNATURE-----


-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: GPGTools - https://gpgtools.org

mQINBFaxMEwBEADEmPwobzIyOXn6CpeM2lRTI+nlg/RhBnLEOWD9dgaAtzv4ltF6
PD5A0s2/td93BOKKXuZy0xxYY2XLvdb0X82w5S9w8hLUG1F2y7uVZkD20nDEsDs5
p4nGRMLd5eDgYsJR7SnkGkQKcEkKWsTGXvJ/Df4X4M8/62IZRJgpqp2cHl3CMGjE
hYPdrg5J3mTCxwhi/1dNBbfE+ju/B42RXN4R2Hczl+o/PKPp0ZUuXNhuAT0NeGYR
qmnjS2bN+4ChoeE/oGSPSUu4VMa58oe20KLaP+4OcPhGxzhA5nhQGISVmn+vApQw
XUtuwl8hwc2HThYQKVXslSNxYhQ7cvE+fcwCJ9UqVw+IMYGnRkSSJrpEEisHVDp7
OE8bEaYgykCuMQ1QQTp0MPmSvu3NSXY3ET3W9BKeEdKpoxw31TJOrQICMRmSLX0z
SDdiBZ0acEH11tccPGyLInz/SDAOWvOQ/dOREDYbIRiTqyId4JxgDerpbQbU4GK+
RqTlkIi3tGy8wtQnNKM022Dzx1r2QbLPr05zuCMSZ22odOBFHP76i7Bllcro/Clm
0g8EP87oE3PP9w/RmNw50svcsUkWCTyWSHWhtmHUnqKh9kxmVCihvHPv+Pun52UI
3UX86ZjK03dFPihGj+VsU54pdB2XizV9pH4xgqiQGeEaGFPDlK5F7g4U1wARAQAB
tCREYW5pZWwgTGFyaW1lciA8ZGFuQGNyeXB0b25vbWV4LmNvbT6JAjUEEAEIACkF
AlaxMFAGCwkIBwMCCRAGfY+nKiKzsAQVCAIKAxYCAQIZAQIbAwIeAQAAkwIP/1/q
Q3EzroL7aeYyHo3EQiXCFg4t00nl4nDofc4Enx0jzdrPhEdEOn8J3bPfiaGMlCuW
yp2r6cd2EJj0U52o5pdhs4N7y7LP5997cfOHYXVdgGDfzYPp02xJ11avNgFO1dGL
rEdG+wJjxgeSm+xE7JaONKK2S1hccmkcq7AUgiBba+1XE9x2P6/+gs2leObUCxn+
AwiEdm7rSRBazzIMDRzWV/pNJRMwZcGWk+rzEpUWCyjVXK8Hq8u24uop+ro3Whuu
n23EkU7SLmrJBFxC5MxiDKI3XZSgMd4E1xc3dCV6Na1zDCR0mOKabxOP64/RlsXH
x0TCEtHfHR2cMEuB965zKJtASu8ynYpYNiMrNlp+5MeHkxHcsW8PiwqftYnBTQlp
d92l9ye2HYIb/q3CIAgQtUfPkK5JyJ0TQ78A7aZOqq5IOzaJJC3zDlFzTLWXdVsF
MksJag8JVE7hrfLO1Ilfq9rH+hFcyha0CgK/dDgQMXjDmtHOXY1iFE52mce3rBvq
YUgQZKv3Xync1hmd+8iahv24O/F6en8FxL1kYsI7Gv/gbEXG7ObzscjOjGh0TUIt
oJpVWmnDqkNIp09fDvVUrCv70yxRVlLjKjaMkjilMDuWBmbq5qKZwis3yojPsDbx
z8JI+iuv7dZQkrErO1PEi0wgjxGUPDb+oM3Mf0qauQINBFaxMEwBEADPGBiOGa9t
2kb/GwpQXOgBq66PB3BJd6GxYbPARKEyuDth5X9bI75pF1PmjbdFtJ8MNFFrST6p
KZCf/LofCVYxJZ93u8q7vvJYs+QHdf+Iv8T/eg6Ku+DZfzpUmTdgNzsns+PGH5iJ
Ap7ISuewV7vKO5wwwghypaqC3FY5T03Ma/uVaj0uZu6n1erG8Cz94HAQq9d9CtTy
XgH8CgubJ5TjFGd9BzH/iTNIw47tyDSkitK/0zkRZiLu+rEg8PqaTZSZDhTCTzCN
t/bf8wRTl0JtLHVG2N00oUWmq4JQy6M5+TzvUolCIWXN6ECd2slJFuisZLtEPajd
aNwZA4ZNkUcExUTLrOmRabplX0a/t6Cg0wh/a1mTQFrsnp2llmAFLJlwo+97qmYs
hMEUUiHIkbZFDOwDiNMy5usxPrRFE1zUkZyNhla9C+jGcsePjZ4B+1Zyf7kIWgp8
Ed9qiQy7mHhHM3pqzv4zlBBM8jVT+gZdT8q7GWrvK1JkZOkbhwfXV+6g/5MaMmDK
kLI2uDOI1CTj2uzt9qM/2ZgsjcCehbSSf2Ut6Q9MFQtuHOsx/uaFH/q6oxmrsG6w
72/ZdqaZBL8yQZLIiKfdSphLHDirYSNOlKpTKrjgLcPgI52rKcTIldBC2ZsLEBxY
/zVa2CeHX8fIF/boGHVrl1lLgKRKvTv3ewARAQABiQIfBBgBCAATBQJWsTBSCRAG
fY+nKiKzsAIbDAAAldsQAK8Cm/NrU8C52FYaX1Oq/8o7nb8J9mSkGd2Jl8KrlgOk
RHht2UGaN8KXTLFMPdqzzZSH1OYcvCA6YRCJaATTKrI2GLaMZXKKUT4I+6JlK45Y
or3xHPAH+lSbjqVx4O8TNFOwFPF55pdv0hmb0T16VUw7AsYQAfWD3wpuxVAd6LE2
b49E5paCC86bbEELvuEtNhkKlsMJU6mzPDdMl+53/tjkKA8X8Q8dossBACNIDEPe
iy+ot70pgt/5OkGSBnJl5OvWpzeVdrLYFs4aM5U0Md5rUSlIsrH0eim1m3v+D/Dp
vKHVnZufIR16vpYJSwfNyE3OiOGL7NfegpvhCaG5+q8EI3acBIzpV7VYXWwZTF7M
S7NSjWjKA+aSRp+AxXaPrX7ONUpPJqW9K2cseGgMLB0x6yNwAJCmEETER6bgdkWq
incUrSr3VelvlDQUmNACgWVabrCy02C1BXzzzCDa9qnPS5EnXixwXl9aYzJln5On
GHDY9Dg8eDcssX79jWVmqQnBtX28JAxqhYXzfuZoUuOLz2Dog3I5hBVgjmgWPI+t
HXayiBChfp4CeGb5hhkUMJ3F2wn91ugEI2iOAEQBFAIXJzYf5t8ZOqlGYsNCDb1p
JnCKTmlLQneSccaHuvNhLW5+k82HU7zQbi7Ps2srLhQUTNgWMlhO5ZImdkB3qLC/
=UN4S
-----END PGP PUBLIC KEY BLOCK-----