Kerberos FAQ

Download Tor Browser from torproject.org, verify PGP signature, then use onion links from Official Mirrors. Always disable JavaScript and use privacy-hardened OS (Whonix/Tails).

Import official Kerberos keys: gpg --keyserver keys.openpgp.org --recv-keys 512EF114. Verify messages: gpg --verify message.asc message.txt. Compare fingerprints from links.html.

Yes. Use fresh addresses per transaction, offline signing on air-gapped systems, and never reuse wallet seeds. Kerberos only accepts XMR for privacy-preserving ring signatures.

No. VPN inside Tor creates dangerous correlation attacks. Use Tor-only routing or Whonix gateway for complete isolation.

Tails (amnesic), Whonix (compartmentalized), or Qubes OS (disposable VMs). Never use host OS directly for darknet access.

Check PGP signatures against official fingerprints. Real Kerberos sites display verified PGP blocks. Cross-reference onion hashes from trusted sources.

Weekly. Verify SHA256 checksums and PGP signatures before upgrading. Restart completely between sessions.

Generate new keypair every 18-24 months. Publish revocation certificate for old keys. Vendors will request updated public keys.

Never. Use ProtonMail, Tutanota, or temporary throwaways. PGP-encrypt all communications regardless of provider.

Block all outbound except 127.0.0.1:9050 (Tor SOCKS). iptables: -A OUTPUT -d 127.0.0.1 -p tcp --dport 9050 -j ACCEPT

Tor Browser resists most techniques. Never resize window, install extensions, or enable WebRTC. Use default security slider (Safest).

VeraCrypt containers (AES-XTS 512bit), LUKS2 with Argon2id, air-gapped USBs. Triple-backup methodology with geographic dispersion.

Absolutely not. Darknet markets contain exploit chains targeting JS engines. NoScript "Safest" mode is mandatory.