back to article It's time for PGP to die, says ... no, not the NSA – a US crypto prof

A senior cryptographer has sparked debate after calling time on PGP – the gold standard for email and document encryption. Matthew Green is an assistant research professor who lectures in computer science and cryptography at Johns Hopkins University in Maryland, US. This week, on his personal blog, he argued that it's "time …

  1. NoneSuch Silver badge

    PGP stands for Pretty Good Privacy so you are getting no more than what you are promised.

    1. dotdavid
      Coat

      I thought the prof's argument was that it wasn't pretty?

      1. Anonymous Coward
        Anonymous Coward

        I dunno

        There's a certain beauty in seeing a PGP signature on the end of an email I suppose… :-)

        If only because it's so rarely seen.

  2. Brian Miller

    He's right! PGP sucks to use!

    Yeah, the prof is right, but it shouldn't take a PHD to get people to listen. It's actually been way past time for an update to the general implementation.

    One of the reasons all of this really stinks is because SMTP was never designed with rigorous security in mind. It's really past time to move to a better mail protocol.

    1. Nate Amsden

      Re: He's right! PGP sucks to use!

      hey man I like the ability to telnet to a SMTP server on port 25 and issue SMTP commands directly to debug things.

      same goes for HTTP.

      and other protocols.

      Myself I've never really had a need for encryption in email. I've run my own mail services since the mid 90s and I've never felt I needed fancier SMTP or to even deploy PGP (I think I used PGP a couple times back in the 90s for email never since). Though my mail system does support SASL/TLS I did add that a few years back so my mobile devices could email remotely without using webmail or VPN. Though I rarely even do that, I haven't sent an email through my email server from my phone since last year (it doesn't even work anymore and I can't be bothered to figure out why and fix it).

      1. PerlyKing
        FAIL

        Re: He's right! PGP sucks to use!

        @Nate: "Myself I've never really had a need for encryption in email" [and other stuff]

        You appear to be arguing against encryption on the grounds that you personally don't feel a need for it, and that if everyone else used it you would be inconvenienced. Thanks for your input.

    2. Dan 55 Silver badge

      Re: He's right! PGP sucks to use!

      No, it's time to move to the same mail protocol with STARTTLS support.

    3. brooxta

      Re: He's right! PGP sucks to use!

      It might suck to use for all the reasons he gave, and yes SMTP sucks because it was designed without security in mind, but there is one reason at least why PGP absolutely rocks:

      You can use it to encrypt a message to send via just about any medium. And you can verify that security independently of the infrastructure you used to communicate.

      As soon as you start to build a monolithic "secure" system you lose that independence, which is a big loss.

      In every secure system I am aware of (and I should say that I in no way consider myself an expert in the field) there is always a trade off between convenience and security. You can have more of one but it means less of the other. If this guy has come up with a way of increasing the convenience without losing any of PGP's security then I'm all for it, but if he's advocating the opposite I don't want to know.

      1. Roo
        Windows

        Re: He's right! PGP sucks to use!

        Have an upvote for that point about independence brooxta.

      2. Ihre versteckte Person
        Megaphone

        Re: He's right! PGP sucks to use!

        ... and there's the key point - "As soon as you start to build a monolithic "secure" system you lose that independence".

        'nuff said.

        1. Joe Harrison

          Re: He's right! PGP sucks to use!

          PGP just does not work for normal people.

          I have no problem setting up my own mail environment for both PGP and S/MIME security but I only know about two other people in my social circle who would be able to read it if I actually did send them an encrypted message. So what practical use is that?

          1. brooxta

            Re: He's right! PGP sucks to use!

            @Joe Harrison

            Its practical use is that it serves as a working system for many tech-savvy types, and also as a standard for other systems.

            PGP was invented years ago and it was an enormous step forward, even though it was as tough to use then as it is now (in fact tougher - ever tried using it on a 386?). The thing is that the problems it set out to address then have only become worse in the intervening time: now there is not just the concern that it is possible to exercise mass-surveilance on populations in the "west", but the proof that it is in fact happening.

            I don't know what the next big step forward will be or where/who it will come from, but I do know that it will need to give us at least what PGP does. Otherwise it won't be a step forward, but rather backwards.

            The experts tell us that cryptography is hard and good cryptography is even harder. From my experience I would tend to agree. The question is, is it worth it? And attempting to answer that question leads you on to other rather bigger questions.

            1. Tom 13

              Re: He's right! PGP sucks to use!

              The real problem with PGP isn't the principles behind it, its the same problem that plagues secure web sites: there is no secure but easily used exchange for certificates. We "solved" that problem for websites by designating a couple of suppliers of top level certs, and everybody buys their certs from them. But that approach doesn't readily work for PGP email keys. Maybe Google, Yahoo, and MS could setup some sort of free public storage for certs from which people could download keys, maybe not.

              1. Anonymous Coward
                Anonymous Coward

                Re: He's right! PGP sucks to use!

                Maybe Google, Yahoo, and MS could setup some sort of free public storage for certs from which people could download keys, maybe not.

                Like this?

      3. Julian Taylor

        Re: He's right! PGP sucks to use!

        Totally agree, but anything is worth it if you don't want RIPA sniffing over your emails.

        1. Sir Runcible Spoon

          Re: He's right! PGP sucks to use!

          I've used GPA a few times, it seems to make life a little easier.

          gnupg.org

      4. Anonymous Coward
        Anonymous Coward

        Re: He's right! PGP sucks to use!

        You can use it to encrypt a message to send via just about any medium. And you can verify that security independently of the infrastructure you used to communicate.

        As soon as you start to build a monolithic "secure" system you lose that independence, which is a big loss.

        Indeed, OpenPGP doesn't care what the underlying medium is. Carrier pidgeon, sneakernet, UUCP, SMTP, HTTP, AX.25… you name it, if it can carry Base64 reliably, it can carry OpenPGP reliably. The other bonus over SMTP/TLS is that this is end-to-end, whereas SMTP using TLS is only between hosts.

  3. Anonymous Coward
    Anonymous Coward

    Hyperbole?

    I don't know, but saying that PGP is "fundamentally flawed" seems like a bit of an exaggeration to me, especially when he does not come up with anything better.

    He advocates "a centralised key management system" à l'Apple, which is more or less what you get with X.509, in turn with its own set of problems; and, I quote: "Cryptography that post-dates the Fresh Prince. Enough said.". Well, no, I don't think enough has been said, pretty far from it.

    As for the supposedly inadequate clients, honestly, in the ten years or so that I've been using Enigmail and Kgpg, they've done the job just fine, thank you. And recent versions of Enigmail are configured by default to encrypt if possible, which addresses one of his points.

    For a researcher, I am surprised he didn't put this in an academic paper but rather just published a little rant in his blog. I take that as an indication of how much thought he's put into this.

    1. Anonymous Coward
      Anonymous Coward

      Re: Hyperbole?

      > For a researcher, I am surprised he didn't put this in an academic paper but rather just published a little rant in his blog.

      Presumably his little rant was triggered by inadvertently emailing his boss instead of a coworker (co-reseacher?) with a rant about his boss. :-)

      1. Number6

        Re: Hyperbole?

        Presumably his little rant was triggered by inadvertently emailing his boss instead of a coworker (co-reseacher?) with a rant about his boss. :-)

        Well, had he encrypted it with his coworker's public key then he'd have gotten away with it because hopefully his boss wouldn't have been able to decrypt it.

    2. Richard Conto

      Re: Hyperbole?

      Given what happened to domain name registrars for .COM becoming decentralized, and the scary/horror issues of all the multitudinous problems there have been with Certificate Authorities - he's going to have to make a better argument for a centralized key management system than just implying The Leader Knows Best.

    3. Anonymous Coward
      Anonymous Coward

      Re: Hyperbole?

      First someone invalidates him because he has a PhD. Then someone invalidates him because he has a PhD but he is not using it to publish it as a paper. What's next? He took too long to get his PhD? He hasn't renewed it in time? You can invent any number of irrelevant reasons for not taking someone's words seriously...

      1. Oninoshiko

        Re: Hyperbole?

        How about because he is wrong? Is that okay to invalidate him on?

        Let me list his argements and invalidate them:

        1) It's "old"

        I don't care. This isn't even really an argument. We've been making booze for thousands of years, but that doesn't make it any less of a find beverage.

        2) Keys are hard to read

        Well, yes. unfortunately he doesn't offer any kind of fix.

        3) Old releases of GnuPG have bugs.

        Yes, most software has bugs. Update to fix them. GnuPG can be updated for free (as in gratis). Any proposed fix will be susceptible to this problem.

        4) Trusting a central authority would be easier.

        Yes, it would. I think we can use the NSA as that central authority. If we trust any US company, they'll be it anyway.

        5) WoT is bad.

        He manages to take a whole paragraph and say just this and "I'm not backing it up with why." Well, I'm not responding to it, because he didn't bother to say anything to respond to.

        6) Lacks forward secrecy

        While forward secrecy is great, it requires much more automation on software side. This requires putting much more faith in much more complex software. For something like SSH, much of the complexity is already there because the sessions are real-time, for a non-realtime "session" I'm not as convinced. (although, this is EASILY the strongest point he makes)

        7) PGP supports old ciphers and not new ones.

        He even says most of these are not exploitable, so this is basically a rehash of 1. Specifically he complains about the lack of support for Elliptic Curve Cryptography (ECC). Dual_EC_DRBG (atleast) is known weak, and there are weaknesses in the recommended curve. At least one noted analyst recommends not using ECC at all in light of these revelations https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html#c1675929

        8) too easy to send unencrypted

        Ideally, it should probably be harder to send an encrypted email in these apps, unfortunately most people are not setup to receive encrypted emails, so sending unencrypted emails are still the norm. This is also likely to be unresolvable with:

        9) too easy to send unimportant emails encrypted

        If you are going to use encryption, you NEED to be using it for everything. If you don't you are give a treasure-trove of meta-data to an attacker. What you think it unimportant, who you are talking about important things with, and how often.

        10) too easy to encrypt the email with the wrong key

        I'll give him this.

        11) requires passphrase to unlock key, which is required for just signing.

        Not locking your key would be a HUGE vulnerability. The key is necessary for signing. Getting done with it and removing it from memory as fast as possible is the most secure thing you can do, but it requires you to reenter the passphrase each time. I guess I'm not sure I understand what he's proposing here, maybe he wants to abandon signatures.

  4. Richard Conto

    PGP is like Democracy ...

    ... in that it's the worst possible encryption system, except for all the others.

    This professor's complaints are mostly that PGP (or GPG) have awful applications. That's a side effect of PGP/GPG being pretty much a niche application AND being open source. The open source part is WHY the thing is trusted, and the niche part is because security and privacy is not terribly high on most people's communication priorities. (I don't doubt that cat videos are more important to most people than locking their houses and cars - much less securing private communications or passwords.)

    But re-engineering e-mail to provide for security & privacy is not likely to happen. Anyone remember X.400, the OSI's mail protocol? Any attempt to redesign email from scratch is likely to end up with something worse in terms of inability to inter-operate. (Besides, Facebook, Twitter, Google, et. al. are all re-engineering inter-personal communications anyway into proprietary social-networking horrors.)

    1. Anonymous Coward
      Anonymous Coward

      Re: PGP is like Democracy ...

      The open source part is WHY the thing is trusted

      since no open source cryptography project has ever had major security issues...

      1. Anonymous Coward
        Anonymous Coward

        Re: PGP is like Democracy ...

        The open source part is WHY the thing is trusted

        since no open source cryptography project has ever had major security issues...

        True, but at least in the open source world when the problem is found (and it still can take time), it's impossible to sweep under a rug… a company can just stick its fingers in its ears and yell "La la la la!"

        There are probably equally heinous bugs that rival HeartBleed in commercial software that will never be fixed. We'll not know what they are because it's in the companies' interest to keep it all hush hush.

  5. John Riddoch

    The. Only.

    That last part is the core; there is currently nothing to usurp PGP which is widespread in use already. Any replacement would have to offer something substantial over the current implementation and simply saying "more secure" isn't going to sway anyone other than the security paranoid. Any replacement has to be at least as simple to use as PGP, or users will simply not bother with it.

    And finally, the kicker - until it gets sufficient momentum, people will stick to the incumbent (PGP). There's no point having an uber-secure way of sending mail if no-one you send mail to can read it...

    1. Bloakey1

      Re: The. Only.

      That is exactly the point. What he wants us to do is dumb things down and make it user friendly. At the moment one has to go through a few hoops to use it and in my opinion that is a good thing. Even Greenwald balked at using it when approached by an annonymous source but when he got there he hit the jackpot.

      I like to know that I am expressly doing something so I will jump through hoops. Embed it and obfuscate it and I will presume all is ok and that is bad security.

      Leave it alone as a gold standard and work on something easier using ROT 19 or whatever.

      1. Michael Habel

        Re: The. Only.

        Leave it alone as a gold standard and work on something easier using ROT 19 or whatever.

        Fheyl gung fubhyq or EBG13

    2. Sir Runcible Spoon

      Re: The. Only.

      "There's no point having an uber-secure way of sending mail if no-one you send mail to can read it..."

      Surely if you have encrypted an email to someone then you have used their public key to do so, so one could assume they might know how to decrypt it (having made their public key available to you).

      1. phil dude
        Thumb Up

        Re: The. Only.

        And more importantly the other thing PGP does is let you SIGN a cleartext document, so mixed recipients can validate your key, along with those that think it is some sort of geek-haiku.

        P.

  6. Will Godfrey Silver badge
    Thumb Down

    Yes another person complaining about something, without having anything better to put in it's place.

    1. Anonymous Coward
      Anonymous Coward

      @Will Godfrey

      " ... without having anything better to put in it's place."

      Irrelevant. It's entirely possible to tell whether something's right without being able to produce something of equal or better quality yourself.

      1. Anonymous Coward
        Anonymous Coward

        Re: @AC

        Who argued that it isn't possible to spot potential problems? In many respects spotting the problems is the easier part, but without the second part it is of minimal value.

        1. Anonymous Coward
          Anonymous Coward

          Re: @AC

          "Who argued that it isn't possible to spot potential problems?"

          Nobody. I was pointing out it's unreasonable to criticise an observation based on whether the person making it can rectify it.

          "In many respects spotting the problems is the easier part, but without the second part it is of minimal value."

          I disagree.

          1. Will Godfrey Silver badge
            Thumb Down

            Re: @AC

            Nowhere near as unreasonable as saying something that actually works should 'die'.

  7. Anonymous Coward
    Anonymous Coward

    Not saying PGP is perfect

    As it certainly lacks in user friendliness and ease of use, both of which will be required if it is ever to be adopted by the masses.

    But key length on business cards? What a non-issue, given that business cards are dying out these days... But if you must, sounds like a good use for those 2D bar codes that every smartphone on the planet can read without issue.

    1. Bloakey1

      Re: Not saying PGP is perfect

      We could have our keys tattooed on our pudendum. Mine would read 179ef and when Kylie Minogue appears itwould read, errrr, hmmm, something a bit longer in 6 point font.

      1. Primus Secundus Tertius

        Re: Not saying PGP is perfect

        Lo! They met in Llandudno!

    2. ZSn

      Re: Not saying PGP is perfect

      Ok, geek alert. I *tried* to put a certificate into a qr code. It doesn't work, at least not for 2048 bit certificates. Even if you can shoehorn it into the maximum size of QR code, the resultant QR code is too big to be practically read (I've tried, trust me). If you print it A4 at best quality it still doesn't work. As for 1024 bit, perhaps it may work, at A4 size, never on a business card.

      OK, I admit, I have to much time on my hands.

      Matthew Green isn't usually too bad a read, he seems to have jumped off the deep end on this. It smacks of an academic with no real world experience.

      1. brooxta

        Re: Not saying PGP is perfect

        You don't need the whole certificate/key in a qr code, you can send that as an email attachment or download it from a web page or key server. The qr code would be useful for the key fingerprint though, which should be much more manageable. You would then use the fingerprint encoded in the qr code to verify you had downloaded the right key.

        1. ZSn

          Re: Not saying PGP is perfect

          >You don't need the whole certificate/key in a qr code, you can send that as an email attachment or download it from a web page or key server. The qr code would be useful for the key fingerprint though, which should be much more manageable. You would then use the fingerprint encoded in the qr code to verify you had downloaded the right key.

          I know, I was just hoping that there was a more elegant way in doing it all in one QR code so that you can personally give out your key.

          Incidentally I don't put my gpg on the public servers, naughty I know, but I only send the key to people I actually want to send encrypted messages to. Perhaps I'm a little too paranoid.

        2. Anonymous Coward
          Anonymous Coward

          Re: Not saying PGP is perfect

          And how do you trust an email or key server? Just because they tell you they are what they say they are and thereby you should trust them?

          1. brooxta

            Re: Not saying PGP is perfect

            > And how do you trust an email or key server?

            That's what the fingerprint is for. You use it to verify that what you downloaded is actually correct.

          2. A J Stiles
            Facepalm

            Re: Not saying PGP is perfect

            The whole point is that you don't *have* to trust the key server, or any server in the e-mail chain.

        3. foxyshadis

          Re: Not saying PGP is perfect

          Fingerprints are so broken. They're a straight MD5, which only gets more broken every year. Every email client I've used only presents 32 bits of the fingerprint for your visual verification. It's time for PGP to move on and some of the brilliant people who put modern TLS together to start working on secure email, otherwise Google and Yahoo will be the only ones controlling it.

          We've already patched and bodged SMTP into the 21st century, kicking and screaming all the way, at least; that proves that smart people could tackle PGP too.

      2. eldakka

        Re: Not saying PGP is perfect

        Could the QR code just contain a (https) URL to download the public key from and the fingerprint of the key?

        So the QR code could be used to GET the key and verify the key.

      3. Charles 9

        Re: Not saying PGP is perfect

        I *tried* to put a certificate into a qr code. It doesn't work, at least not for 2048 bit certificates.

        That's odd. 2048 bits should take up only 256 bytes, well within the QR Code limit of 2,953 bytes under ISO 8859-1 encoding. Even if you have to convert it to a text-compatible format, you should still be well within the limit, even counting necessary overhead.

      4. Anonymous Coward
        Anonymous Coward

        Re: Not saying PGP is perfect

        Read the article. He said newer Elliptical Curve keys are a lot smaller, i.e. a 40-char MiniLock key equivalent to a ~10x bigger 3072-bit PGP key.

    3. Anonymous Coward
      Anonymous Coward

      Re: Not saying PGP is perfect

      > But key length on business cards? What a non-issue, given that business cards are dying out these days... But if you must, sounds like a good use for those 2D bar codes that every smartphone on the planet can read without issue.

      As has already been mentioned, key length on business cards is an issue, at least for any decent length key--this was pointed out by Zimmerman himself when he first came up with PGP. However, that is what key fingerprints have been for since day one.

      I am a bit surprised that Mr. Green will mention this. As a cryptography user (for I hope he's not a mere academic expert), he will know that the way we "exchange" keys is by providing a bit of paper (or for the poshest geeks, yes, a business card) with our email address and key fingerprint on it--sometimes people physically sign the paper as well. The other user will then go and fetch the key itself from one of the usual servers and check by hand if the fingerprint matches, then set his trust level adequately.

      Has worked for me since the 90s and is not much different than, say, checking a signature on a paper document (it can be just as insecure, but also a lot more secure).

  8. roger stillick
    Coat

    Encription ? PGP=OS... OK, still don't use it...

    USPS aka Snailmail has a USD. $7.00 courier service w/next day service anywhere in the USA...

    IMHO= when anything of value goes by 'Blue Box' why does anyone need a crypto program other than to have something cool to play with...

    Reality Check= the Internet has been hacked by everyone since day one and we still use it cuz it works if we ignore the bad guys...remember= no one has ever cracked a book code w/o the book...RS.

    1. eldakka

      Re: Encription ? PGP=OS... OK, still don't use it...

      They also have physical access to the content of whats being sent. As has been reported previously, the intelligence and criminal law enforcement agencies (e.g. NSA,DEA) can, and do, get USPS to make copies of the external surfaces of the envelope and can obtain warrants that let them open, copy, and forward on, the mail.

      In fact, if you send it registered post, they don't even need to copy the external envelope as they already have the FROM and TO information which you provide when you send a parcel registered mail.

      And even if you didn't care about that component (having the FROM and TO addresses), you would still, if you wanted it SECURE, have to encrypt the contents of the parcel so that the document is unintelligible text to visual examination.

  9. ratfox

    Business cards??

    Honestly, I fail to see why PGP would have to be backward-compatible with business cards. Surely there's millions of apps that are more practical for exchanging contact information than handing over little pieces of dead trees. If you must, how about printing a QR code of the key on the back of the card?

    As to the gripes about email clients, that's the fault of the mail clients, not PGP. It might be that nobody has cracked the proper UI, because let's face it, so few users care…

    1. Anonymous Coward
      Anonymous Coward

      Re: Business cards??

      Because business cards are a safe way to exchange keys without using an electronic medium that can be tampered with.

    2. Charles 9

      Re: Business cards??

      Because the keys are too big to put on even 2D barcodes (even I suspect the color barcodes once touted by Microsoft). Which means you have to store it somewhere, which means you have to trust both the place it's stored AND whatever means is used to transport it. And if your opponent's something of state level, I wouldn't even trust the fingerprint (since the state may secretly have the means to subvert things behind the scenes).

      1. Anonymous Coward
        Anonymous Coward

        Re: Business cards??

        Because the keys are too big to put on even 2D barcodes (even I suspect the color barcodes once touted by Microsoft).

        In the interests of science, I tried it anyway.

        You can do it with 2 QR codes. I used ZFEC to encode it into 4 QR codes, so you can scan any two and get my public key.

        ZFEC is available at https://tahoe-lafs.org/trac/zfec/

        The monstrosity looks like this: http://www.longlandclan.yi.org/~stuartl/pubkey.png

        How it was generated:

        $ gpg -o /tmp/pubkey.gpg --export 4DFA191410BDE3B7

        $ zfec -m 4 -k 2 pubkey.gpg

        $ for f in pubkey.gpg.?_?.fec; do qrencode -o $f.png -8 < $f; pngtopnm < $f.png > $f.pnm; done

        $ pnmcat -lr pubkey.gpg.[01]_4.fec.pnm > pubkey.gpg.top.pnm

        $ pnmcat -lr pubkey.gpg.[23]_4.fec.pnm > pubkey.gpg.bot.pnm

        $ pnmcat -tb pubkey.gpg.top.pnm pubkey.gpg.bot.pnm > pubkey.pnm

        $ pnmtopng < pubkey.pnm > pubkey.png

        Note this will not fit on a business card unless you have a very high resolution scanner and printer available.

  10. Bronek Kozicki

    all good points

    Now I'm waiting for good professor to produce alternative system. Or at least start productive discussion about design of such a thing. Should I hold my breath?

  11. Steve Knox
    Headmaster

    "...which it difficult to print them a business card..."

    That's not a typo on my part (or El Reg's for that matter); that's a direct copy from his blog post.

    Sigh.

  12. JaitcH
    WTF?

    Because Ford built the Edsel, the Concept of the Automobile should scrapped?

    Quote: "Many PGP-enabled mail clients make it ridiculously easy to send confidential messages with encryption turned off".

    This statement is the equivalent of saying the Ford Edsel was so bad (Unsafe at Any Speed - Nader), or any other clunker car design, that the concept of the car should be scrapped.

    PGP, written and initially distributed by Phil Zimmerman, has proved it's worth over the years that so much so the GCHQ and NSA are still gnashing their teeth whenever Zimmerman's name is invoked. So many people in physically risky positions or employment have staked their lives on PGP.

    PGP is NOT the problem, people who are strangers to Command Line entries ARE. LONG LIVE PGP!

    1. Irony Deficient

      Unsafe at Any Speed

      JaitcH, it was the Chevrolet Corvair, not any Edsel model, which was “unsafe at any speed”. (Perhaps you were mixing up the Corvair with the Edsel Corsair?)

      1. Hud Dunlap

        Re: Unsafe at Any Speed

        http://www.amazon.com/Unsafe-Any-Speed-Ralph-Nader/dp/B0006BMWYU/ref=sr_1_2?s=books&ie=UTF8&qid=1408235446&sr=1-2&keywords=unsafe+at+any+speed

        It is actually about cars in general and Naders claim that the Automobile industry ignores safety for profit.

  13. mIRCat
    Coat

    Call now. Just £1.99 a minute and any expectations of privacy.

    Wanna chat with hot lonely girls near you now? Just enter your private key here..

    Obligatory xkcd - https://www.xkcd.com/364/

  14. Anonymous Coward
    Anonymous Coward

    Mail clients

    He's right about those though. Even using Thunderbird with add-on it can be a pain in the arse. It is certainly not straightforward and often comes up with an alertbox. Tried getting it to sign emails using the required cert but it kept bugging me. Not sure if it was because it had the shits with the need for a password or not. Was using GPG on OSX with (possibly) Enigmail (if that's the add-on). Followed a guide on the topic but in the end just switched the bastard off.

    1. This post has been deleted by its author

  15. JimmyPage Silver badge
    Boffin

    Want to thwart the snoopers ?

    You don't "send" mail anymore. You simply post your encrypted message on a usenet server (ask your parents, kids) with the intended recipients public key as the subject.

    The recipient can easily find the message from whatever server they use, and download it, decrypt it, and if required, respond the same way.

    All the communications in the world in the open, and (assuming you trust the underlying encryption) safe. Sadly, Teresa May will now lose that lovely "meta data" she wants to collect, so she knows who is communicating with who, but that's the price she (and others) will have to pay for abusing their powers in the first place.

    Bearing in mind, from a UK perspective, discussion of encrypted mail is moot, since the authorities can simply ask you to decrypt it with the incentive of 2 years (or is it 5 ?) in the big house if you don't.

    1. Nigel 11

      Re: Want to thwart the snoopers ?

      Bearing in mind, from a UK perspective, discussion of encrypted mail is moot, since the authorities can simply ask you to decrypt it with the incentive of 2 years (or is it 5 ?) in the big house if you don't.

      But they can't do that without tipping you off that they are reading your e-mails. They can't do covert data-trawling on encrypted mail, and that's what offends me far more than properly targetted police activity subject to proper judicial oversight. Also if the authorities start demanding access with menaces from more than a tiny fraction of the population and concerning a small fraction of their correspondents, there will be major political repercussions.

      1. phil dude
        Black Helicopters

        Re: Want to thwart the snoopers ?

        That's why Habeas Corpus and the 5th amendment to the US constitution are so important. And it is why the UK govts over the years have chipped away at them. It is simply inconvenient for any government to think it is not all powerful.

        I too would like to think that if any Government want to try and force citizens to give up their private information to incriminate themselves (or others), that potentially keeping them "in a secure location", that there would be major political repercussions. But it hasn't happened yet.....

        The truth is when the blokes with the big boots come knocking it doesn't matter, you will cough it up. (A great quote from David Mamet's character Jonas Blane in the TV series The Unit - "The one thing you don't want to be is innocent if they are going to torture you..." ).

        A specific case. This experiment was already tried when Glen Greenwald's partner was manhandled for 9 hours for, "an indirect interference with press freedom but this was justified by legitimate and "very pressing" interests of national security." (original is here).

        There's a whole other topic about trans-border issues, but you get the gist...

        Just because you are paranoid, does not mean that are not out to get you....!

        P.

    2. Thunderbird 2

      Re: Want to thwart the snoopers ?

      Shades of Tom Cruise in Mission Impossible

      1. Anonymous Coward
        Anonymous Coward

        Re: Want to thwart the snoopers ?

        Of course, the old stylee method was personal ads in daily newspapers.

        Does anyone remember LOOT (it may still be going). I know for a fact that some of the messages in there were encrypted. Because I placed them. And got replies.

        Practically impossible to crack if done right. It may still be going on. Although I would hope for the sake of the alphabet agencies, nothing comes of it. It would be so embarrassing, after all the powers they've told us they need, if it turned out the next terrorist outrage was planned this way.

  16. John Smith 19 Gold badge
    Unhappy

    Quick precis.

    "I don't like PGP supporting email clients"--> PGP is rubbish --> PGP should be replaced.

    I don't use it so I'm a layman in this argument.

    Let me suggest that a lot of people use a web based email system even when they know they shouldn't.

    They want to compose an email and the whole process of encryption/log on/select addressee/send email/log off is done for them.

    Do that and a lot of people start using it because it's no longer so f**king clumsy.

    And of course the resulting TLA and FLA budget requests will either bankrupt the respective governments or trigger the instant development of a useable quantum computer.

    Or the governments concerned could realize that most of this surveillance is being driven by a combination of politician paranoia and data fetishist lust.

    1. Anonymous Coward
      Anonymous Coward

      Re: Quick precis.

      I am surprised no one has mentioned virtru yet. It is an encryption plugin that works with many mail clients and browsers. PFS, message expiration, the works. Check it out:

      www.virtru.com

      This is what PGP plugins should be.

      1. phil dude
        FAIL

        Re: Quick precis.

        No opensource components, cannot be trusted.

        P.

        1. Anonymous Coward
          Anonymous Coward

          Re: Quick precis.

          .......so no GnuPG, dad?

    2. phil dude
      Linux

      Re: Quick precis.

      @John Smith 19: PGP is nowhere near as bad as this guy is making out, but I will agree there is a learning curve that could definitely be improved by some "web syntactic sugar".

      In fact part of the problem is as you say the "all-in-one" , send and go.

      The problem with any webmail, is you don't know what the server is doing.

      I use thunderbird as my mail client, and the PGP message leaves thunderbird pre-wrapped (via Gmail or whatever).

      I think seamonkey can do webmail as well using its "tabs". It is after all, part of mozilla....

      But I agree, it could be made better with the existing tools. The encryption is the hard stuff, making it pretty should be easy...!

      P.

      1. Mookster

        Re: Quick precis.

        Na, the crypto is easy - a few hundred lines of code with the right libs. UI is probably 10 times that

  17. Adrian Midgley 1

    criticism of everything except PGP/GPG is it not?

    All his criticisms do not seem to me to be of PGP, or the GnuPG implementation of it, they seem to be statements that email clients that incorporate it don't do it very well.

    I'm not convinced that having it built into a complex other piece of software is entirely a good thing, but if someone is going to do that then it is them building it in, not PGP itself that is to be judged.

    On the command line it is no more or less unfriendly than various other very precise programs, and the files or pasteable text that result are no harder to email than any other text file.

  18. Anonymous Coward
    Anonymous Coward

    Yeah, usability sucks...

    Last I checked, GPG couldn't import a public key from the clipboard. You had to copy someones key, open notepad, paste it into notepad, save it somewhere, go back to GPG, select import key, navigate to where you saved the document, pick it, then delete the document to stop it cluttering up your file system.

    So I agree. It sucks on the usability front. An 'import key from clipboard' option would have been no effort at all to add, especially since it already has options to encrypt/decrypt from clipboard.

    1. Anonymous Coward
      Anonymous Coward

      Re: Yeah, usability sucks...

      It's entirely possible that there could be a script running in a browser window that's monitoring the clipboard looking for public keys. When it sees one copied in it adds its own one in (are you going to double-check that what you pasted into PGP is exactly what you copied?)

  19. A J Stiles

    It's hard for a reason

    Using PGP properly is hard -- for a reason.

    If you get any of the practical implementation details wrong, you can end up with a product that looks secure but isn't. Nobody wants to be selling that product.

    Private keys have to be kept secret. You can't afford for there to be any way to leak a private key. Public keys aren't secret, but have to be verifiable; otherwise, you can't be sure some public key you've downloaded really belongs to that person, and not someone else who has the real public key, their own keypair and access to messages in transit and so can decrypt the message and re-encrypt it against the real public key.

    By forcing you to use your own back-channel for key verification, which you can be reasonably sure is beyond the reach of a bent keyserver operator, the implementers can avoid that issue.

    Unfortunately, that by definition makes it hard to use, for want of the very integration that makes for ease of use. But anything you did to make it easier to use would end up potentially compromising the security of the system -- maybe not now, but maybe in future, in some combination of circumstances that did not occur to the implementer at the time.

    There are two fundamental limitations that you run into. These aren't limitations of technology, that will be solved with the right invention; they are limitations of the universe, that cannot be overcome by any amount of ingenuity.

    (1) When you have several channels *in series*, the overall trustworthiness is determined by the *least* trustworthy link in the chain. But when you have several channels *in parallel*, the overall trustworthiness is determined by the *most* trustworthy among them.

    (2) Anybody can build a cryptosystem that *they* can't crack. That absolutely doesn't mean *nobody* can crack it. You need rigorous mathematical proof of uncrackability.

    Crypto software unavoidably has to trust the user not to do anything stupid; but if it trusts no-one else, then it's as trustworthy as the user. Making it easy for the user to do stupid things (such as exposing keys to tampering via the clipboard of an untrusted GUI, where any rogue application could read a private key or substitute a public key) potentially renders it less trustworthy.

    Anything that's worth doing is going to be hard, and unfortunately the corollary is also true.

    1. Charles 9

      Re: It's hard for a reason

      So what happens when you run smack into the fence separating security and usability? Because for security to be ubiquitous, it MUST be easy to use (and by that I mean easy enough for Stu Ped to get). Yet difficulty is a necessary evil for something to be practically secure (sort like having to fish for the keys to the front door).

      So basically, the security problem is looking to be intractable because you're caught between needing a system a state-level adversary can't break in a heartbeat and needing a system easy enough to be used by people who have trouble remembering what they did yesterday.

  20. Anonymous Coward
    Anonymous Coward

    From what I can see in this story as reported, his two main problems seem to be:

    a - Public keys are long. Isn't that kind of the point, otherwise they're not secure and could be vulnerable to collisions or forgery?

    b - Email clients and plugins are not user friendly. This is the fault of PGP how?

    I have a feeling it took me longer to type this than it did for Mr. Green to do up his rant.

  21. This post has been deleted by its author

  22. DougMac

    It isn't PGP that sucks..

    But key management sucks.

    Normal users totally don't get it, don't want to know, and don't want to think about it.

    Unfortunately, they need to know and think about key management to make it work effectively.

    The actual mechanics of PGP/GPG in email client integration is fairly simple, but man, having users type a passphrase, or making sure they are using the right key is a total nightmare.

    1. Anonymous Coward
      Anonymous Coward

      Re: It isn't PGP that sucks..

      So, basically, security sucks. We're already past the point of no solution. The necessary level of practical security requires more effort than the average person is willing to exert. Basically, too many people in the world are too stupid to live in our world, meaning civilised behaviour is actually holding us back. Is it time to start saying, "Tough luck. Better luck next life."?

  23. jb99

    He is wrong

    PGP has it's flaws but they are not security flaws they are usability flaws. But they can mostly be overcome. And it hs the HUGE advantage that it's actually possible to use it. The alternative he is suggesting is to redesign all the protocols completely and then get everyone to use them. Yeah, that's going to happen...

  24. Anonymous Coward
    Anonymous Coward

    Green should zip it up.

    Maybe medicine should die, because the average Joe can't do it. Maybe Hopkins should stick to medicine ..... they need practice, and supposedly that's what "they" do .... though they have dropped to #3. They don't even rank in customer service, unless you're a mid-East Prince.

    Green is a theorist .... he offers nothing practical. He should go back to the classroom and talk to doe-eyed dreamers, of a utopian one button does it all world. I'll keep my keys.

  25. Southwestwall
    Trollface

    So the problem with PGP is ...

    that since the 1990's more inept, effort-averse humans have access to computers and will routinely compromise security with aforementioned ineptitude and effort aversion.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like