Is Encryption Really Secure? 201
taustin continues: "I made a disturbing connection the other day between PGP (or any encryption program) and the many security vulnerabilities that keep cropping up in web browsers and mail clients. It seems we don't go a week without some new way for a 'hostile web site' or 'malicious email' to read files from our hard drives. These are usually downplayed, because, in general, they can only read, not write to or delete, files, and because one needs to know the exact file name and path to exploit them. How easy is it to guess at the path and file name of a file that could be damaging for someone to just read?
Encryption relies on keys, which are kept in keyrings, which are computer files; and those keyring files have a default install location; and while that default location can be changed, the program still keeps track of where it is. In the case of PGP, this is a file called PGPprefs.txt, and that has a default location that (as far as I know) cannot be changed. And if it can be changed, the location of the preferences file has to be stored somewhere.
So it looks to me like it wouldn't be all that tough for someone who knows how to exploit one or more of these vulnerabilities to just grab someone's entire private keyring if they don't have all the patches installed.
What's really disturbing is to compare all this to current 'sneak-and-peek' search warrant practices - where police agents can break into your home or business to conduct a search without having to tell you, before or after, that they've done so. It is not entirely clear if such searches are illegal now, but they would be sanctioned by bills like HR. 2987, the Methamphetamine Anti-Proliferation Act of 1999. With the ability to remotely steal a private key, without even having to enter you home, and legal sanction to do so, there are frightening possibilities.
Having the keyring, of course, is not quite all there is to it. Keyrings are protected by passphrases, as well. But passphrases are not as secure as encryption keys themselves are - they are chosen by the user, and most will fall to dictionary attacks very quickly.
So what are good practices to adopt when using encryption software? Should one keep the keyring on a floppy disk, and never have it in the computer when it's connected? Should PGP (and other encryption programs) be changed so that the user has to manually identify where the keyring is whenever the program starts? Is it possible to make the program as safe in Real Life as the alogrithm is mathematically?"
Who's we? (Score:1)
Then depends heavily on who you are and what your habits are. I agree that I frequently hear about ways for web sites and email to read other people's files, but these almost always rely on the user running extremely poor-quality software. I suspect that the intersection between users of PGP and users of "holeware" (e.g. MS Outlook, MS IE) is actually pretty low. Once you get away from the Microsoft stuff, most people's computers (even Mac users) are pretty resistant to attack.
Correction, Cliff (Score:1)
Too optimisticly put. The encrypted files can be at most as secure as the key;the key is no more secure than the least secure of the system which stores it and the system which it is loaded into for use. That's the best case; errors in the crypto software can degrade security further, but the important point is that God's Own Encryption Algorithm can't improve on the security of the key itself.
Security almost never broken through encryption (Score:2)
Back doors, social engineering, floods, DOS...there are so many more obvious and exploitable ways to break systems...its a waste of time and effort to go for the encryption routine as the target
Weakest link in any crypto is... post-it notes! (Score:3)
I am implementing iButton support for GPG (Score:2)
--
Ironic (Score:1)
Schneier's point is that building walls is not enough. The computer security model will follow the same model that all other security has historically followed. You will buy insurance. You will get discounts on your insurance by putting into place firewalls, PKI, intrusion detection, etc..
Ultimately, insurance, not security, will give peace of mind.
Bruce Sterling's PGP key (Score:2)
Don't use 'em. I never knew a real-life computer crime cop or investigator who paid any attention to deciphering encryption. I regard this as a 99% theoretical form of "security." Using big number-crunching high-tech to protect the brief transmission of Internet email gives people a false sense of security. If you get in trouble, it won't be because you were tapped and cracked by the NSA. It'll be because somebody you trusted ratted on you (or because you bragged). Trust me on this. If you're really worried about your privacy, stop using credit cards and shred your trash.
__
Well duh (Score:1)
Just snaffling the key file won't help Black Hat, though. It's ususally encrypted with a symmetric cypher before it's ever stored. That's what the key passphrase is for.
--
Re:Encryption is necessary, but not sufficient (Score:2)
Even if Blowfish is designed to be more secure than triple-DES, that doesn't mean it is more trustworthy. It's newer and hasn't had the same amount of hammering on it over the years as 3DES has had. Triple-DES with three different 56-bit keys is generally considered a good symmetric cipher; its disadvantage is slowness.
Encryption is necessary, but not sufficient (Score:3)
Rather, what you should remember is that 'if it is not encrypted, it is not secure'.
Personally, I think it is more important to get encryption in there - even with *bad* practices - than to worry about getting the last 1% of security from already-encrypted apps. For example, going from telnet to ssh with password-sending (your password is encrypted in transit) is a huge leap in security. Going from ssh password-sending to public-key authentication is only a small extra step, if anything. Choosing a long passphrase, or going from Blowfish to 3DES, are pretty unimportant for most people. Few crackers are going to see encrypted bits going over the wire and attempt to crack that - even if the passphrase might only be quite short. More important to focus on replacing the existing highly insecure protocols such as NFS.
Re:StegFS (Score:2)
2) It may not be portable, but the keys themselves are (Simple text files with excrypted data) - if you need it on another OS, just copy it over there.
3) will only be used to store the keys, not a lot of performance concerns there.
Convience vs Security (Score:1)
everytime I come to work why does it matter? Well it will depend on the job. I seen companies
where someone just walked into the back office the safe was open and left with a few grand.
Why did this happen to the company did not inconvience itself with any security measures.
The more security you have the more inconveinent it is to do things. All you have to do is
measure your how inconvience you are willing to give up vs how much security you want.
Re:PPS (Score:1)
It fizzled for 2 reasons (I think):
Be careful what you ask for. You might get it.
Re:ibutton (Score:1)
If you're really paranoid, you want to transfer plain ascii (or something else you trust not to have the ability to 'hack' your viewer on your Palm) to your Visor (with the iButton plugin on the back), view it and make sure the data your iButton is encrypting is the data you told your PC to encrypt...
non-biometric security's a sham (Score:2)
At best it causes irksome delay in getting at your info but it really doesn't stop anyone who wants in from getting in. Like the Beatles sang about on the very first "telstar" broadcast: "There's nothing you know that can't be known"
Security based on biometric characteristics of a large sample of sound of you saying a phrase containing certain words or a live camera image is the only way to go.
And that's going to require 64 bit hardware everywhere (M$ ain't playing there either.
The Answer. (Score:2)
Re:Use an IButton (Score:1)
At the same time, it doesn't change the basic premise of this story -- that is, your encryption is only as secure as your keys. If I snag the keychain with your IButton, then that key will eventually be compromised. At the very least, it denies you access to the systems that require your IButton.
Jay (=
Security is not about privacy (Score:1)
For example, if you are working in the financial industry your data is probably very valuable indeed. Whereas, if you are working in a car wash your data is probably much less valuable. Even so, for most users of cryptography technology today, the concern seems not to be with risk management but with privacy. What seems to be lost is an understanding that privacy issues are relative. Indeed, privacy is really about access to information and falls under the same milieu of risk management as any other business endeavor.
Cryptography is only one piece of the puzzle. In a bank, for example, there will be air walls, intrusion detection teams, and other measures in place to keep unauthorized access to an absolute minimum. These measures, with the cost of course. Therefore, they will only be taken when their cost is justified by the level of risk of loss of control of the data.
Certainly, for the average user, there are things that they can do to minimize risk which cannot cost much money. They can, for example, utilize onetime pass codes, keep their key ring in a hardware device that is not always connected to the computer, perform routine system integrity checks, etc.
of course, all of these can be breached by a determined hacker/cracker. That is not the point. Perfect securities does not exist within network devices. However, perfect risk management does. And therefore, as security is really about risk management, perfect security does exist and is achievable as long as you do away with the notion that security is about limiting access and rather accept that security is about managing risk.
Re:I thought the keyring was encrypted (Score:4)
There are, however, many more than 26 words...
Thus, an eight word pass*phrase* is -vastly- more difficult to dictionary-attack than an eight character pass-word-. If this isn't powerful enough for you, add more words... gpg and pgp allow some silly length of passphrase.
But supposing there are 10000 words in the english language (and that your passphrase is in english, but why should it be? Even we under-cultured americans take some token foreign language class and can cobble together a sentance or three in another language...), well, then, an eight word passphrase has 10000^8 = (10^4)^8 = 10^48
(ie, "this is my secret passphrase dont you know" is different from "This is my secret passphrase, don't you know." is different from "THIS IS MY SECRET PASS... " eh, you get the idea.)
In short, passphrases are not vulnerable to dictionary attacks if your passphrase is a reasonable length. (Or rather, the removal of a few orders of magnitude from the problem will not make it crackable on todays hardware, and when
it -does- make a difference, brute force will be only a few years behind, the same way that 8 character passwords are brute-forceable today and were only dictionary attackable a few years back...)
Though, it would be advisable to avoid using famous lines and quotes, since the first passphrase dictionary attack attempt would almost certainly include the 'to be or not to be' speech with various truncations, the first line and chorus line from every top forty song in the last fifty years, etc.
Also, remember, most dictionary based cracking tools try substituting zero for 'O', four for 'A', etc, to match 31337 'spelling' styles, and trying all the case combinations... so those obfuscations don't really help.
It -does- help to try something like, taking the first letter of every word in a sentence, like,
'I'm going to obfuscate my password' -> 'igtomp', which you can that capitalize or obfuscate at leisure (though -nothing- will make a six-character password secure, so use a longer sentence!); this gives the benefits of passphrases (memorizability) even for passwords that have to fit in some small space (like 32 characters or whatever, where a password spelled out might be short enough to still be dictionary vulnerable because it's only 5 words instead of 8 to 10... )
Anyway, that's my thoughts for to-day.
Parity Odd
--Parity
I thought the keyring was encrypted (Score:2)
Sure, someone getting hold of my keyring compromises the security of any encrypted transmissions I send, but only somewhat, as it is not terribly useful without my passphrase (which will never ever ever fall to a dictionary attack).
-josh
Re:improving crypto keyring security (Score:2)
Fighting injustice with cheese wiz (Score:2)
Hmm (Score:1)
Duh.
Re:Use a more secure OS... (close) (Score:2)
Re:an unconstructive comment (Score:2)
In other words, your encrypted files may only be as secure as the computer and network on which the key resides.
Well... duh.
My thoughts exactly. I mean.. c'mon. :\
Floppies and PDAs (Score:1)
> and never have it in the computer when it's
> connected?
That's what I was thinking of doing...but then I've got to disconnect to sign emails.
Other possibilities:
Re:Come on (Score:1)
> because the rest of us have nothing to hide
> from the world.
But we do have to protect against the people who would take advantage of us...what about the recent articles on incorrectly configured 802 leaving networks wide open? Do you really think the competition won't just hang out across the street at Starbucks and check out how the competing product works and plans for new features?
How is this news? (Score:2)
Security is not a product, it's a procedure.
That doens't mean you shouldn't use pgp.
Will pgp prevent my officemate hacker boy from reading my email? not if he really wants to.. he'll figure out how to spy on me and get my key.
Will it keep some guy who roots my mail server from getting at the secure email stored there? Sure it will.. he's out of luck.
Use some common sense (Score:4)
Another good assumption is that the intelligence services prefer breaking fingers to keys. Why waste a billion dollars in computing power when you can simply crack the guys fingers unless they give you the key?
A third one is that they aren't usually that interested in your pr0n collection.
(Yes, it're stolen from applied crypto. But it's good advice.)
-henrik
Re: (Score:2)
Comment removed (Score:5)
Re:I thought the keyring was encrypted (Score:2)
93^50 is 2600000000000000000000000000000000000000
00000000000000000000000000000000000000000000000
000000000000000000
that should be 97 0's I may have miss counted
but anyways thats approxmatly the same as true 327 bit encryption
PPS (Score:3)
To solve for this, I'm writing a specification for transparent encryption of email using standard MUAs. Please feel free to check out the PPS homepage [ajs.com], which will be moving to SourceForge sometime RSN (basically, I'm just waiting to get over the learning curve at my new company). The nice things about PSS are that it does not require that a user know their email is being encrypted and that it does not require a specific encryption back-end (it's design assumes something PGP-like, but you could easily adapt any public-key system).
Let me know what you think, and send me email if you have any questions at all. Thanks!
Re:Keyrings are as secure as the passphrase (Score:2)
You need phrases long enough to give you enough bits to cover the key space, but anything over that is unnecessary. Maybe 25-30 characters. That's long enough to make a dictionary attack on your passphrase about as costly as a brute force attack on the block cipher.
Re:PGP helps my courtship. (Score:2)
--
This is neither new nor interesting. (Score:2)
In the real world, when very serious people (embassies, intelligence officers, etc.) want to communicate securely, one of the first things they do is a threat analysis. What sort of attacks am I expecting? What sort of attacks am I certain I won't be hit with? Then, the hardest to assess, what sort of attacks am I unaware of?
Once you have this sort of threat assessment, you tailor your security practice to it. Do you really have a well-founded concern that someone's going to use a browser vulnerability to steal your keyring? Okay, then, the answer is simple: don't keep your keyring on the same machine as the web browser. Are you concerned about people Van Ecking your monitor and grabbing your passphrase? Then buy TEMPEST-shielded equipment.
There is no, nor has there ever been, a one-size-fits-all answer in the security arena. We have a great many tools, each of which is meant to protect against one specific type of attacks--or for the really good tools, one specific category of attacks. You mix-and-match these tools to create your own security solution, tailored to your needs.
It's a common affliction of the truly paranoid and the cryptologically naieve to want to be shielded against every method of getting passphrases. I hate to break the news to you guys, but you're nuts. A black-bag job can recover your secret keyring, and give my friend Guido five minutes to talk to your kneecaps and the rest of you will be singing your passphrase to the tune of the Hallelujah Chorus if that's what Guido wants.
On the other hand, most of us don't need to worry about black-bag jobs and Guido.
Assess your threats, people, and make your decisions accordingly.
Biometrics are dangerous. (Score:2)
Imagine the havoc a trojan fingerprint scanner could cause. Suddenly, a cracker would have thousands of fingerprints. Now Charlie Cracker tries to access a porn site, using the credit-card number of one of these people. The site asks him to "Please press your thumb into the reader for authentication." Instead of pressing his thumb into the reader, though, Charlie Cracker just sends the same 1s and 0s which represent the real person's thumbprint.
Presto! Instant authentication.
Now, this is not anything different from passphrases. A keylogger can do the exact same thing for a passphrase that Charlie Cracker is doing with his biometric hardware. There is one major, significant difference, though.
You can revoke a passphrase-controlled key.
Good luck trying to revoke your thumb, man.
Oh, and don't forget (Score:2)
Re:I thought the keyring was encrypted (Score:2)
To answer some questions (Score:3)
One of the points made in Secrets and Lies is no, you can't make it as secure. At least, not without much effort. For your PGP data to be really secure you woould have the key in ROM, on some sort of PCMCIA type card, and locked in a safe when not in use. The message would be encrypted on a computer that's not on a network, and the encrypted message would be put on a floppy and sneaker-netted to the networked pc. Due diligence would be used in selecting the public/private pair.
The real question is, how secure do you need the data to be? Secure for a few hours to days (tactical) or secure for a few years to forever (strategic)? For tactical, PGP is Good Enough. For strategic(in text messages) a one time pad is required. Also, who is it secure from? Your annoying kid brother, or the NSA/GCHQ? That, too, determines what security you use.
Re:I thought the keyring was encrypted (Score:3)
Re:Semtex. (Score:2)
An even better approach might be one of those USB flash-storage dongles that have been mentioned here before. They have enough space for your (PGP) keyring and, IIRC, they'll fit on your (metal hoop) keyring. Assuming they work with Linux, this would seem to be a natural application...stick your key in the USB port to enable PGP signing/decryption/etc. They should also be more reliable than 3.5" floppies, which are notorious for dropping bits.
Re:I thought the keyring was encrypted (Score:2)
--------
Genius dies of the same blow that destroys liberty.
Re:Use a more secure OS... (close) (Score:2)
All you need is a faraday cage, no? I would have thought that gvmt buildings mandated those built into the walls.
For a personal computer, just wrapping the whole thing in fine chicken wire should do it, I would have thought.
Of course, as the recent drug trial shows, unless you have maintain physical access security of your systems at all times, a dedicated attacker can just install a keyboard snooper on the cable itself, making tempest unnecessary.
Security is NOT absolute (Score:4)
So, for example, my private email communications with my friend in New Jersey are done using GPG. We both have 1024 bit keys. Do I store my private key on some non-interceptible media? Do I have my computer room tempest shielded? No, of course not. But why should I. The risk of my emails being wanted by anyone other than my friend is not very high. My only reason for encrypting our communication is to make it difficult for casual snoops. And given me and my friend's relative importance in the world, those are the only people who will try to eavesdrop on our communication. I'm sure that professional snoops would easily be able to get our communication without our even knowing it. But I'm also pretty sure that there are no professional snoops running around even trying to read our email.
My conclusion: GPG is good enough, becuase the relative risk is very low. Is the exact same set up good enough for communication between the President and the National Security Advisor when talking about issues of national security? Probably not. (Ignore for the moment that the Pres has sworn off email.)
My point: you can't answer the question of "is PGP (or GPG) secure enough?". The answer depends on what you're trying to protect.
The Golden Rule of Encryption (Score:3)
Encryption is secure, people aren't.
Like the poster states, the biggest problem with the encryption tools is how well we use them. The safety of today's encryption standards are very good. For the average user, and even most users with high security needs, today's encryption tools provide enough safety to make any attempts at decryption just not worthwhile.
But, the only way to make it work is to make the encryption just one part of a total privacy methodology. It has to become a habit and not an afterthought. Because if it's not a central part of you practice, mistakes will be made, and data will be compromised.
Don't rely on defaults. Know where your data is. Know what's encrypted and what isn't. Know who has access to your information. Yes, it's difficult, but it's necessary. We are in the middle of entering a stage of humanity when the free flowing of information will be both a blessing and a curse. The information we need to survive will be easier to find, but at the same time, the information we need to keep from others will be harder to secure. Rather than thinking of security and encryption as just a "Spy thing" we have to think of it as a normal part of our everyday lives, much like shopping online has become a regular thing, when it was just a novelty a few years ago.
It will be hard, and not everyone will care, but eventually we'll get there.
--
Re:I thought the keyring was encrypted (Score:4)
For a dictionary attack, it wouldn't get it. For a brute force attack, using the 93 or so characters.. "IlovetuxIlovetuxIlovetux" - that's 24 characters. There are 93 permute 24 options for that, or 6.75e45. Now, to be fair, starting with one digit characters, thare are a total of 93 P 24 + 93 P 23 + 93 P 22 ... + 93 P 1 - or 6.856e45. A brute force attacker will give up before then, because even if you can do 1,000,000 tries a second with a really fast computer, it will still take 2.174e32 years. Now, even if you limit your passphrase to say, the set a-z, there are still 2.89e26 combinations. A million per second (which, AFAIK, is much higher than you can expect to get in scenarios such as this) and you'll still need 9.16e13 years.
The real weakness comes when your passphrase is say, 6 characters long and no punctuation (and the latter is known to the attacker) - then you have only 1.49e10 combinations, which will be solved by our fictional computer in just under 2 days.
Weak links (Score:2)
And at least for the computer, we all know that the average PC isn't very secure at all. While we all love to knock Windows, Linux has also had its share of recent reports where unauthorized code manages to run with sufficient permissions to do a large amount of damage.
My favorite attack continues to be a small hunk of code that manages to hijack low-level input in a transparent fashion (that is, it passes a copy of the input on, or is listening in parallel, so nothing appears to be "broken"). Monitor the input, keystrokes for example, looking for text that matches whatever you're looking for. Scan likely places on the hard disk. When you find something promising, report it. Try to propogate yourself in non-intrusive ways -- sending lots of e-mail may be quick, but it's obvious -- not good if you're trying to stay undetected.
What I worry about these days is that it has gotten very difficult to know just what software is actually running on the box, regardless of the OS.
Re:I thought the keyring was encrypted (Score:2)
The only solution to this problem I see is after x amount of time you should just assume its been compromised and revoke it and probably keep it on a floppy.
Semtex. (Score:3)
Or did you mean things like making sure the key is only used on YOUR private system and to keep the private key ring on a floppy that's with you at all times?
In addition... (Score:3)
Jason
use a good pass phrase (Score:2)
for those thinking "what if they break the symmetric cypher used to encrypt the asymmetric secret key?": you'd be screwed anyway. when you use gpg or pgp, it generates a random symmetric key to encrypt the message with, then uses rsa or el gamal and the public key to encrypt the symmetric key.
gnu keyring (Score:2)
To avoid someone compromising my keyring, I keep my passwords encrypted on my Handspring Visor with GNU Keyring [sourceforge.net].
Perhaps the next step would be to keep my PGP key encrypted on my Visor, and anytime that I need to use it, pull a sync from the pda which requires a passphrase to access it
Better than a damn floppy which always crash and burn when I put them in my pocket.
Physical Key Extraction (Score:2)
an unconstructive comment (Score:2)
Well... duh.
Encryption relies on keys, which are kept in keyrings, which are computer files; and those keyring files have a default install location; and while that default location can be changed, the program still keeps track of where it is. In the case of PGP, this is a file called PGPprefs.txt, and that has a default location that (as far as I know) cannot be changed. And if it can be changed, the location of the preferences file has to be stored somewhere.
*cough* sourcecode *cough*
Re:Some ideas.... (Score:2)
--
Under the 5th Amendment... (Score:2)
Can you be compelled to produce physical evidence against yourself, like the key to a lock? Of course not, if you are the defendant and you haven't been dumb enough to tell your lawyer about it. Your attorney has an ethical obligation to the Court, and may have to turn something like that over. You as a defendant do not. The confusion arises because parties to a case other than the defendant or his spouse can be compelled to produce physical evidence. But not a defendant or his spouse.
This doesn't mean that the police can't lie to you and manipulate you to try to extract evidence from you. They can and do all the time. For example, I was once told by the coppers "cooperate [i.e., turn over the stuff we're looking for] and we'll let you go with no bail. Don't cooperate and we'll talk to the judge and make sure you don't go home tonight." So, unsurprisingly, I got a $10,000 bail, since I didn't "cooperate" with the bacon. No wonder I hate pork.
But I do plenty of "illegal" things... (Score:2)
So, yes, I cover my ass with encrytion as thick as any. I do so because I don't want any of my own free speech to be held against me one day by a government which has proven itself crufty and bloated and untrustworthy. I do so because I help to violate copyrights which are artificially extended far beyond their useful lifetimes and which now interfere with the right of fair use. And between PGP 2.6.3ckt, Scramdisk, Scorch, a batch process for overwriting and restoring settings on startup and shutdown, a ramdisk for swap, two firewalls, enough open land around me to make even TEMPEST unviable, and a physical access control to my computer room, I have one of the most secure systems you could imagine. I not only feel secure, I am secure, from any sort of government aggression or abuse of my rights. Is it overkill? Yes, it is. But better safe than sorry. If every hacker took the precautions I do, the government would be hard pressed to prove a case at all.
Re:What, Me Worry? (Score:2)
I know someone who had a shrink that kept calling the police, telling them that her patients (one per call, not in a group) were about to comit suicide. She got into big trouble about it eventually.
Having known a few people doing psychology degrees, I've come to believe that they enter the field in an attempt to understand their own psychosies
Rich
Re:Come on (Score:2)
Got a lock on your bathroom door? What you doing in there, drugs? Jerking off to kiddie porn? Why else would you have a lock on your bathroom door?
I guess I shouldn't bother encrypting all these credit card numbers on the server.... someone will think it's illegal material and bring down the feds on my ass. Better to leave em where anyone can find them easily....
Oh. Good troll. you had me goin there for a while.
Sneak and Peak warrants (Score:2)
Before the Meth Act was passed last spring, the Secret Search Warrant provisions were removed in the House Judiciary Committee. Credit to ultraconservative Bob Barr (R GA) and ultraliberal Tammy Baldwin (D WI). Similar language died with last year's Bankruptcy Bill, and was not included in this year's version. As far as I can tell, no similar legislation has been intriduced in the current Congress.
Security procedures have always been the weak link (Score:2)
Phil Zimmerman alluded to the ease of use issues with PGP when he left Network Associates and went to HushMail. Those issues are (IMO) most likely to result in compromise of security, because the users really must understand all of the links in the process to maintain security.
Bottom line is that you usually can achieve practical security (i.e. the resources needed to crack the ciphertext exceed the value of the plaintext to the potential cracker). But absolute security is very difficult to achieve with current technology. No news there.
Re:Some ideas.... (Score:3)
3) Keep up-to-date software. Remember the pgp 6.5.1 problem ? (I don't know if I have the right version, but it was something to do with not generating sufficient random numbers - although someone will probably correct me)
Not sure what you're refering to. "Recent" bugs in PGP include:
Hope this helps?
Re:Some ideas.... (Score:3)
Hey - I'm involved with Scramdisk [clara.net] - I'm not going to help you ;)))
Read my FAQ! (Score:5)
Interesting story - you may like to look at my PGP DH vs PGP RSA FAQ [clara.net].
To quote the FAQ:
8.2. Get the threat in perspective!
The NSA (probably!) aren't specifically interested in you. They aren't going to break into your house to install bugs, or monitor your screen from a block away. They will however collect all of your messages sent over public networks.
PGP protects you from one form of monitoring - Echelon or other passive network sniffing. When your messages are captured by this global monitoring system, along with millions of other messages a day, the NSA can possibly decide to try and decode your message.
The most significant threat to PGP comes from user sloppiness. It is far easier to install a keylogger on your computer, install a trojan version of PGP, or bruteforce your passphrase than to break any of the cryptographic mechanisms employed by PGP.
If you are seriously worried about Intelligence Agencies actively monitoring you, then the last thing you should be worried about is them cryptographically attacking your PGP crypto implementation!
I'm currently working on a new version, and the ToDo list is here [samsimpson.com].
Use an IButton (Score:2)
The best place to store your keys are in a Java Ibutton [ibutton.com] from Dallas Semiconductor, IMHO. You can get accessories/holders [ibutton.com] for it on your watch or your actual keychain (you know, the physical one which encrypts your house and your car to you)... there's even a thread on Slashdot [slashdot.org] from some time ago on it.
Encrypt the key (Score:2)
So I suggest making a loopback encrypted filesystem [kerneli.org], placing the key on it and only mounting it when you need the key. It would be nice though if a password dialog would pop up automaticly when the key is needed by some program (say when evolution needs it for gpg).
Re:In addition... (Score:3)
The government wants to routinely intercept all communications. By forcing them to break into your house to install keyloggers you vastly increase the cost of spying to the point where it isn't economic to spy on everyone.
Keyloggers are still hassle though - especially if people use multiple computers / change keyboards etc.
Re:How many anger-inducing stories will /. post? (Score:2)
The point is not to find a foolproof system, but talk and ingeniously devise new techniques that lower the effort vs security tradeoff. What potential (if any) do the new USB keyring drives offer? What risks?
Even though I have little need for security, it's an interesting game. (And on some days I consider it almost a duty to encrypt unimportant email, to help maintain the right to privacy).
DIY tempest shielding (Score:2)
Anyone have any good links?
Would you keep your car keys in the car? (Score:2)
No you would not. Well don't leave your encryption keys on your computer then. Perhaps a device mentioned here before [slashdot.org] would be quite the security solution. Keep your encryption key on the same keyring as your hax0r house keys. (And it will be nice to see them try and jimmy the locks of an 8MB key!)
Re:Come on (correction) (Score:2)
In the US at least, law enforcement cannot "force you to give up passwords to your "secure" files." IIRC, some sort of legal document called the Bill of Rights, i.e., Amendment 5, protects a citizen from self incrimination. The 5th Amendment protects us from having to give up encryption keys. This is a fact (well, now at least). Of course, IANAL, (yet)
Re:I thought the keyring was encrypted (Score:2)
This has the added obfuscatory benefit of being an absurdity.
Bingo Foo
---
Hack Shoeboy (Score:2)
---
What, Me Worry? (Score:2)
I am not a psych, and I am sure I would not want to be. But in this case, a few novel ideas might be applicable.
To start from a place that is familiar: We know about paranoia, and we know about hypochondria. and so I made the leap to the idea of something that could be called paranoid hypochondria, which would be a disease where the person is constantly seeing diseases in others. This disease would be very dangerous to have in doctors and shrinks, etc., since whoever checks them?
The next step would be a form of paranoia where a person sees criminality constantly popping up in others, even when inappropriate. This would be dangerous in law enforcement, in legislators, erc.
The implications for human rights are easy enough to work out.
Check out the Vinny the Vampire [eplugz.com] comic strip
Re:How many anger-inducing stories will /. post? (Score:2)
Take a second look at the last line of my post, where I mention any saved files get chown'd back to the user. This could be further refined by doing a "safe copy" back into the user's directory. For example, ~/lynx-jail/textfiles/foo.txt would get copied over to ~/textfiles/foo.txt, provided that there are no dotfiles in the path (thus a malicious application couldn't create ~/lynx-jail/.rhosts) and provided that nothing gets copied overwritten by the copy (thus defeating someone attempting to create ~/lynx-jail/Mail/received). You could make this even slicker by specifying that certain files (such as those ending in .txt) may be appended automagically if they already exist. Or it could prompt the user for resolution.
And if you wanted to get really fancy, you could put all the changes under CVS, so that the files within the lynx-jail get checked in.
I've yet to look into any of the more secure operating systems, but one advantage of my system is that it'd require few-to-no changes in the kernel. This is especially desirable if it's going to take awhile before such systems are fully tested and deployed on a regular basis.
Re:How many anger-inducing stories will /. post? (Score:3)
Next time, how about reading the article before going off half-cocked? As usual, the Slashdot story has a less-than-accurate summary line. However, if you read the last paragraph (i.e. where we get to the actual question after wading through the background material), it reads "So what are good practices to adopt when using encryption software?". The supplicant then goes on to ask about some particular possibilities for improving overall security (such as keeping your key on a disk). Given that security practices are often as important as security software, I don't see where the problem is.
As far as possible solutions go, one interesting possibility might be dynamically generated chroot jails for network clients. For example, every time I start up lynx, my ~/.lynxrc and ~/lynx_bookmarks would get copied to ~/lynx-jail. Lynx would then be run out of ~/lynx-jail using a dynamically generated "nobody" user account. After lynx terminates, the config files get copied back and any saved files get chown'd over to my normal user account.
Word counts (Score:2)
Re:Weakest link in any crypto is... post-it notes! (Score:2)
No one ever said security was free...
All this worry about encryption (Score:5)
AOL'ers so stupid they type PayPal Id's and passwords into bogus email, which forwards this on to a mailbox somewhere. (I got the spam but spotted the bogousity immediately.)
Security holes in M$ IIS so big that it gets hacked on a regular basis, because either there are so many holes or admins can't/don't keep up. So much for a quality product.
People who open email attachments (let alone use clients well known for their integrated virus vulnerability) even when this sort of scare has gone on for years.
People write passwords on Post-It notes and leave them in their drawers, or que horre on the monitor.
We have met the enemy and he is us. Never was more true.
--
Keyrings are as secure as the passphrase (Score:3)
The whole point of a passphrase is to use a phrase. That means more than one word! I compose a nonsense sentence with misspellings and other substitutions that make it virtually impossible to guess. Go with the suggestion of nonsense obscenity--mix in a variety of misspellings and obscenities into a usually inocuous phrase. Mix in numerics as any 31337 hax0r would (only don't stick to the 31337 rules) and you have something unguessable. There is no need to write it down, since it is memorable to you. If you need to, write yourself a hint that leads obliquely to the phrase. Someone will still have to spend a lot of time to recover a 50-60 character sentence to decode your keyring.
Re:My dear boy (Score:2)
In Heidi, however, I have found a soulmate, someone I can love. Someone I can reveal myself to.
I shall try your advice. I cannot tell her I am in command, for we will be merging, but I shall sweep her off her pretty little feet.
KTB:Lover, Poet, Artiste, Aesthete, Programmer.
Re:PGP helps my courtship. (Score:2)
I desire her for herself, not because she is related to some Open Sores celebrity.
True Love always finds a way. So help me God, I shall make her mine, nomatter the barriers in my way.
KTB:Lover, Poet, Artiste, Aesthete, Programmer.
PGP helps my courtship. (Score:5)
But there is another demographic that uses it: Lovers.
I have been trying to court Heidi Wall and save her sweet innocence from that bastard offspring of de Sade, shoeboy, for some time. PGP allows me to talk to her and my friends who are aiding me in complete secrecy. By using PGP, I can be much more open in my billet doux than I would ever dare to be normally, as I am sure that third parties are not watching over my shoulder.
Speaking as a virgin, and one who has reserved his heart for one girl and one girl alone, I can say that PGP is enormously useful to me in my courtship. I hope that it further breaks out of its criminal ghetto and is used by lovers everywhere.
If you are courting a girl, try PGP. It helps you reveal your heart.
KTB:Lover, Poet, Artiste, Aesthete, Programmer.
Rubber Pipe Cryto-Analysis (Score:2)
A Crypto-analysis attacks the weakest link and weakest in link in a typical Crypto system, including PGP, is the Human.
This type of attack is so common, it even has a name; "rubber-pipe crypto-analysis". Essentially the idea is that cosh is used to beat the key out of the person.
Crude but effective!
So no; whilst we continue to include a Human factor, Encryption is not really secure, because people are not really secure.
Re:ibutton (Score:2)
It would seem the real solution would be to do away with the passphrase and create the private key based on biometric (fingerprint, retina scan, DNA sequence, etc) data. Of course, then, your key is only as secure as your finger, eye, blood, etc. (On second thought, DNA is way too easy to come by, let's scratch that one off the list....)
Do you know what PGP stands for? (Score:5)
I think what you want is the upgraded version, DGP (Damn Good Privacy), or perhaps UFBP (Unfucking-Believable Privacy). We're expected to release those upgrades Real Soon Now (tm).
PGP manual, absolute security, human users (Score:3)
There was already a Word marco virus Caligula [f-secure.com] that attacked the PGP secret keyring and mails it to codebreakers.org, circa 1998.
You are mainly concerned with your private key ring, since lose or corruption of that would be the most damage. If the public key ring was modified you could alter local trust of a specified key, but it could not sign a public key without the private key.
As others have stated the private key itself is protected by symmetric encryption (e.g. IDEA, TripleDES) and you need the passphrase to unencrypt this encryption. So, a private key protected by a poor passphrase could be brute forced using a fast dictonary search tool, similar to Alex Muffett's crack for Unix passwords.
There are several ways to increase the security without irrating the user, such as using a floppy based key ring, using a smartcard [linuxnet.com] memory card to store your own public/private keys, using a Dallas iButton, a removable PCCard (PCMCIA) storage device, or using a crypto smart card that stores your own private/public key, and does the RSA calculations on the card, designed in a such a manner as the keys cannot be extracted from the card. This gets into Differential Power Analysis [cryptography.com] (PDA) and tamper resistance [cam.ac.uk] attacks.
For a high security application, you could consider a hybrid smartcard and PDA (e.g. Palm), which forms a small trusted computer. Of course most security experts wouldn't call a out of the box Palm and PalmOS a trusted platform, but it's an example of a smartcard with a direct human interface (human input & output), rather than trusting a larger more complicated computer which is also more flexible because it is designed to be general purpose. Some 3G cell phones plan on having similar smartcard interfaces I believe. I think Nokia had a prototype. Of course since there have been some trojan SMS messages already seen in Europe, and with WAP expected to expand its capabilities rather than die, you can expect this to be a more virus friendly platform as cellphones evolve.
While Bruce's Secrets and Lies shows his change of heart from the absolute security through cryptography that he and cypherpunks dreamt of in the early 90's, he now understands that absolute security in a practial system is a myth, and wants readers to think like engineers in weighing of trade-offs, how easy to use verus how secure, and how expensive vs. how secure. It is not a reason to give up on cryptography, but to realise that in designing and working with secure systems you need to look at more than just which neat cryptographic algorithms to use.
Some ideas.... (Score:5)
2) Make your passphrase something stupidly difficult. Even two words without spaces is n^2 (where n = number of words you know, probably about 30,000 if your averagely(sic?) smart) harder to crack.
3) Keep up-to-date software. Remember the pgp 6.5.1 problem ? (I don't know if I have the right version, but it was something to do with not generating sufficient random numbers - although someone will probably correct me)
4) Treat all unencrypted email as public domain. Consider it read by your boss, IT department, the recipient's boss and the recipients IT department.
5) Treat all encrypted stuff as just encrypted for a certain period of time. All those encrypted archives that people made 10 years ago ? With todays tech, it'll probably be just a matter of hours before they're all plain text again.
6) Use cryptology for messages that don't require it - otherwise only the interesting stuff will be attacked
That's my 0.03 EUR. Chances are I've kept some gaping holes in their, but what the hell - have to make some posts sometimes....
Meme engineering instead of Dictionaries (Score:2)
I sometimes wonder what the most powerful information-finding institutions have in the way of meme searching. Most people aren't random- when they think of a passphrase, they're going to to choose whatever is on their mind. For example, consider the "Ilovetux" passhrase. A slashdot user suggesting a Linux-realted passphrase seems pretty obvious. How many linux phrases are their in wordspace anyway? 1,000?
It seems to me a sophisticated conspiracy type group could drastically reduce the "keyspace" of words by compiling a playbook of words things people like and starting with that. Instead of comparing all words, why not compare words and quotes from pop songs, the Simpsons (and other tv shows), Final Fantasy characters (and other video games), User Friendly and Penny-Arcade sayings (and other comics). Then they start their search by building phrases from those. (IloveMiranda, IloveTycho, IhateMicrosoft) x2 x3 x4 etc etc.)
I guess this line of thinking stems from my own personal paranoia that people are almost shamefully predictable, and that powerful, possibly sinister forces understand this and use it to their advantage. ; -)
Re:Use a more secure OS... (close) (Score:2)
Anyway, the equipment to intercept computer emissions is subject to Moore's law too, so someday soon it will be within the price range of industrial spies, and the next year PI's will be using it to dig up dirt for divorce cases. We can ban it. That will work, sure, just like banning guns...
Re:To answer some questions (Score:2)
Re:Use a more secure OS... (close) (Score:2)
It isn't a risk I would worry about at present, unless you've really made enemies in high places -- and they'd probably go for a more direct attack anyhow. But technology keeps advancing. To really be safe, you'd want your keys to stay inside of a shielded calculator- or credit-card-sized device, preferably one that had to be unlocked by biometrics (fingerprints, e.g.), read on its own scanner. This device would have to do encryption itself, so as to never send out a private key. However, you'd have to type a message on another machine and send it to the security device in the clear, so there's a little vulnerability there...
All this is highly theoretical -- most users leave their systems open to much cruder methods, like read the password off the post-it note, recover secret documents from the trash, ask someone to let you in so you can do some maintenance...
Re:Use a more secure OS... (close) (Score:2)
A room-size faraday cage is the simplest solution, but there's more to it than chicken wire. The chicken wire (or aluminum or copper foil) has to be electrically connected all along the edges -- and construction workers don't know how! Doors need conductive gaskets. Power lines need filters. I think it would cost $20K to build as a commercial project. As a government project, with union work rules and inspectors tripping over each other... The armed services do have electronics shops inside faraday cages so top-secret electronics can be worked on, but don't ask me what they spent on them. The one I was in had a bank vault door that must have cost $10K all by itself. (This opened inside the building. But then there was a fire exit door to the outside that was just an ordinary metal door with added gasketing -- and when the air conditioning wasn't working hard enough, the techs would open it to let some air in... 8-)
Re:Some ideas.... (Score:4)
Also, you can make use of the PGPDisk feature in recent versions of PGP. Make an encrypted PGPdisk and store you key in there. In windows, whenever you want to encrypt something, you mount the PGPDisk (under an assigned drive letter) with a password. Until you enter this password, this drive does not exist. If someone finds the PGPDisk file, they still have to crack that first. And if the PGPDisk file happens to be on the order of 100MB in size, it will be difficult to move around undetected.
That PGPDisk may also be store on your favorite removable media to be taken with you wherever you go.
So there you have it, redundant passpword protection, a hint of storing the key in an obscure place, and a fairly large encrypted file that may be difficult to yoink without passing under some network traffic radar.
Now if only someone could point me to a FAQ or How-To set up a PGPDisk (preferably compatible with the windows-PGPDisk standard) or other encrypted loopback device, that would really help me out.
Secure? (Score:2)
Basically what you're saying is that if you leave your keyring on your main hard drive, it's as secure as your passphrase. This has been a recurring theme in computing since the first password-protected login.
People write down passwords, or tell them to techs, or choose stupid ones. A properly-chosen passphrase isn't going to fall to a dictionary attack. If it's long enough, and uses enough tricks (odd punctuation and capitalization, intentional misspellings, non-words...), then it should do the trick. Why do I say that when we know perfectly well that it's still crackable?
A security system offers inconvenience to those attempting to bypass it. Put together a big parallel processing array, and use up a whole bunch of CPU cycles, and you could crack anything encrypted on my system, but who cares? Who's going to go to that much trouble for my piddly little secrets?
Face it, we don't need Tempest shielding and floppies stored in safes for our personal information. Businesses may be a different story, but it still depends on the type of secret and the size of the business.
Re:Come on (Score:2)
Re:Come on (Score:2)
And I'm not denying that, but there is a distinct difference between "should be" and "is".
My dear boy (Score:5)
Speaking as Slashdot Playboy since 1997, I feel I am qualified to advise young pups such as yourself on the appropriate etiquette when wooing a young lady such as this.
I recommend you make the young lady feel in control. Remember - you are a love god and she is your willing pupil. Young ladies love a man who can show her who is boss. Speak firmly but not roughly to here.
Do not suggest PGP to her, tell her that you will be using PGP.
Hold this young lady by the hand. Carry her over the romantic threshold. Slather her in kisses. Make your own provision for prophylatics. Buy her a single red rose. Whisk her off to Paris. Do whatever it is it takes.
Show this feisty young lady you are in command. Fear not the monstrous shoeboy, with his rough and ready approach to women. You shall woo her like she's never been wooed before and will never be wooed again.
--
Slashdot playboy.
Slashdot love god since 1997
How many anger-inducing stories will /. post? (Score:4)
If you're going to ask questions like these, you have to say, "well, is any security really secure?" And the answer to that is of course "no". "You almost certainly don't own a secure computing system with physical access controls, TEMPEST shielding, "air wall" network security, and other protections." DUH! How is this insightful? How does this lead to any meaningful solution to the problem? So what, just stop using encryption? So what, just stop assigning a root password?
This Ask /. implies that it doesn't work at all and that we aughta just stop using it. Why? Because there's no answer - there's no solution. You can't just have everyone shield their PC's from TEMPEST - and of course, exactly how many people are getting scanned in the first place? Not everyone is willing to drop their PC into a vat of concrete with no net connection to keep people from sitting at it to gain access.
So what's my bottom line here? "Is encryption really secure?" Well, as I mentioned, nothing is really secure, so the answer is "no". Of course then again, security works 99% of the time (or a little less), so let's just keep using it and not ask stupid questions like these. They've been thought about before.