PGP stands for Pretty Good Privacy so you are getting no more than what you are promised.
It's time for PGP to die, says ... no, not the NSA – a US crypto prof
A senior cryptographer has sparked debate after calling time on PGP – the gold standard for email and document encryption. Matthew Green is an assistant research professor who lectures in computer science and cryptography at Johns Hopkins University in Maryland, US. This week, on his personal blog, he argued that it's "time …
COMMENTS
-
Thursday 14th August 2014 18:57 GMT Brian Miller
He's right! PGP sucks to use!
Yeah, the prof is right, but it shouldn't take a PHD to get people to listen. It's actually been way past time for an update to the general implementation.
One of the reasons all of this really stinks is because SMTP was never designed with rigorous security in mind. It's really past time to move to a better mail protocol.
-
Thursday 14th August 2014 19:23 GMT Nate Amsden
Re: He's right! PGP sucks to use!
hey man I like the ability to telnet to a SMTP server on port 25 and issue SMTP commands directly to debug things.
same goes for HTTP.
and other protocols.
Myself I've never really had a need for encryption in email. I've run my own mail services since the mid 90s and I've never felt I needed fancier SMTP or to even deploy PGP (I think I used PGP a couple times back in the 90s for email never since). Though my mail system does support SASL/TLS I did add that a few years back so my mobile devices could email remotely without using webmail or VPN. Though I rarely even do that, I haven't sent an email through my email server from my phone since last year (it doesn't even work anymore and I can't be bothered to figure out why and fix it).
-
Friday 15th August 2014 08:46 GMT PerlyKing
Re: He's right! PGP sucks to use!
@Nate: "Myself I've never really had a need for encryption in email" [and other stuff]
You appear to be arguing against encryption on the grounds that you personally don't feel a need for it, and that if everyone else used it you would be inconvenienced. Thanks for your input.
-
-
Thursday 14th August 2014 20:29 GMT brooxta
Re: He's right! PGP sucks to use!
It might suck to use for all the reasons he gave, and yes SMTP sucks because it was designed without security in mind, but there is one reason at least why PGP absolutely rocks:
You can use it to encrypt a message to send via just about any medium. And you can verify that security independently of the infrastructure you used to communicate.
As soon as you start to build a monolithic "secure" system you lose that independence, which is a big loss.
In every secure system I am aware of (and I should say that I in no way consider myself an expert in the field) there is always a trade off between convenience and security. You can have more of one but it means less of the other. If this guy has come up with a way of increasing the convenience without losing any of PGP's security then I'm all for it, but if he's advocating the opposite I don't want to know.
-
-
Friday 15th August 2014 10:23 GMT Joe Harrison
Re: He's right! PGP sucks to use!
PGP just does not work for normal people.
I have no problem setting up my own mail environment for both PGP and S/MIME security but I only know about two other people in my social circle who would be able to read it if I actually did send them an encrypted message. So what practical use is that?
-
Friday 15th August 2014 10:57 GMT brooxta
Re: He's right! PGP sucks to use!
@Joe Harrison
Its practical use is that it serves as a working system for many tech-savvy types, and also as a standard for other systems.
PGP was invented years ago and it was an enormous step forward, even though it was as tough to use then as it is now (in fact tougher - ever tried using it on a 386?). The thing is that the problems it set out to address then have only become worse in the intervening time: now there is not just the concern that it is possible to exercise mass-surveilance on populations in the "west", but the proof that it is in fact happening.
I don't know what the next big step forward will be or where/who it will come from, but I do know that it will need to give us at least what PGP does. Otherwise it won't be a step forward, but rather backwards.
The experts tell us that cryptography is hard and good cryptography is even harder. From my experience I would tend to agree. The question is, is it worth it? And attempting to answer that question leads you on to other rather bigger questions.
-
Monday 18th August 2014 11:24 GMT Tom 13
Re: He's right! PGP sucks to use!
The real problem with PGP isn't the principles behind it, its the same problem that plagues secure web sites: there is no secure but easily used exchange for certificates. We "solved" that problem for websites by designating a couple of suppliers of top level certs, and everybody buys their certs from them. But that approach doesn't readily work for PGP email keys. Maybe Google, Yahoo, and MS could setup some sort of free public storage for certs from which people could download keys, maybe not.
-
-
-
-
Thursday 21st August 2014 11:26 GMT Anonymous Coward
Re: He's right! PGP sucks to use!
You can use it to encrypt a message to send via just about any medium. And you can verify that security independently of the infrastructure you used to communicate.
As soon as you start to build a monolithic "secure" system you lose that independence, which is a big loss.
Indeed, OpenPGP doesn't care what the underlying medium is. Carrier pidgeon, sneakernet, UUCP, SMTP, HTTP, AX.25… you name it, if it can carry Base64 reliably, it can carry OpenPGP reliably. The other bonus over SMTP/TLS is that this is end-to-end, whereas SMTP using TLS is only between hosts.
-
-
Thursday 14th August 2014 19:08 GMT Anonymous Coward
Hyperbole?
I don't know, but saying that PGP is "fundamentally flawed" seems like a bit of an exaggeration to me, especially when he does not come up with anything better.
He advocates "a centralised key management system" à l'Apple, which is more or less what you get with X.509, in turn with its own set of problems; and, I quote: "Cryptography that post-dates the Fresh Prince. Enough said.". Well, no, I don't think enough has been said, pretty far from it.
As for the supposedly inadequate clients, honestly, in the ten years or so that I've been using Enigmail and Kgpg, they've done the job just fine, thank you. And recent versions of Enigmail are configured by default to encrypt if possible, which addresses one of his points.
For a researcher, I am surprised he didn't put this in an academic paper but rather just published a little rant in his blog. I take that as an indication of how much thought he's put into this.
-
-
Friday 15th August 2014 00:00 GMT Number6
Re: Hyperbole?
Presumably his little rant was triggered by inadvertently emailing his boss instead of a coworker (co-reseacher?) with a rant about his boss. :-)
Well, had he encrypted it with his coworker's public key then he'd have gotten away with it because hopefully his boss wouldn't have been able to decrypt it.
-
-
Thursday 14th August 2014 19:26 GMT Richard Conto
Re: Hyperbole?
Given what happened to domain name registrars for .COM becoming decentralized, and the scary/horror issues of all the multitudinous problems there have been with Certificate Authorities - he's going to have to make a better argument for a centralized key management system than just implying The Leader Knows Best.
-
Friday 15th August 2014 13:51 GMT Anonymous Coward
Re: Hyperbole?
First someone invalidates him because he has a PhD. Then someone invalidates him because he has a PhD but he is not using it to publish it as a paper. What's next? He took too long to get his PhD? He hasn't renewed it in time? You can invent any number of irrelevant reasons for not taking someone's words seriously...
-
Monday 18th August 2014 11:38 GMT Oninoshiko
Re: Hyperbole?
How about because he is wrong? Is that okay to invalidate him on?
Let me list his argements and invalidate them:
1) It's "old"
I don't care. This isn't even really an argument. We've been making booze for thousands of years, but that doesn't make it any less of a find beverage.
2) Keys are hard to read
Well, yes. unfortunately he doesn't offer any kind of fix.
3) Old releases of GnuPG have bugs.
Yes, most software has bugs. Update to fix them. GnuPG can be updated for free (as in gratis). Any proposed fix will be susceptible to this problem.
4) Trusting a central authority would be easier.
Yes, it would. I think we can use the NSA as that central authority. If we trust any US company, they'll be it anyway.
5) WoT is bad.
He manages to take a whole paragraph and say just this and "I'm not backing it up with why." Well, I'm not responding to it, because he didn't bother to say anything to respond to.
6) Lacks forward secrecy
While forward secrecy is great, it requires much more automation on software side. This requires putting much more faith in much more complex software. For something like SSH, much of the complexity is already there because the sessions are real-time, for a non-realtime "session" I'm not as convinced. (although, this is EASILY the strongest point he makes)
7) PGP supports old ciphers and not new ones.
He even says most of these are not exploitable, so this is basically a rehash of 1. Specifically he complains about the lack of support for Elliptic Curve Cryptography (ECC). Dual_EC_DRBG (atleast) is known weak, and there are weaknesses in the recommended curve. At least one noted analyst recommends not using ECC at all in light of these revelations https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html#c1675929
8) too easy to send unencrypted
Ideally, it should probably be harder to send an encrypted email in these apps, unfortunately most people are not setup to receive encrypted emails, so sending unencrypted emails are still the norm. This is also likely to be unresolvable with:
9) too easy to send unimportant emails encrypted
If you are going to use encryption, you NEED to be using it for everything. If you don't you are give a treasure-trove of meta-data to an attacker. What you think it unimportant, who you are talking about important things with, and how often.
10) too easy to encrypt the email with the wrong key
I'll give him this.
11) requires passphrase to unlock key, which is required for just signing.
Not locking your key would be a HUGE vulnerability. The key is necessary for signing. Getting done with it and removing it from memory as fast as possible is the most secure thing you can do, but it requires you to reenter the passphrase each time. I guess I'm not sure I understand what he's proposing here, maybe he wants to abandon signatures.
-
-
-
Thursday 14th August 2014 19:23 GMT Richard Conto
PGP is like Democracy ...
... in that it's the worst possible encryption system, except for all the others.
This professor's complaints are mostly that PGP (or GPG) have awful applications. That's a side effect of PGP/GPG being pretty much a niche application AND being open source. The open source part is WHY the thing is trusted, and the niche part is because security and privacy is not terribly high on most people's communication priorities. (I don't doubt that cat videos are more important to most people than locking their houses and cars - much less securing private communications or passwords.)
But re-engineering e-mail to provide for security & privacy is not likely to happen. Anyone remember X.400, the OSI's mail protocol? Any attempt to redesign email from scratch is likely to end up with something worse in terms of inability to inter-operate. (Besides, Facebook, Twitter, Google, et. al. are all re-engineering inter-personal communications anyway into proprietary social-networking horrors.)
-
-
Thursday 14th August 2014 21:33 GMT Anonymous Coward
Re: PGP is like Democracy ...
The open source part is WHY the thing is trusted
since no open source cryptography project has ever had major security issues...
True, but at least in the open source world when the problem is found (and it still can take time), it's impossible to sweep under a rug… a company can just stick its fingers in its ears and yell "La la la la!"
There are probably equally heinous bugs that rival HeartBleed in commercial software that will never be fixed. We'll not know what they are because it's in the companies' interest to keep it all hush hush.
-
-
-
Thursday 14th August 2014 19:42 GMT John Riddoch
The. Only.
That last part is the core; there is currently nothing to usurp PGP which is widespread in use already. Any replacement would have to offer something substantial over the current implementation and simply saying "more secure" isn't going to sway anyone other than the security paranoid. Any replacement has to be at least as simple to use as PGP, or users will simply not bother with it.
And finally, the kicker - until it gets sufficient momentum, people will stick to the incumbent (PGP). There's no point having an uber-secure way of sending mail if no-one you send mail to can read it...
-
Thursday 14th August 2014 20:00 GMT Bloakey1
Re: The. Only.
That is exactly the point. What he wants us to do is dumb things down and make it user friendly. At the moment one has to go through a few hoops to use it and in my opinion that is a good thing. Even Greenwald balked at using it when approached by an annonymous source but when he got there he hit the jackpot.
I like to know that I am expressly doing something so I will jump through hoops. Embed it and obfuscate it and I will presume all is ok and that is bad security.
Leave it alone as a gold standard and work on something easier using ROT 19 or whatever.
-
Friday 15th August 2014 15:08 GMT Sir Runcible Spoon
Re: The. Only.
"There's no point having an uber-secure way of sending mail if no-one you send mail to can read it..."
Surely if you have encrypted an email to someone then you have used their public key to do so, so one could assume they might know how to decrypt it (having made their public key available to you).
-
-
-
-
-
Friday 15th August 2014 09:15 GMT Anonymous Coward
Re: @AC
"Who argued that it isn't possible to spot potential problems?"
Nobody. I was pointing out it's unreasonable to criticise an observation based on whether the person making it can rectify it.
"In many respects spotting the problems is the easier part, but without the second part it is of minimal value."
I disagree.
-
-
-
-
Thursday 14th August 2014 19:55 GMT Anonymous Coward
Not saying PGP is perfect
As it certainly lacks in user friendliness and ease of use, both of which will be required if it is ever to be adopted by the masses.
But key length on business cards? What a non-issue, given that business cards are dying out these days... But if you must, sounds like a good use for those 2D bar codes that every smartphone on the planet can read without issue.
-
Thursday 14th August 2014 20:10 GMT ZSn
Re: Not saying PGP is perfect
Ok, geek alert. I *tried* to put a certificate into a qr code. It doesn't work, at least not for 2048 bit certificates. Even if you can shoehorn it into the maximum size of QR code, the resultant QR code is too big to be practically read (I've tried, trust me). If you print it A4 at best quality it still doesn't work. As for 1024 bit, perhaps it may work, at A4 size, never on a business card.
OK, I admit, I have to much time on my hands.
Matthew Green isn't usually too bad a read, he seems to have jumped off the deep end on this. It smacks of an academic with no real world experience.
-
Thursday 14th August 2014 20:36 GMT brooxta
Re: Not saying PGP is perfect
You don't need the whole certificate/key in a qr code, you can send that as an email attachment or download it from a web page or key server. The qr code would be useful for the key fingerprint though, which should be much more manageable. You would then use the fingerprint encoded in the qr code to verify you had downloaded the right key.
-
Thursday 14th August 2014 22:08 GMT ZSn
Re: Not saying PGP is perfect
>You don't need the whole certificate/key in a qr code, you can send that as an email attachment or download it from a web page or key server. The qr code would be useful for the key fingerprint though, which should be much more manageable. You would then use the fingerprint encoded in the qr code to verify you had downloaded the right key.
I know, I was just hoping that there was a more elegant way in doing it all in one QR code so that you can personally give out your key.
Incidentally I don't put my gpg on the public servers, naughty I know, but I only send the key to people I actually want to send encrypted messages to. Perhaps I'm a little too paranoid.
-
Monday 18th August 2014 11:39 GMT foxyshadis
Re: Not saying PGP is perfect
Fingerprints are so broken. They're a straight MD5, which only gets more broken every year. Every email client I've used only presents 32 bits of the fingerprint for your visual verification. It's time for PGP to move on and some of the brilliant people who put modern TLS together to start working on secure email, otherwise Google and Yahoo will be the only ones controlling it.
We've already patched and bodged SMTP into the 21st century, kicking and screaming all the way, at least; that proves that smart people could tackle PGP too.
-
-
Monday 18th August 2014 11:28 GMT Charles 9
Re: Not saying PGP is perfect
I *tried* to put a certificate into a qr code. It doesn't work, at least not for 2048 bit certificates.
That's odd. 2048 bits should take up only 256 bytes, well within the QR Code limit of 2,953 bytes under ISO 8859-1 encoding. Even if you have to convert it to a text-compatible format, you should still be well within the limit, even counting necessary overhead.
-
-
Thursday 14th August 2014 22:02 GMT Anonymous Coward
Re: Not saying PGP is perfect
> But key length on business cards? What a non-issue, given that business cards are dying out these days... But if you must, sounds like a good use for those 2D bar codes that every smartphone on the planet can read without issue.
As has already been mentioned, key length on business cards is an issue, at least for any decent length key--this was pointed out by Zimmerman himself when he first came up with PGP. However, that is what key fingerprints have been for since day one.
I am a bit surprised that Mr. Green will mention this. As a cryptography user (for I hope he's not a mere academic expert), he will know that the way we "exchange" keys is by providing a bit of paper (or for the poshest geeks, yes, a business card) with our email address and key fingerprint on it--sometimes people physically sign the paper as well. The other user will then go and fetch the key itself from one of the usual servers and check by hand if the fingerprint matches, then set his trust level adequately.
Has worked for me since the 90s and is not much different than, say, checking a signature on a paper document (it can be just as insecure, but also a lot more secure).
-
Thursday 14th August 2014 19:58 GMT roger stillick
Encription ? PGP=OS... OK, still don't use it...
USPS aka Snailmail has a USD. $7.00 courier service w/next day service anywhere in the USA...
IMHO= when anything of value goes by 'Blue Box' why does anyone need a crypto program other than to have something cool to play with...
Reality Check= the Internet has been hacked by everyone since day one and we still use it cuz it works if we ignore the bad guys...remember= no one has ever cracked a book code w/o the book...RS.
-
Friday 15th August 2014 01:25 GMT eldakka
Re: Encription ? PGP=OS... OK, still don't use it...
They also have physical access to the content of whats being sent. As has been reported previously, the intelligence and criminal law enforcement agencies (e.g. NSA,DEA) can, and do, get USPS to make copies of the external surfaces of the envelope and can obtain warrants that let them open, copy, and forward on, the mail.
In fact, if you send it registered post, they don't even need to copy the external envelope as they already have the FROM and TO information which you provide when you send a parcel registered mail.
And even if you didn't care about that component (having the FROM and TO addresses), you would still, if you wanted it SECURE, have to encrypt the contents of the parcel so that the document is unintelligible text to visual examination.
-
-
Thursday 14th August 2014 20:12 GMT ratfox
Business cards??
Honestly, I fail to see why PGP would have to be backward-compatible with business cards. Surely there's millions of apps that are more practical for exchanging contact information than handing over little pieces of dead trees. If you must, how about printing a QR code of the key on the back of the card?
As to the gripes about email clients, that's the fault of the mail clients, not PGP. It might be that nobody has cracked the proper UI, because let's face it, so few users care…
-
Monday 18th August 2014 11:33 GMT Charles 9
Re: Business cards??
Because the keys are too big to put on even 2D barcodes (even I suspect the color barcodes once touted by Microsoft). Which means you have to store it somewhere, which means you have to trust both the place it's stored AND whatever means is used to transport it. And if your opponent's something of state level, I wouldn't even trust the fingerprint (since the state may secretly have the means to subvert things behind the scenes).
-
Wednesday 27th August 2014 13:45 GMT Anonymous Coward
Re: Business cards??
Because the keys are too big to put on even 2D barcodes (even I suspect the color barcodes once touted by Microsoft).
In the interests of science, I tried it anyway.
You can do it with 2 QR codes. I used ZFEC to encode it into 4 QR codes, so you can scan any two and get my public key.
ZFEC is available at https://tahoe-lafs.org/trac/zfec/
The monstrosity looks like this: http://www.longlandclan.yi.org/~stuartl/pubkey.png
How it was generated:
$ gpg -o /tmp/pubkey.gpg --export 4DFA191410BDE3B7
$ zfec -m 4 -k 2 pubkey.gpg
$ for f in pubkey.gpg.?_?.fec; do qrencode -o $f.png -8 < $f; pngtopnm < $f.png > $f.pnm; done
$ pnmcat -lr pubkey.gpg.[01]_4.fec.pnm > pubkey.gpg.top.pnm
$ pnmcat -lr pubkey.gpg.[23]_4.fec.pnm > pubkey.gpg.bot.pnm
$ pnmcat -tb pubkey.gpg.top.pnm pubkey.gpg.bot.pnm > pubkey.pnm
$ pnmtopng < pubkey.pnm > pubkey.png
Note this will not fit on a business card unless you have a very high resolution scanner and printer available.
-
-
Friday 15th August 2014 01:30 GMT JaitcH
Because Ford built the Edsel, the Concept of the Automobile should scrapped?
Quote: "Many PGP-enabled mail clients make it ridiculously easy to send confidential messages with encryption turned off".
This statement is the equivalent of saying the Ford Edsel was so bad (Unsafe at Any Speed - Nader), or any other clunker car design, that the concept of the car should be scrapped.
PGP, written and initially distributed by Phil Zimmerman, has proved it's worth over the years that so much so the GCHQ and NSA are still gnashing their teeth whenever Zimmerman's name is invoked. So many people in physically risky positions or employment have staked their lives on PGP.
PGP is NOT the problem, people who are strangers to Command Line entries ARE. LONG LIVE PGP!
-
Friday 15th August 2014 05:25 GMT Anonymous Coward
Mail clients
He's right about those though. Even using Thunderbird with add-on it can be a pain in the arse. It is certainly not straightforward and often comes up with an alertbox. Tried getting it to sign emails using the required cert but it kept bugging me. Not sure if it was because it had the shits with the need for a password or not. Was using GPG on OSX with (possibly) Enigmail (if that's the add-on). Followed a guide on the topic but in the end just switched the bastard off.
-
This post has been deleted by its author
-
-
Friday 15th August 2014 09:20 GMT JimmyPage
Want to thwart the snoopers ?
You don't "send" mail anymore. You simply post your encrypted message on a usenet server (ask your parents, kids) with the intended recipients public key as the subject.
The recipient can easily find the message from whatever server they use, and download it, decrypt it, and if required, respond the same way.
All the communications in the world in the open, and (assuming you trust the underlying encryption) safe. Sadly, Teresa May will now lose that lovely "meta data" she wants to collect, so she knows who is communicating with who, but that's the price she (and others) will have to pay for abusing their powers in the first place.
Bearing in mind, from a UK perspective, discussion of encrypted mail is moot, since the authorities can simply ask you to decrypt it with the incentive of 2 years (or is it 5 ?) in the big house if you don't.
-
Friday 15th August 2014 09:43 GMT Nigel 11
Re: Want to thwart the snoopers ?
Bearing in mind, from a UK perspective, discussion of encrypted mail is moot, since the authorities can simply ask you to decrypt it with the incentive of 2 years (or is it 5 ?) in the big house if you don't.
But they can't do that without tipping you off that they are reading your e-mails. They can't do covert data-trawling on encrypted mail, and that's what offends me far more than properly targetted police activity subject to proper judicial oversight. Also if the authorities start demanding access with menaces from more than a tiny fraction of the population and concerning a small fraction of their correspondents, there will be major political repercussions.
-
Friday 15th August 2014 16:15 GMT phil dude
Re: Want to thwart the snoopers ?
That's why Habeas Corpus and the 5th amendment to the US constitution are so important. And it is why the UK govts over the years have chipped away at them. It is simply inconvenient for any government to think it is not all powerful.
I too would like to think that if any Government want to try and force citizens to give up their private information to incriminate themselves (or others), that potentially keeping them "in a secure location", that there would be major political repercussions. But it hasn't happened yet.....
The truth is when the blokes with the big boots come knocking it doesn't matter, you will cough it up. (A great quote from David Mamet's character Jonas Blane in the TV series The Unit - "The one thing you don't want to be is innocent if they are going to torture you..." ).
A specific case. This experiment was already tried when Glen Greenwald's partner was manhandled for 9 hours for, "an indirect interference with press freedom but this was justified by legitimate and "very pressing" interests of national security." (original is here).
There's a whole other topic about trans-border issues, but you get the gist...
Just because you are paranoid, does not mean that are not out to get you....!
P.
-
-
-
Friday 15th August 2014 13:36 GMT Anonymous Coward
Re: Want to thwart the snoopers ?
Of course, the old stylee method was personal ads in daily newspapers.
Does anyone remember LOOT (it may still be going). I know for a fact that some of the messages in there were encrypted. Because I placed them. And got replies.
Practically impossible to crack if done right. It may still be going on. Although I would hope for the sake of the alphabet agencies, nothing comes of it. It would be so embarrassing, after all the powers they've told us they need, if it turned out the next terrorist outrage was planned this way.
-
-
-
Friday 15th August 2014 11:47 GMT John Smith 19
Quick precis.
"I don't like PGP supporting email clients"--> PGP is rubbish --> PGP should be replaced.
I don't use it so I'm a layman in this argument.
Let me suggest that a lot of people use a web based email system even when they know they shouldn't.
They want to compose an email and the whole process of encryption/log on/select addressee/send email/log off is done for them.
Do that and a lot of people start using it because it's no longer so f**king clumsy.
And of course the resulting TLA and FLA budget requests will either bankrupt the respective governments or trigger the instant development of a useable quantum computer.
Or the governments concerned could realize that most of this surveillance is being driven by a combination of politician paranoia and data fetishist lust.
-
Friday 15th August 2014 16:30 GMT phil dude
Re: Quick precis.
@John Smith 19: PGP is nowhere near as bad as this guy is making out, but I will agree there is a learning curve that could definitely be improved by some "web syntactic sugar".
In fact part of the problem is as you say the "all-in-one" , send and go.
The problem with any webmail, is you don't know what the server is doing.
I use thunderbird as my mail client, and the PGP message leaves thunderbird pre-wrapped (via Gmail or whatever).
I think seamonkey can do webmail as well using its "tabs". It is after all, part of mozilla....
But I agree, it could be made better with the existing tools. The encryption is the hard stuff, making it pretty should be easy...!
P.
-
Friday 15th August 2014 18:51 GMT Adrian Midgley 1
criticism of everything except PGP/GPG is it not?
All his criticisms do not seem to me to be of PGP, or the GnuPG implementation of it, they seem to be statements that email clients that incorporate it don't do it very well.
I'm not convinced that having it built into a complex other piece of software is entirely a good thing, but if someone is going to do that then it is them building it in, not PGP itself that is to be judged.
On the command line it is no more or less unfriendly than various other very precise programs, and the files or pasteable text that result are no harder to email than any other text file.
-
Friday 15th August 2014 19:27 GMT Anonymous Coward
Yeah, usability sucks...
Last I checked, GPG couldn't import a public key from the clipboard. You had to copy someones key, open notepad, paste it into notepad, save it somewhere, go back to GPG, select import key, navigate to where you saved the document, pick it, then delete the document to stop it cluttering up your file system.
So I agree. It sucks on the usability front. An 'import key from clipboard' option would have been no effort at all to add, especially since it already has options to encrypt/decrypt from clipboard.
-
Sunday 17th August 2014 06:51 GMT Anonymous Coward
Re: Yeah, usability sucks...
It's entirely possible that there could be a script running in a browser window that's monitoring the clipboard looking for public keys. When it sees one copied in it adds its own one in (are you going to double-check that what you pasted into PGP is exactly what you copied?)
-
-
Saturday 16th August 2014 07:23 GMT A J Stiles
It's hard for a reason
Using PGP properly is hard -- for a reason.
If you get any of the practical implementation details wrong, you can end up with a product that looks secure but isn't. Nobody wants to be selling that product.
Private keys have to be kept secret. You can't afford for there to be any way to leak a private key. Public keys aren't secret, but have to be verifiable; otherwise, you can't be sure some public key you've downloaded really belongs to that person, and not someone else who has the real public key, their own keypair and access to messages in transit and so can decrypt the message and re-encrypt it against the real public key.
By forcing you to use your own back-channel for key verification, which you can be reasonably sure is beyond the reach of a bent keyserver operator, the implementers can avoid that issue.
Unfortunately, that by definition makes it hard to use, for want of the very integration that makes for ease of use. But anything you did to make it easier to use would end up potentially compromising the security of the system -- maybe not now, but maybe in future, in some combination of circumstances that did not occur to the implementer at the time.
There are two fundamental limitations that you run into. These aren't limitations of technology, that will be solved with the right invention; they are limitations of the universe, that cannot be overcome by any amount of ingenuity.
(1) When you have several channels *in series*, the overall trustworthiness is determined by the *least* trustworthy link in the chain. But when you have several channels *in parallel*, the overall trustworthiness is determined by the *most* trustworthy among them.
(2) Anybody can build a cryptosystem that *they* can't crack. That absolutely doesn't mean *nobody* can crack it. You need rigorous mathematical proof of uncrackability.
Crypto software unavoidably has to trust the user not to do anything stupid; but if it trusts no-one else, then it's as trustworthy as the user. Making it easy for the user to do stupid things (such as exposing keys to tampering via the clipboard of an untrusted GUI, where any rogue application could read a private key or substitute a public key) potentially renders it less trustworthy.
Anything that's worth doing is going to be hard, and unfortunately the corollary is also true.
-
Thursday 21st August 2014 12:52 GMT Charles 9
Re: It's hard for a reason
So what happens when you run smack into the fence separating security and usability? Because for security to be ubiquitous, it MUST be easy to use (and by that I mean easy enough for Stu Ped to get). Yet difficulty is a necessary evil for something to be practically secure (sort like having to fish for the keys to the front door).
So basically, the security problem is looking to be intractable because you're caught between needing a system a state-level adversary can't break in a heartbeat and needing a system easy enough to be used by people who have trouble remembering what they did yesterday.
-
-
Sunday 17th August 2014 06:51 GMT Anonymous Coward
From what I can see in this story as reported, his two main problems seem to be:
a - Public keys are long. Isn't that kind of the point, otherwise they're not secure and could be vulnerable to collisions or forgery?
b - Email clients and plugins are not user friendly. This is the fault of PGP how?
I have a feeling it took me longer to type this than it did for Mr. Green to do up his rant.
-
This post has been deleted by its author
-
Monday 18th August 2014 11:25 GMT DougMac
It isn't PGP that sucks..
But key management sucks.
Normal users totally don't get it, don't want to know, and don't want to think about it.
Unfortunately, they need to know and think about key management to make it work effectively.
The actual mechanics of PGP/GPG in email client integration is fairly simple, but man, having users type a passphrase, or making sure they are using the right key is a total nightmare.
-
Thursday 21st August 2014 12:56 GMT Anonymous Coward
Re: It isn't PGP that sucks..
So, basically, security sucks. We're already past the point of no solution. The necessary level of practical security requires more effort than the average person is willing to exert. Basically, too many people in the world are too stupid to live in our world, meaning civilised behaviour is actually holding us back. Is it time to start saying, "Tough luck. Better luck next life."?
-
-
Monday 18th August 2014 11:37 GMT jb99
He is wrong
PGP has it's flaws but they are not security flaws they are usability flaws. But they can mostly be overcome. And it hs the HUGE advantage that it's actually possible to use it. The alternative he is suggesting is to redesign all the protocols completely and then get everyone to use them. Yeah, that's going to happen...
-
Thursday 21st August 2014 06:15 GMT Anonymous Coward
Green should zip it up.
Maybe medicine should die, because the average Joe can't do it. Maybe Hopkins should stick to medicine ..... they need practice, and supposedly that's what "they" do .... though they have dropped to #3. They don't even rank in customer service, unless you're a mid-East Prince.
Green is a theorist .... he offers nothing practical. He should go back to the classroom and talk to doe-eyed dreamers, of a utopian one button does it all world. I'll keep my keys.