Mailing List Archive

Essay on PGP as it is used today
More than a bit critical, but a good read all the same.  Found on HN. 

https://latacora.micro.blog/2019/07/16/the-pgp-problem.html

HN comment thread here:  https://news.ycombinator.com/item?id=20455780

-Ryan McGinnis
https://bigstormpicture.com
PGP: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD
Sent with ProtonMail
Re: Essay on PGP as it is used today [ In reply to ]
> More than a bit critical, but a good read all the same.  Found on HN.

Although I largely share in the criticisms, I think the author made a
couple of serious mistakes.

First, RFC4880bis06 (the latest version) does a pretty good job of
bringing the crypto angle to a more modern level. There's a massive
installed base of clients that aren't aware of bis06, and if you have to
interoperate with them you're kind of screwed: but there's also
absolutely nothing prohibiting you from saying "I'm going to only
implement a subset of bis06, the good modern subset, and if you need
older stuff then I'm just not going to comply." Sequoia is more or less
taking this route -- more power to them.

Second, the author makes a couple of mistakes about the default ciphers.
GnuPG has defaulted to AES for many years now: CAST5 is supported for
legacy reasons (and I'd like to see it dropped entirely: see above, etc.).

Third, a couple of times the author conflates what the OpenPGP spec
requires with what it permits, and with how GnuPG implements it.
Cleaner delineation would've made the criticisms better, I think.

But all in all? It's a good criticism.
Re: Essay on PGP as it is used today [ In reply to ]
On 17 Jul 2019, at 05:05, Robert J. Hansen <rjh@sixdemonbag.org> wrote:

> But all in all? It's a good criticism.

Indeed. Backwards compatibility with the 1990s is an albatross. Anyone still using obsolete ciphers is screwed anyway, so why encourage it?

Some nitpicking:

* Modern PGP does encrypt subjects (although not other metadata).

* Magic wormhole is an excellent toy, but it’s written in python, so literally the *first person* I tested it with got his dependency stack shredded. I think he’s forgiven me but he hasn’t used it since. The line about rewriting wormhole in a decent language may look throwaway but it’s not.

* Similarly, the alternative archiving software suggested is still a work in progress. It’s all very well criticising PGP for being a clumsy jack of all trades, but “modern crypto” has had twenty years to replace it and still hasn’t fully succeeded. This isn’t just on PGP.

* And finally: “don’t encrypt email”? Yes, well. Email is not going away. Just like passwords, its death has been long anticipated, yet never arrives. So what do we do in the meantime?

But yes.

A

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Essay on PGP as it is used today [ In reply to ]
Andrew Gallagher wrote:

> * And finally: “don’t encrypt email”? Yes, well. Email is not going away.
> Just like passwords, its death has been long anticipated, yet never arrives.
> So what do we do in the meantime?

I think the biggest problems is how can PGP or GnuPG users tell other users,
not familar with email encyrption yet, what else to use ...

PGP / GnuPG users are pretty biased IMHO when it comes to email encryption
and probably don't accept other and more modern solutions, which they could
recommend. All those recent or older articles speak about non-email solutions.

I for myself solved that problem with friends and now look for an additional
solution to create offline S/MIME compatible messages, which then can easily
been read by various MUAS. If someone has an idea I am all ears. I don't
care about Efail, because I have not heard in practice that Mallory attacked
already lot's of S/MIME users.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Essay on PGP as it is used today [ In reply to ]
> - And finally: “don’t encrypt email”? Yes, well. Email is not going away. Just like passwords, its death has been long anticipated, yet never arrives. So what do we do in the meantime?

I think what the author is saying is stop trying to ever think of email as a secure form of communications, no matter what you layer on top of it, full stop. Which given how email encrpytion options have performed over the past couple decades, makes sense to me.


You might say that PGP over email is better than nothing over email, but is it? If you expect a non-secure channel and don't disclose secure information, that's one thing -- but if you expect a secure channel and send private information and through user error or clunky software implementation you end up sending cleartext, you're worse off than if you'd just assumed a non-secure channel. Email has a habit of having this happen. It's actually quite easy to mess up and send cleartext.


IF there were no other options, then maybe it'd be worth rolling the dice. But there are quite a few extremely capable free solutions out there that will establish a secure channel of communications with relative ease.


Frankly, the only way you'll ever get secure comms over email is if the big boys (Microsoft, the Goog, and to a lesser extent Yahoo and grandpa^H^H^H^H^H^H^H AOL decice to shake hands and come up with a standard and force it down all other provider's throat. Either that or roll their own secure (though not E2E since it relies on TLS) modes like Outlook 365 and Google/GSuite do and give users an option to send messages that force TLS by making the recepient go to a https email viewing page if you access the message from any outside provider.


-Ryan McGinnis
https://bigstormpicture.com
PGP: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD
Sent with ProtonMail

??????? Original Message ???????
On Wednesday, July 17, 2019 1:52 AM, Andrew Gallagher <andrewg@andrewg.com> wrote:

> On 17 Jul 2019, at 05:05, Robert J. Hansen rjh@sixdemonbag.org wrote:
>

> > But all in all? It's a good criticism.
>

> Indeed. Backwards compatibility with the 1990s is an albatross. Anyone still using obsolete ciphers is screwed anyway, so why encourage it?
>

> Some nitpicking:
>

> - Modern PGP does encrypt subjects (although not other metadata).
> - Magic wormhole is an excellent toy, but it’s written in python, so literally the first person I tested it with got his dependency stack shredded. I think he’s forgiven me but he hasn’t used it since. The line about rewriting wormhole in a decent language may look throwaway but it’s not.
> - Similarly, the alternative archiving software suggested is still a work in progress. It’s all very well criticising PGP for being a clumsy jack of all trades, but “modern crypto” has had twenty years to replace it and still hasn’t fully succeeded. This isn’t just on PGP.
> - And finally: “don’t encrypt email”? Yes, well. Email is not going away. Just like passwords, its death has been long anticipated, yet never arrives. So what do we do in the meantime?
>

> But yes.
>

> A
>

>

> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Essay on PGP as it is used today [ In reply to ]
Stefan Claas via Gnupg-users wrote:

> Andrew Gallagher wrote:
>
> > * And finally: “don’t encrypt email”? Yes, well. Email is not going away.
> > Just like passwords, its death has been long anticipated, yet never arrives.
> > So what do we do in the meantime?
>
> I think the biggest problems is how can PGP or GnuPG users tell other users,
> not familar with email encyrption yet, what else to use ...

At work, when a client insists on email, and I (or the law)
insist on encryption, I provide them with instructions for
installing 7-zip and send them an AES-256 encrypted zip or 7z
file as an attachment. It's the simplest thing I could think
of that I thought most people could cope with.


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Essay on PGP as it is used today [ In reply to ]
Is that to send them a message or an attachment?

You might look into Firefox Send -- not sure if this satisfies the legal requirements, but it is very robust end to end encryption. https://send.firefox.com/


-Ryan McGinnis
https://bigstormpicture.com
PGP: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD
Sent with ProtonMail

??????? Original Message ???????
On Wednesday, July 17, 2019 9:13 PM, raf via Gnupg-users <gnupg-users@gnupg.org> wrote:

> Stefan Claas via Gnupg-users wrote:
>

> > Andrew Gallagher wrote:
> >

> > > - And finally: “don’t encrypt email”? Yes, well. Email is not going away.
> > > Just like passwords, its death has been long anticipated, yet never arrives.
> > > So what do we do in the meantime?
> > >

> >

> > I think the biggest problems is how can PGP or GnuPG users tell other users,
> > not familar with email encyrption yet, what else to use ...
>

> At work, when a client insists on email, and I (or the law)
> insist on encryption, I provide them with instructions for
> installing 7-zip and send them an AES-256 encrypted zip or 7z
> file as an attachment. It's the simplest thing I could think
> of that I thought most people could cope with.
>

> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Essay on PGP as it is used today [ In reply to ]
On 07/17/2019 07:47 PM, Ryan McGinnis via Gnupg-users wrote:
> Is that to send them a message or an attachment?
>
> You might look into Firefox Send -- not sure if this satisfies the legal requirements, but it is very robust end to end encryption. https://send.firefox.com/

I also like Firefox Send. But being suspicious, I typically encrypt with
GnuPG first.

When I need to share stuff among GUI-less VPS, with no Javascript
capable browser, I sometimes use pastebins. I encrypt with GnuPG, and
then base64 encode.


> -Ryan McGinnis
> https://bigstormpicture.com
> PGP: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD
> Sent with ProtonMail
>
> ??????? Original Message ???????
> On Wednesday, July 17, 2019 9:13 PM, raf via Gnupg-users <gnupg-users@gnupg.org> wrote:
>
>> Stefan Claas via Gnupg-users wrote:
>>
>
>>> Andrew Gallagher wrote:
>>>
>
>>>> - And finally: “don’t encrypt email”? Yes, well. Email is not going away.
>>>> Just like passwords, its death has been long anticipated, yet never arrives.
>>>> So what do we do in the meantime?
>>>>
>
>>>
>
>>> I think the biggest problems is how can PGP or GnuPG users tell other users,
>>> not familar with email encyrption yet, what else to use ...
>>
>
>> At work, when a client insists on email, and I (or the law)
>> insist on encryption, I provide them with instructions for
>> installing 7-zip and send them an AES-256 encrypted zip or 7z
>> file as an attachment. It's the simplest thing I could think
>> of that I thought most people could cope with.
>>
>
>> Gnupg-users mailing list
>> Gnupg-users@gnupg.org
>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Essay on PGP as it is used today [ In reply to ]
On 18/07/2019 05:40, Mirimir via Gnupg-users wrote:
> When I need to share stuff among GUI-less VPS, with no Javascript
> capable browser, I sometimes use pastebins. I encrypt with GnuPG, and
> then base64 encode.

I love pastebins. I think they are an excellent "first serious web app"
type of application.

In fact, I've been collecting a list of all (mostly open source) paste
bins that I can find, and their implementations.

If anybody knows any pastebins of the tops of their heads, please could
you send them to me, off-list if you prefer. When the list goes online
I will credit anybody who contributed (unless they don't want me to).

Andrew
--
OpenPGP key: EB28 0338 28B7 19DA DAB0 B193 D21D 996E 883B E5B9

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Essay on PGP as it is used today [ In reply to ]
On 07/18/2019 04:21 AM, U'll Be King of the Stars wrote:
> On 18/07/2019 05:40, Mirimir via Gnupg-users wrote:
>> When I need to share stuff among GUI-less VPS, with no Javascript
>> capable browser, I sometimes use pastebins. I encrypt with GnuPG, and
>> then base64 encode.
>
> I love pastebins.  I think they are an excellent "first serious web app"
> type of application.
>
> In fact, I've been collecting a list of all (mostly open source) paste
> bins that I can find, and their implementations.
>
> If anybody knows any pastebins of the tops of their heads, please could
> you send them to me, off-list if you prefer.  When the list goes online
> I will credit anybody who contributed (unless they don't want me to).
>
> Andrew

I presume that you know ZeroBin.[0] There's at least one Tor onion
implementation.[1] I just got that via DDG, and haven't verified any of
the onion URLs.

0) https://github.com/sebsauvage/ZeroBin is
1) https://deepweblinks.net/pastebin/

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Essay on PGP as it is used today [ In reply to ]
raf via Gnupg-users wrote:

> Stefan Claas via Gnupg-users wrote:
>
> > Andrew Gallagher wrote:
> >
> > > * And finally: “don’t encrypt email”? Yes, well. Email is not going away.
> > > Just like passwords, its death has been long anticipated, yet never
> > > arrives. So what do we do in the meantime?
> >
> > I think the biggest problems is how can PGP or GnuPG users tell other users,
> > not familar with email encyrption yet, what else to use ...
>
> At work, when a client insists on email, and I (or the law)
> insist on encryption, I provide them with instructions for
> installing 7-zip and send them an AES-256 encrypted zip or 7z
> file as an attachment. It's the simplest thing I could think
> of that I thought most people could cope with.

That is simple, indeed. But how do you exchange passphrases for
the encrypted files in advance and do you switch them regularly
or leave them the same when dealing with many clients?

I solved this with using NaCl public keys, bearing no infos of
the key owners and having a little key ring, where I only assign
nicknames to the pub keys. The software I use is box

https://github.com/rovaughn/box

in combination with a base91 encoder / decoder, for ASCII armor,
when sending encrypted emails.

Before that I also experimented with other tools, like dhbitty,
MiniLock and Pretty Curved Privacy etc. but for me they all had
some disadvantages compared to box.

Regards
Stefan


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Essay on PGP as it is used today [ In reply to ]
On 2019-07-18 at 12:13 +1000, raf wrote:
> At work, when a client insists on email, and I (or the law)
> insist on encryption, I provide them with instructions for
> installing 7-zip and send them an AES-256 encrypted zip or 7z
> file as an attachment. It's the simplest thing I could think
> of that I thought most people could cope with.

Encrypted zip files have several factors that make it a beautiful
solution for sending encrypted messages to occasional users that don't
care much about it:

a) zip is a file format supported out-of-the-box by pretty much every
system, and that users are comfortable with. Whereas you would be seen
as a weirdo if you sent them a .gpg or other new file that needed a
special program, you would likely be asked to just sent it
"normally" (ie. unencrypted).

b) The format itself supports secure encryption (aes128/256).

c) If their client doesn't support AES-Encryption, their client will
show that *their program* can't cope with it. This places the onus on
the receiver (their zip decompresser isn't "new enough"), rather than
the sender (see a).


Nevertheless, it has a number of potential problems:

* As pointed out by Stefan Claas, you need to exchange the encryption
keys. The zip file is just an encryption primitive, so key distribution
may become a problem.

(raf, may I ask how you are dealing with it? As they are clients, are
you providing a set of keys in advance when personally visiting them?
Are you providing the key for the new message?)

* 7-Zip before 19.00 use a bad PRNG to fill a half-size IV
https://threadreaderapp.com/thread/1087848040583626753.html

* A naive user trying to reply would easily end up using PKWARE
encryption (and reusing the password)


Kind regards



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Essay on PGP as it is used today [ In reply to ]
Stefan Claas via Gnupg-users wrote:

> raf via Gnupg-users wrote:
>
> > Stefan Claas via Gnupg-users wrote:
> >
> > > Andrew Gallagher wrote:
> > >
> > > > * And finally: “don’t encrypt email”? Yes, well. Email is not going
> > > > away. Just like passwords, its death has been long anticipated, yet
> > > > never arrives. So what do we do in the meantime?
> > >
> > > I think the biggest problems is how can PGP or GnuPG users tell other
> > > users, not familar with email encyrption yet, what else to use ...
> >
> > At work, when a client insists on email, and I (or the law)
> > insist on encryption, I provide them with instructions for
> > installing 7-zip and send them an AES-256 encrypted zip or 7z
> > file as an attachment. It's the simplest thing I could think
> > of that I thought most people could cope with.
>
> That is simple, indeed. But how do you exchange passphrases for
> the encrypted files in advance and do you switch them regularly
> or leave them the same when dealing with many clients?
>
> I solved this with using NaCl public keys, bearing no infos of
> the key owners and having a little key ring, where I only assign
> nicknames to the pub keys. The software I use is box
>
> https://github.com/rovaughn/box

Windows users who are interested to try out box can find a GUI
based solution, from inwtx, at github.

https://github.com/inwtx/NaClBoxEncryption
https://github.com/inwtx/NaClBoxEncryption/releases

It uses base64 as armor and the armor headers can be set to 'off'.

Regards
Stefan




_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Essay on PGP as it is used today [ In reply to ]
Stefan Claas wrote:

> raf via Gnupg-users wrote:
>
> > Stefan Claas via Gnupg-users wrote:
> >
> > > Andrew Gallagher wrote:
> > >
> > > > * And finally: “don’t encrypt email”? Yes, well. Email is not going away.
> > > > Just like passwords, its death has been long anticipated, yet never
> > > > arrives. So what do we do in the meantime?
> > >
> > > I think the biggest problems is how can PGP or GnuPG users tell other users,
> > > not familar with email encyrption yet, what else to use ...
> >
> > At work, when a client insists on email, and I (or the law)
> > insist on encryption, I provide them with instructions for
> > installing 7-zip and send them an AES-256 encrypted zip or 7z
> > file as an attachment. It's the simplest thing I could think
> > of that I thought most people could cope with.
>
> That is simple, indeed. But how do you exchange passphrases for
> the encrypted files in advance and do you switch them regularly
> or leave them the same when dealing with many clients?

Passwords are conveyed to clients over the phone and each client
has their own. If it were entirely automated and in heavy use, a
password would be generated for each file and sent via SMS to the
recipient.

> I solved this with using NaCl public keys, bearing no infos of
> the key owners and having a little key ring, where I only assign
> nicknames to the pub keys. The software I use is box
>
> https://github.com/rovaughn/box
>
> in combination with a base91 encoder / decoder, for ASCII armor,
> when sending encrypted emails.
>
> Before that I also experimented with other tools, like dhbitty,
> MiniLock and Pretty Curved Privacy etc. but for me they all had
> some disadvantages compared to box.
>
> Regards
> Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Essay on PGP as it is used today [ In reply to ]
?ngel wrote:

> On 2019-07-18 at 12:13 +1000, raf wrote:
> > At work, when a client insists on email, and I (or the law)
> > insist on encryption, I provide them with instructions for
> > installing 7-zip and send them an AES-256 encrypted zip or 7z
> > file as an attachment. It's the simplest thing I could think
> > of that I thought most people could cope with.
>
> Encrypted zip files have several factors that make it a beautiful
> solution for sending encrypted messages to occasional users that don't
> care much about it:
>
> a) zip is a file format supported out-of-the-box by pretty much every
> system, and that users are comfortable with. Whereas you would be seen
> as a weirdo if you sent them a .gpg or other new file that needed a
> special program, you would likely be asked to just sent it
> "normally" (ie. unencrypted).

> b) The format itself supports secure encryption (aes128/256).

Unfortunately, that's not entirely true. The zip format
that is supported out of the box by Windows doesn't
support AES-256. The impression I get is that it's v2
of the format which only supports broken zip password
protection. Zip v5 format is needed for AES-256 and
Windows Explorer doesn't seem to suppoort that. The
recipient must either have 7-Zip (which is free) or
Winzip (which costs money). I find it hard to believe
that the new format isn't supported everywhere but it
isn't. Even the command line tool unzip only supports
the ancient zip format when encryption is used.

> c) If their client doesn't support AES-Encryption, their client will
> show that *their program* can't cope with it. This places the onus on
> the receiver (their zip decompresser isn't "new enough"), rather than
> the sender (see a).
>
> Nevertheless, it has a number of potential problems:
>
> * As pointed out by Stefan Claas, you need to exchange the encryption
> keys. The zip file is just an encryption primitive, so key distribution
> may become a problem.
>
> (raf, may I ask how you are dealing with it? As they are clients, are
> you providing a set of keys in advance when personally visiting them?
> Are you providing the key for the new message?)

Verbally over the phone (but I think SMS would be OK).

> * 7-Zip before 19.00 use a bad PRNG to fill a half-size IV
> https://threadreaderapp.com/thread/1087848040583626753.html

Luckily we use v19.00 for encrypting (but my macports
version is only v16.02).

> * A naive user trying to reply would easily end up using PKWARE
> encryption (and reusing the password)

True. In that case, I'd recommend that they create a
.7z file rather than a .zip file. The .7z format only
seems to support AES-256. The .zip format supports both
AES-256 and PKWARE password protection but it defaults
to PKWARE protection (in the 7-Zip GUI).

> Kind regards

cheers,
raf


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Essay on PGP as it is used today [ In reply to ]
Hey Ryan thanks for posting... and this response is not a poke at you, so dont take it personally!

but ... groan... honestly who the fck are "latacora", and all the others who sprout shite they read somewhere and regurgitate elsewhere...
Yeah I have been seeing posts like this pop up and with variations of content. Today everyone is cool kid security consultant, it's a badge of upper crust 007 techno ability.
Show me actual facts and figures, opinions are not fact.
Like anything worthwhile, sometimes you need to study and actually apply a bit of effort to do something properly.
GPG is no different... The "instant gratification" and simple systems don't enforce good security workflows. Just because Uncle Bob likes and says you should use signal/whatsapp etc etc and shouldn't use whatever, doesn't mean you should follow.
If folks like Bruce Schneier suddenly popped up and said "we have a problem" and dumped his PK, I may take notice... Then again that's my opinion, why should you believe me :)
Cheers
Craig

________________________________
From: Gnupg-users <gnupg-users-bounces@gnupg.org> on behalf of Ryan McGinnis via Gnupg-users <gnupg-users@gnupg.org>
Sent: 17 July 2019 15:28
To: Konstantin Boyandin via Gnupg-users <gnupg-users@gnupg.org>
Subject: Essay on PGP as it is used today

More than a bit critical, but a good read all the same. Found on HN.

https://latacora.micro.blog/2019/07/16/the-pgp-problem.html

HN comment thread here: https://news.ycombinator.com/item?id=20455780


-Ryan McGinnis
https://bigstormpicture.com
PGP: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD
Sent with ProtonMail
Re: Essay on PGP as it is used today [ In reply to ]
From Elwin in Lloydminster, Alberta, Canada (visiting family)
July 22, 2019
Ryan & gnupg-users,
Concerning "Essay on PGP as it is used today"

When I went to the link it said it said,
"The PGP Problem"
I searched and determined the author is unknown from from what I could
see.
The Essay suggested a number of alternatives for private messaging.
The firstwas Signal. I downloaded it to my phone. Then the thought
came to me, "howsecure is signal? I looked for a short time and found
this:
Signal Desktop Leaves Message Decryption Key in Plain Sight
https://www.bleepingcomputer.com/news/security/signal-desktop-leaves-message-decryption-key-in-plain-sight/

Why would the nameless author of this essay suggest people use Signal
when anyone given access to a computer be able to just go into
unprotected directories
and get the key to signal and open all past messages sent. Governments
must
love this feature.
The fact that the author can not be questioned because there is no way
to contact him/her
is the first big clue someone is trying to crash the faith people have
in PGP or GnuPG. This
has happened before to me.

I went to an EFF (Electronic Frontier Foundation) meeting and a big
and tall guy came to
me and told me that he had a way of Breaking PGP and told me he had
been working on a
database program that made this possible and spouted off terms I had
never heard before.
I turned around for a second or few and turned back and he was gone. I
searched the room
with my eyes and couldn't find him. I went to the outside door and
looked up and down the
street to no avail. I went to the Intersection and looked around -
nothing. I went back inside,
and I couldn't find him. I had questions.
Doubts flooded my mind. I went and looked at the fundamentals. The PGP
I am interested in
is the PGP based on RSA because it cannot be broken using a very large
Prime number
set that are multiplied together and assuming these numbers are in a
supply in the quadrillions
times quadrillions. I have had a hobby of codes and ciphers and have
around 200 books on what
most common people would consider the ways to write things they cannot
understand or even
see. I was a subway train operator and Railroad brakeman for over 41
years then retired but
am not a math wiz. If you had a multi processor computer like at
Laurence Livermore National
Labs that can independently parallel process millions of possibilities
a second how long would
it take to break one PGP RSA encoded/enciphered message. So if there
are certain prime
numbers that do not qualify to be used, how many numbers are left? So
you have one qualifying
very large prime.

You go to a list of other very large prime numbers and separately use
each number with your
first chosen very large prime number to make a key and test that key
against the message with
the unknown key. If nothing on the List pans out you choose the next
very large prime number
and reuse the very large prime number list. How many numbers make up
the very large prime
number list?
Elwin

Sent using Hushmail

On 7/16/2019 at 9:31 PM, "Ryan McGinnis via Gnupg-users" wrote:More
than a bit critical, but a good read all the same. Found on HN.
https://latacora.micro.blog/2019/07/16/the-pgp-problem.html

HN comment thread here: https://news.ycombinator.com/item?id=20455780
-Ryan McGinnis
https://bigstormpicture.com
PGP: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD
Sent with ProtonMail
Re: Essay on PGP as it is used today [ In reply to ]
On 22.07.2019 11:26, Procopius via Gnupg-users wrote:
>
> I searched and determined the author is unknown from from what I could see.

The author is Thomas H. Ptacek, here's contact info:

https://news.ycombinator.com/user?id=tptacek

FWIW he's known for criticizing crypto that he thinks is unnecessarily
complex, such as PGP and DNSSEC. If you want you can browse through his
comments to see that the article is mostly a comprehensive collection of
his thoughts.

Kind regards,
Wiktor

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Essay on PGP as it is used today [ In reply to ]
> I went to an EFF (Electronic Frontier Foundation) meeting and a big
> and tall guy came to me and told me that he had a way of Breaking PGP
> and told me he had been working on a database program that made this
> possible and spouted off terms I had never heard before.

Yeah, these conspiracy theorists always show up.

> I went back inside, and I couldn't find him. I had questions.

You're in the right place.

Mathematicians have come up with different ways to estimate how many
primes there were under a certain value -- what we call the prime
counting function, or "?(x)" in mathematicalese. There are lots of ways
to do it, but they all give answers very close to each other: these are
estimates, not precise numbers.

The first estimate for ?(x) was "x divided by the natural logarithm of x".

Let x be 100. The natural log of 100 is about 4.6. 100 divided by 4.6
is about 22. Thus, we expect there to be about 22 primes under 100.
There are in fact 25 -- so while this method isn't perfect it's
definitely enough to get us in the neighborhood.

If we do that same equation for a 2048-bit key, it turns out there are
10 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
000 000 000 000 000 000 000 different prime numbers that could go into it.

Google's total data storage is about 10 exabytes. In 10 exabytes you
could store about 40 000 000 000 000 000 prime numbers.

There's just no way anyone on earth has a list of prime numbers that
they're trying one after another. Not only isn't there enough hard
drive space, but the hard drives required would literally be bigger than
the entire Milky Way galaxy!

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Essay on PGP as it is used today [ In reply to ]
On Mon, 22 Jul 2019 07:07:32 -0400, Robert J. Hansen stated:
>> I went to an EFF (Electronic Frontier Foundation) meeting and a big
>> and tall guy came to me and told me that he had a way of Breaking PGP
>> and told me he had been working on a database program that made this
>> possible and spouted off terms I had never heard before.
>
>Yeah, these conspiracy theorists always show up.
>
>> I went back inside, and I couldn't find him. I had questions.
>
>You're in the right place.
>
>Mathematicians have come up with different ways to estimate how many
>primes there were under a certain value -- what we call the prime
>counting function, or "?(x)" in mathematicalese. There are lots of
>ways to do it, but they all give answers very close to each other:
>these are estimates, not precise numbers.
>
>The first estimate for ?(x) was "x divided by the natural logarithm of
>x".
>
>Let x be 100. The natural log of 100 is about 4.6. 100 divided by 4.6
>is about 22. Thus, we expect there to be about 22 primes under 100.
>There are in fact 25 -- so while this method isn't perfect it's
>definitely enough to get us in the neighborhood.
>
>If we do that same equation for a 2048-bit key, it turns out there are
>10 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
>000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
>000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
>000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
>000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
>000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
>000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
>000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
>000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
>000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
>000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
>000 000 000 000 000 000 000 different prime numbers that could go into
>it.
>
>Google's total data storage is about 10 exabytes. In 10 exabytes you
>could store about 40 000 000 000 000 000 prime numbers.
>
>There's just no way anyone on earth has a list of prime numbers that
>they're trying one after another. Not only isn't there enough hard
>drive space, but the hard drives required would literally be bigger
>than the entire Milky Way galaxy!

I am not sure about that. If a good data compression algorithm was
employed, they might be able to save the space of a solar system or two.

--
Jerry
Re: Essay on PGP as it is used today [ In reply to ]
Jerry wrote:

> On Mon, 22 Jul 2019 07:07:32 -0400, Robert J. Hansen stated:
> >> I went to an EFF (Electronic Frontier Foundation) meeting and a big
> >> and tall guy came to me and told me that he had a way of Breaking PGP
> >> and told me he had been working on a database program that made this
> >> possible and spouted off terms I had never heard before.
> >
> >Yeah, these conspiracy theorists always show up.
> >
> >> I went back inside, and I couldn't find him. I had questions.
> >
> >You're in the right place.
> >
> >Mathematicians have come up with different ways to estimate how many
> >primes there were under a certain value -- what we call the prime
> >counting function, or "?(x)" in mathematicalese. There are lots of
> >ways to do it, but they all give answers very close to each other:
> >these are estimates, not precise numbers.
> >
> >The first estimate for ?(x) was "x divided by the natural logarithm of
> >x".
> >
> >Let x be 100. The natural log of 100 is about 4.6. 100 divided by 4.6
> >is about 22. Thus, we expect there to be about 22 primes under 100.
> >There are in fact 25 -- so while this method isn't perfect it's
> >definitely enough to get us in the neighborhood.
> >
> >If we do that same equation for a 2048-bit key, it turns out there are
> >10 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
> >000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
> >000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
> >000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
> >000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
> >000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
> >000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
> >000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
> >000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
> >000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
> >000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000
> >000 000 000 000 000 000 000 different prime numbers that could go into
> >it.
> >
> >Google's total data storage is about 10 exabytes. In 10 exabytes you
> >could store about 40 000 000 000 000 000 prime numbers.
> >
> >There's just no way anyone on earth has a list of prime numbers that
> >they're trying one after another. Not only isn't there enough hard
> >drive space, but the hard drives required would literally be bigger
> >than the entire Milky Way galaxy!
>
> I am not sure about that. If a good data compression algorithm was
> employed, they might be able to save the space of a solar system or two.
>

<https://www.quora.com/Hypothetically-if-a-group-of-hackers-had-a-sorted-list-of-all-the-primes-all-the-way-up-to-the-largest-prime-could-they-break-any-RSA-encryption-Assuming-that-the-primes-any-RSA-encryption-uses-are-both-in-the-list>

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Essay on PGP as it is used today [ In reply to ]
https://www.schneier.com/blog/archives/2018/05/details_on_a_ne.html"]https://www.schneier.com/blog/archives/2018/05/details_on_a_ne.html

“ 3. Why is anyone using encrypted e-mail anymore, anyway? Reliably and easily encrypting e-mail is an insurmountably hard problem for reasons having nothing to do with today's announcement. If you need to communicate securely, use Signal. If having Signal on your phone will arouse suspicion, use WhatsApp.”

-Ryan McGinnis
https://bigstormpicture.com
PGP: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD
Sent with ProtonMail


Sent from ProtonMail Mobile

On Mon, Jul 22, 2019 at 03:28, Craig T via Gnupg-users <gnupg-users@gnupg.org> wrote:
Hey Ryan thanks for posting... and this response is not a poke at you, so dont take it personally!

but ... groan... honestly who the fck are "latacora", and all the others who sprout shite they read somewhere and regurgitate elsewhere...
Yeah I have been seeing posts like this pop up and with variations of content. Today everyone is cool kid security consultant, it's a badge of upper crust 007 techno ability.
Show me actual facts and figures, opinions are not fact.
Like anything worthwhile, sometimes you need to study and actually apply a bit of effort to do something properly.
GPG is no different... The "instant gratification" and simple systems don't enforce good security workflows. Just because Uncle Bob likes and says you should use signal/whatsapp etc etc and shouldn't use whatever, doesn't mean you should follow.
If folks like Bruce Schneier suddenly popped up and said "we have a problem" and dumped his PK, I may take notice... Then again that's my opinion, why should you believe me :) Cheers Craig


From: Gnupg-users <gnupg-users-bounces@gnupg.org> on behalf of Ryan McGinnis via Gnupg-users <gnupg-users@gnupg.org>
Sent: 17 July 2019 15:28
To: Konstantin Boyandin via Gnupg-users <gnupg-users@gnupg.org>
Subject: Essay on PGP as it is used today
More than a bit critical, but a good read all the same. Found on HN.
https://latacora.micro.blog/2019/07/16/the-pgp-problem.html"]https://latacora.micro.blog/2019/07/16/the-pgp-problem.html

HN comment thread here: https://news.ycombinator.com/item?id=20455780"]https://news.ycombinator.com/item?id=20455780


-Ryan McGinnis
https://bigstormpicture.com
PGP: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD
Sent with ProtonMail


Re: Essay on PGP as it is used today [ In reply to ]
On Mon, Jul 22, 2019 at 03:46:18PM +0000, Ryan McGinnis via Gnupg-users wrote:
> [1]https://www.schneier.com/blog/archives/2018/05/details_on_a_ne.html
>
> ? 3. Why is anyone using encrypted e-mail anymore, anyway? Reliably and
> easily encrypting e-mail is an insurmountably hard problem for reasons
> having nothing to do with today's announcement. If you need to
> communicate securely, use Signal. If having Signal on your phone will
> arouse suspicion, use WhatsApp.?

Depends on your threat model. For mine, reliably and easily
encrypting email is almost absurdly simple:

1) Use PGP
2) Don't send secrets to people I don't trust to keep them.

Anyway, 99% of my PGP use is for the opposite of secrecy: I sign my
emails so that (if you care enough to install PGP) you can be highly
assured that they're from me.

--
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu
Re: Essay on PGP as it is used today [ In reply to ]
I’m not so sure that it does. I think that’s the point security researchers like Schneier have been trying to make: it is easy for all people — from grandparents who still think they need AOL to chipheads who can install Arch without watching a YouTube tutorial — to screw up encrypted email in a way that exposes the cleartext. Encrypted email is fundamentally unsafe as it currently exists. It’s really hard to screw up some of the new E2E encrypted messengers. Sure, if your method for secure communications is dropping stego’d memes with encrypted payloads on imgur, then simple tools like Signal and WhatsApp won’t do. But if you’re trying to securely communicate like a normal person who is not pretending to be Mister Robot, then PGP for email is one of the least adopted, least safe ways to do so and Signal/iMessage/WhatsApp are decent solutions.
-Ryan McGinnis
https://bigstormpicture.com
PGP: 5C73 8727 EE58 786A 777C 4F1D B5AA 3FA3 486E D7AD
Sent with ProtonMail


Sent from ProtonMail Mobile

On Mon, Jul 22, 2019 at 15:00, Mark H. Wood via Gnupg-users <gnupg-users@gnupg.org> wrote:
On Mon, Jul 22, 2019 at 03:46:18PM +0000, Ryan McGinnis via Gnupg-users wrote:
> [1]https://www.schneier.com/blog/archives/2018/05/details_on_a_ne.html
>
> 3. Why is anyone using encrypted e-mail anymore, anyway? Reliably and
> easily encrypting e-mail is an insurmountably hard problem for reasons
> having nothing to do with today's announcement. If you need to
> communicate securely, use Signal. If having Signal on your phone will
> arouse suspicion, use WhatsApp.

Depends on your threat model. For mine, reliably and easily
encrypting email is almost absurdly simple:

1) Use PGP
2) Don't send secrets to people I don't trust to keep them.

Anyway, 99% of my PGP use is for the opposite of secrecy: I sign my
emails so that (if you care enough to install PGP) you can be highly
assured that they're from me.

--
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Essay on PGP as it is used today [ In reply to ]
> I think that’s the point security researchers like Schneier have been
> trying to make: it is easy for all people — from grandparents who
> still think they need AOL to chipheads who can install Arch without
> watching a YouTube tutorial — to screw up encrypted email in a way
> that exposes the cleartext.

This is true, but it's not because OpenPGP is uniquely difficult. It's
because it's uniquely flexible. Signal is intimately tied to the cell
platform and cell signaling. Even when using the desktop client, it's
using your cell phone as a proxy. The more choices you take away from
the user, the easier the remaining experience tends to become.

(Which is not the same as saying the remaining experience is a *good*
one, just an *easy* one. Go ahead, try using Signal to do a third party
noninteractive introduction. Can't do it! That choice is taken away
from you. Which means if you don't need third party introductions, the
experience is good and easy... and if you do, it's bad and easy: bad, in
that you can't do what you need, but easy, in that at least it's very
honest about not being able to do what you need.)

> Encrypted email is fundamentally unsafe as it currently exists.

Given the government uses email to transfer national security secrets, I
question this assumption. Email can definitely be made safe enough: the
question is whether individual users can be expected to have the
training and experience and resources to do so on their own. (I
personally think the answer is 'no'.)

> But if you’re trying to securely communicate like a normal person who
> is not pretending to be Mister Robot, then PGP for email is one of
> the least adopted, least safe ways to do so and
> Signal/iMessage/WhatsApp are decent solutions.

I generally agree. I recommend WhatsApp as a communications client of
first recourse for people in non-permissive environments.

Number one, it's easy to convince other people you meet to use it. "You
can reach me on WhatsApp at..." tends to get reactions of, "oh, yeah, I
have it installed" or "I guess I should install that". You don't need
to talk about security or code audits or E2E or anything else: just show
them it's fun.

Number two, switching from SMS to WhatsApp is a *huge* increase in
security for the average smartphone user.

Number three, the cops don't look at you funny if you've got it on your
phone. Especially if you've got some nieces and nephews you can trade
funny memes with. Purge the important stuff before you go through a
border crossing and if you're asked about WhatsApp just say "my nieces
and nephews made me install it so they could share funny stuff with me".

Signal fails on #1 ("This is supposed to be a ... a secure
communications tool? Why do I need that? I don't want to get in
trouble with the cops.") and on #3 ("Why do you need this, citizen?").

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

1 2  View All