Google adds stronger encryption for some Gmail users, in beta • The Register Forums

Monday 19th December 2022 23:53 GMT Anonymous Coward

National Security Letters

Google has to be able to comply with National Security Letters (NSL). So no true encryption for you!

When all those University's & Schools turned their email over to Google, they made it so they don't know when their students or faculty are subject to a NSL. Had they kept running their own email servers, they would.

6 0 Reply
1. Tuesday 20th December 2022 07:17 GMT Anonymous Coward
  
  Rear Entry
  
  Google's Backdoor is [statute-]bound to be very accommodating.
  
  1 0 Reply
2. Tuesday 20th December 2022 10:04 GMT sreynolds
  
  Re: National Security Letters
  
  Beggars belief that people ceded control of their email and voice to third parties many of which are their competitors.
  
  Anyhow, lets see the gmail is a browser app. The keys are most prob stored in some password based key storage file. Big deal.
  
  1 0 Reply
Monday 19th December 2022 23:53 GMT Anonymous Coward

Minor nit: CSE vs E2EE is not an either or. All forms of end-to-end encryption require client-side encryption, not all client-side encryption schemes are fully end-to-end protected. The degradation in protection here is deliberate, as having employees send encrypted messages that can't be read by the employer would be a substantial breach of compliance regulations in many industries, and probably a bad idea in all the ones not explicitly so regulated.

5 0 Reply
1. Tuesday 20th December 2022 11:59 GMT sreynolds
  
  Exactly. The whole exercise is pointless and is treating email like something that a cloud operator controls.
  
  Why is it so hard to change the SMTP standard to allow per domain keys, perhaps like SNIs for TLS is hard to understand. I mean the EHLO domain or OHLE domanname before the session is trivial and would work for most standard configs.
  
  This is what we get for selling out for free services
  
  1 1 Reply
  1. Tuesday 20th December 2022 14:19 GMT Gene Cash
    
    This is what we get for selling out for free services
    
    And why I stopped using gmail and started paying for an account. It was this very forum that finally got me off my butt to do that.
    
    0 0 Reply
Tuesday 20th December 2022 11:55 GMT Anonymous Coward

Window Dressing -- Is it paid for out of the Fort Meade budget?

Quote #1: "... customers — not the cloud provider — to retain control over encryption keys..."

Quote #2: "...clients use encryption keys that are generated and stored in a cloud-based key management service..."

More window dressing.....because:

(1) There are persistent keys stored somewhere

(2) Participants (sender and receiver) need to share information about the stored keys

...so....just how much security or privacy does this window dressing provide. Not much!!

But there is another peer-to-peer option for users:

(3) Use a Diffie/Hellman scheme and do the heavy lifting of encryption/decryption ONLY on the peer devices

(4) Do the encryption BEFORE the encrypted message enters any public channel

(5) The peers exchange D/H tokens (not keys) and these tokens tell snoops nothing about either the key or the encryption method

(6) A different randomly generated key for every message

(7) No persistent keys....the key for a message is calculated when needed by each peer....then thrown away

Summary:

(8) The heavy lifting is done only in a peer application

(9) The peer application is free to use prime numbers much bigger than 8192 bits!

(10) Randomly generated keys for every message

(11) No persistent keys

(12) Roll your own code....3000 lines of C will get it done!

(13) Health warning: Read Reference No. 2

Ref Number 1: Applied Cryptography, Bruce Schneier, Section 22.1

Ref Number 2: Cryptography Engineering, Ferguson/Schneier/Kohno, Chapter 11

0 3 Reply
1. Tuesday 20th December 2022 12:10 GMT Anonymous Coward
  
  Re: Window Dressing -- Is it paid for out of the Fort Meade budget?
  
  Dear AC: You forgot to mention that the D/H encryption/decryption should also be a multi-pass scheme, say triple encrypted. That way, even if the spooks break the third encryption pass.....they still have two more to break. I'm sure Google won't be implementing this feature any time soon!!
  
  0 0 Reply
  1. Tuesday 20th December 2022 12:41 GMT Belperite
    
    Re: Window Dressing -- Is it paid for out of the Fort Meade budget?
    
    Multipass!
    
    0 0 Reply
2. Tuesday 20th December 2022 18:30 GMT Anonymous Coward
  
  Re: Window Dressing -- Is it paid for out of the Fort Meade budget?
  
  @AC
  
  Ah......C is really hard work.......maybe you should look at using Python3 and the gmpy library.....fast and MUCH less code!!!!
  
  0 0 Reply
3. Tuesday 20th December 2022 21:00 GMT IGotOut
  
  Re: Window Dressing -- Is it paid for out of the Fort Meade budget?
  
  Now AC, manage that for 500,000 messages a day, for several thousand users, many of whom can't remember their logon password if they go home for more than a few days, all whilst being able to retrieve and store messages sent and received for several years.
  
  Sorry, I went off into the real world for a while there, my mistake.
  
  2 0 Reply
  1. Tuesday 20th December 2022 21:15 GMT Anonymous Coward
    
    Re: Window Dressing -- Is it paid for out of the Fort Meade budget?
    
    @IGotOut
    
    Who mentioned 500,000 messages a day? AC certainly did not!
    
    ......AC was saying that citizens -- groups of citizens -- might arrange for some privacy for the group. Surely a reasonable demand when otherwise folk in Cheltenham or Fort Meade are snooping on everything?
    
    What point are YOU trying to make?
    
    0 1 Reply
    1. Wednesday 21st December 2022 00:14 GMT Orv
      
      Re: Window Dressing -- Is it paid for out of the Fort Meade budget?
      
      I sort of figure that thinking I, as a private citizen, can manage to come up with encryption that will defeat a three-letter government agency is the height of hubris. (And if I did they could just rubber-hose me for the key, right?)
      
      0 0 Reply
      1. Wednesday 21st December 2022 05:34 GMT Anonymous Coward
        
        Re: Window Dressing -- Is it paid for out of the Fort Meade budget?
        
        @Orv
        
        Quote: "...rubber-hose me for the key..."
        
        Try again! In a D/H scheme there IS NO PERSISTENT KEY! Just a random, transient key for each message. In a D/H peer-to-peer application, the users never create a key, never see a key, never select a key...they just create or read a plain text message. Isn't mathematics wonderful!!
        
        1 1 Reply
4. Tuesday 20th December 2022 21:51 GMT Anonymous Coward
  
  Re: Window Dressing -- Is it paid for out of the Fort Meade budget?
  
  Of course, El Reg commentards will want to see an ACTUAL Diffie/Hellman message. This one uses a 60.000 bit prime number, so the token is a lot longer than the message. Howard Beale to Thomas Beale!! Enjoy!! Decrypt!!
  
  ====
  
  <MESSAGE>
  
  <SENDER_REF>HBEALE</SENDER_REF>
  
  <SENDER_TOKEN>3365036684924990967636964155485067452892657064412277449233566451980067029137
  
  5477743162555038781857786811301836896402183278394149679519126465075124789484
  
  1962540274750866321010289718780840929975434444110211339484547636662989613102
  
  6272886578099380061449162975745808292853195012972919667815012019573381572474
  
  6319778688021094455491760170713314346822118293171316896562131032203921626142
  
  0916419461700553174275227674413636338054330520322647017497744533945155128753
  
  5119233588535074595595068234379232475660316119234378796886503768490619000045
  
  4319801716701311440995373529442862367744586741100832718698237699658516678736
  
  7958993626775103953010292257404568170059105489066998351808210469238065619075
  
  9861332298324389437438045362401440719711136869984232070112674053185038937178
  
  4703382969500187413403716974561073736919839207223637998800755856407297223661
  
  7110396094551271315468092496560072563559103081991604381084412636375681632636
  
  5015620410898181603981512069385577398015982118581782843834221515976048873307
  
  0222018633685270580199667385195111401085224441024341106753081887743691474093
  
  1204717446966490927027555426340715883333092629980798764403249891651077929009
  
  8876982463742956375027613293191719574238015971109099013862189800929533687773
  
  6636025982941555345241444341373045673983128249228796208052455110863122576817
  
  5307925046135083639351383257250252497667309622229703911040115174629140614392
  
  1997075830713341819547129040894567050498642949081272470360884583091523520924
  
  8045196352450587716187615643800091115522714867735193138178465939731033919839
  
  1247123395251876238261135387865171744226234911447062903843505742548399357872
  
  8378556853723909376844892449715806527396751971187106873319649824279821449944
  
  7311390506038526416649791581139402349104279934844852733245608750381405208298
  
  3614280903230814300653341091680303164440618289419234482654159581006346715062
  
  1671528134790413907624262027364401979271092110091445632635307891845612089077
  
  2372482756839421785346584505254228528801609715439285236359450710304191978654
  
  3125265187554596041929966599435321104118984687832859388529338965412244819415
  
  6211402849108237128621082519895941422148045820959001690653884937610250441770
  
  1296774802362770772976643709888651468114701947962187906871563747470600049252
  
  0451223321887687774127325460222990063093800060320650641829330849321416141080
  
  5660734681028739095329462391869222076919350658783623832381897912437846434332
  
  2279330208171770296981011691658348600973001266294628510961633570039222477993
  
  4504091235867496481116664563640792130836612709018554270424862821041248319321
  
  4995532569390687879219222505976958346916608564630355371805112773639747548485
  
  1880132644627914728006554180710448239473517017289381367192692654198983226102
  
  7339384610564462790326710592300304200498423089203490102705818082253545422907
  
  3763870431271079215825197340443538065775816266801227969120941782617849976138
  
  8770233655407424030788319184593245733128097835551264096555343837222562045180
  
  5832031044939632644398558424371988467142671601782732056093967507188198357804
  
  3161851297300669793890820619439188529688642058178449031383696287125401496392
  
  6020413767381749428900754434412126760273313417224482745694724912575141054519
  
  7473410852080109400130260917440364848297089260036294326006403084017248965214
  
  6381611052942958617920600450230738019731569698917730425006241797450965835051
  
  7101675683975445689195490607882759923052056129091874220770064471914958661283
  
  3649673472582169237277852660642014532746502609104511236043517838615828884699
  
  5744196909546223213452809150311239928983162938337397872291222558669272307507
  
  9341436265259468631236969255119322869194149847398907524704875724433292239401
  
  9121197571478353903605940461715525555208061352978487607815979652191145787268
  
  6950328995335945571745979687723097806414156914235021770997528961679714004813
  
  7618596119398900022187662176565995166377438393908409067315451467692128661853
  
  1899480953509942132189806048058909083118927055319534887843833808044512581081
  
  3012093514664551283123780007625168306833881406190667033836697748583233031255
  
  1675716028819669389395202364050615268659231042662674269901807828871559507688
  
  8022701173763594062553896327932025363395391687694248119992130852755849674297
  
  8273600250603539265567026085682493356742692311281927863726477473769240282882
  
  7867933659940712936309588787535103440817503293064795155896969420847827547707
  
  4089681733030222153539427522154031172089076078854432286931762450766139647039
  
  0698788357057812318058815396010365782622404931040489223653893467512868285772
  
  3549426853707676535408525310171034962867389819981844492869820205296083623875
  
  4503726920220137426575357670533609794887676554294539138939812541052897594003
  
  9485623571345747061577161218224230150759545402677953393511696098548857192286
  
  0418191625277945394737526273677827520272313903577312044494902926036964904851
  
  4157906637444292236132297999422615180320615693358369126553766451078045897203
  
  4625804915294342420408938444140675954119557682430618507597122864445387747250
  
  7052818008685996841247865358357443555463898403621122251375563668643625395196
  
  7433972371798247187619582107283546922431087641133454515472908057852709652581
  
  9691055136808069110313554148450038678743055641375132947203442341171536802691
  
  6211856712351555315688321511809857353701604031666811735529141268111133831982
  
  1906536426488692828399107752047193697454998574776094907855010108566022811487
  
  8242403809704249255684995041908008954822294124691925448991060986360890702522
  
  4555164574759410427007356346902209194655891369214874694682582059573171715783
  
  3241771118505430663162455511824437272322185300069078185566756813646570261574
  
  0088701004098147418386108783630588753198356464011102566888631447008775843304
  
  7937030346585649813080731557396858170123927099117448739148474436303968827868
  
  7353872439492571777654462062266959179469115075180653288246652181906126610519
  
  9156150001526025563337094657731332114755175973461257296918166923877577142615
  
  0190195970324103382701996982746030124735391023592266899404435974235677830551
  
  6968673405521157451095343812330563036975732417904887503443584091914250973970
  
  5896673064939021557880784434472083464711073599708636094316668813932527134994
  
  4832013900647025058310536471060754566780859558890974597741042784510999231331
  
  3484283673578795846361221908092330712547420097150974492059494723034381681343
  
  9307990662079749716717304752683848691952501742559305759400913970008534748005
  
  2407734422737279462877957938933649764675057668700279317184044321803473577612
  
  0489610878018912034296379230553914212985317668439788343463541094082992260476
  
  7160562194667613119295010415502564256050656673774660813742144313897014538146
  
  1774729241500261033032081255530974222939091935558190786372276143768952918539
  
  0932360620159782500440609480921688746789553655685705522662832016583725311380
  
  4108992734362233642108824811678464076727966782112885392540479191227651017598
  
  9076926043334012221760494770424913951493169453817719051200702879929970073599
  
  3806631432406435758708796744672286721973990892772026605422167360144646157247
  
  5547767160547171552378014840053226694092186118383777340845624007579991092095
  
  5702851690435319933776586128910496329002237384713149044370746356344904268577
  
  6575624736271162647894431249714714139652686846756819653733767382968606410086
  
  5788653055801003488896320570428445432842174658745273269942281284875875849643
  
  9986868695110219387989344785267630574895443945474320729790653094315036457127
  
  2607804159325347049030048969687750490158159140812158854418848340029982826503
  
  3676949285427529449556937367188260717989575424252240126296125240551304141978
  
  6685267347107545870359969188876188024006245687380093899978501620646456681531
  
  0591212130089651190450263774186613915206223988475124834437196473515332649036
  
  9903168574787862299111715118219801591021424548324159802323736591393805163807
  
  6394728562918074982331962095793218794696736575476276983259069634909252407561
  
  6224699028498723229809699663844082416495898884690180407632424189238415904816
  
  8011017706183160756758564606771100000431453776306695173839360061014449685998
  
  7060075296930177819862352047434861669441136117191219335952375929916761538530
  
  6780246731795792616329932253333564861529071494775813285309013603079780081704
  
  2684262621485409751093020570028811017953851677109942046190939751421400532339
  
  3239971327056226995050061996880407882444511128187685402259011775947585666647
  
  4561020168338537992837294647868498987109087254103290048914695868956464730896
  
  6259025815217877945013258683779544802394984135615398657194470257980330430438
  
  2289090751806848266278581498066925160786038762585210339272774489056065240259
  
  9</SENDER_TOKEN>
  
  <RECIPIENT_REF>TBEALE</RECIPIENT_REF>
  
  <TEXT>VxQCG4lj8+LxJV0wuLCnKgziIkOLutwamfdkg6xlKQa3cQ7yX8eTJFTWnh7g67un57P297n7PsG4
  
  2CVad+pIB/4e9YjLPawqvYDh7iqx5TJ6wvIOF9+CEGlifAL/ttxNgZRO0aGb+COmOuQlsT/GjAxX
  
  FfCiP9kqjg3rVpaAisBdLGcervNs9NODF/AJF8udmAxJiD8S+UQiP5w0ir6EXDuKBfBX6iaENaOm
  
  ik3PB8+xcZYF2MEmy79ehYmmzMkwpkqOxSEYaySFwvy7Z5bXsb3TuKgaDJpsuKnG9SW67DThn95u
  
  lP93W7Pw0Mwhzj2sMg9ToIqjDqXWEnkgpNJxLkuvoVq1+dE4FCEgqjtsfa6o8FSU8hTHA+ald5iw
  
  M1RmfCMAdSi+xLqh7rqYBmHzN1s0/QR0OIQDLCF9t+/BKWZB0BfOxZc4
  
  </TEXT>
  
  </MESSAGE>
  
  ====
  
  0 3 Reply
  1. Thursday 22nd December 2022 21:46 GMT druck
    
    Re: Window Dressing -- Is it paid for out of the Fort Meade budget?
    
    I think its time for a ban for anyone posting large amounts of supposed cypher text in response to any article mentioning encryption - a double ban for anyone not even using HTML tags to stop it coming out double spaced.
    
    2 0 Reply
Friday 30th December 2022 18:52 GMT PapaPepe

OpenPGP

As far as I was able to find out, Proton is the only web-mail service that is fully interoperable with OpenPGP {https://www.openpgp.org/). (It does not implement W-O-T, but so does not - for instance - Thunderbird native OpenPGP).

Can somebody please correct me if I failed to identify another service?

Implementing "E2E mail encryption" only for the traffic between users of the same web-mail service vendor is pointless, even if done "lege artis" - which this is far from.

0 0 Reply
Tuesday 3rd January 2023 17:51 GMT Mike 16

End to End

Nice thought, but pretty much every communications device available to "common folk" is not all that trustworthy.

If the "client" lives in a smartphone, the already built-in capability to snoop the keyboard and display mean the "ends" are basically "Somebody Else's Computer"

True end to end would be my fingers to your eyes or my mouth to your ears (or vice versa) Not between two bits of software controlled by the developer, manufacturer, network provider, various government agencies, random criminals with "friends" in any of the above, etc. etc.

Of course, very few are likely to be willing to procure and manage a device less likely to be suborned. Available bandwidth for streaming is _far_ more important than staying solvent and out of the Gulag. :-)

Good chance that being found in possession of such a device is a quick ticket to that gulag.

0 0 Reply