NSA and PGP

Discussion in 'Politics, Religion, Social Issues' started by cclloyd, Jan 22, 2014.

  1. cclloyd macrumors 68000

    cclloyd

    Joined:
    Oct 26, 2011
    Location:
    Alpha Centauri A
    #1
    Does anyone actually know how safe PGP communications are? I've been doing some research and it seem that it would be hard for anyone to look in on your message unless they got a hold of your private key.
     
  2. bradl macrumors 68040

    bradl

    Joined:
    Jun 16, 2008
    #2
    I'll post more on this when I get to work, as I was using PGP when the whole NSA/RSA/IDEA issue popped up in the early/mid 90s. Expect something in a couple of hours.

    BL.
     
  3. iJohnHenry macrumors P6

    iJohnHenry

    Joined:
    Mar 22, 2008
    Location:
    On tenterhooks
    #3
    And he was never seen again ..... ;)
     
  4. satcomer, Jan 22, 2014
    Last edited: Jan 22, 2014

    satcomer macrumors 603

    satcomer

    Joined:
    Feb 19, 2008
    Location:
    The Finger Lakes Region
    #4
    Not very safe from No Such Agency. Maybe you should watch the video -

    "How did the NSA hack our emails?"

     
  5. sjinsjca macrumors 68000

    sjinsjca

    Joined:
    Oct 30, 2008
    #5
    Good enough for Ed Snowden. But...

    Snowden famously insisted that Glen Greenwald communicate with him only via PGP-encrypted emails.

    That's a heck of an endorsement.

    However (with the caveat that I don't work at NSA and really know nothing more than what I've read), it appears that use of encrypted email can flag you for closer inspection, and your encrypted communications can be retained indefinitely for ongoing review. After all, even if you're not a person-of-interest now, maybe someday you will be. Or so goes the logic.

    So, it buys you some privacy. In a commercial situation where you just don't want your competitors or most state sponsors to eavesdrop on your communications, that's probably entirely sufficient. But if you truly believe NSA has an interest in you, you should not be using email at all, probably. For one thing, only the email contents are encrypted. Senders and recipients aren't-- in fact, can't be. So even if what's being said between you and your recipients is successfully cloaked, the fact that you're corresponding with them is open to inspection at every node in the chain. Similarly, if you maintain perfect hygiene, what if even one of your recipients does not? For example, once they open an encrypted email from you, the open text is vulnerable and may be accessible on their disk.

    This isn't anything for non-experts to play with.

    My take: if you're a dissident in some benighted 'stan, your encryption is probably safe but who you're corresponding with is open. You can get around that with Tor, which will probably get your communications safely outside the border. But if you are of interest to the NSA, your best bet is to avoid email. The cables functionality in Liberte Linux might be a suitable replacement.
     
  6. satcomer macrumors 603

    satcomer

    Joined:
    Feb 19, 2008
    Location:
    The Finger Lakes Region
    #6
    He wasn't better than an old noob. By his own leaked documents they could read the emails of anyone and he went for encryption (look at the video I posted just above) that by his own documents they could read those encrypted email.

    So why did the FBI go after his email provider?. Plus he didn't use PGP he used Lavabit instead!
     
  7. sjinsjca macrumors 68000

    sjinsjca

    Joined:
    Oct 30, 2008
    #7
    False. That's not how I read his disclosed documents at all.


    They can crack some transit encryption, perhaps because they possess certain root keys from Certificate Authorities. Similarly they can crack some file and email encryption, particularly when a public CA is involved (as is the case in S/MIME email encryption usually), and they've backdoored some encryption technologies. But PGP, implemented correctly, remains as impenetrable as anything, so policies reportedly exist regarding indefinite retention of things like PGP-encrypted emails, allowing further study and prioritized metadata analysis.

    Because they couldn't eavesdrop on Lavabit's privately-implemented transport encryption and wanted to know who he'd been talking to so they could go after them for the plaintexts. Chances are good that emails he sent to any number of contacts sit unencrypted on their disks even now. Some may have even forwarded the email after opening it, for example a journalist may have alerted a colleague or editor.


    Lavabit was his email service provider... or, more properly, one of his email service providers. It provided host-to-client asymmetric encryption using keys not generated or maintained by public Certificate Authorities. That doesn't have anything to do with Snowden's use of PGP or not.


    Anyway, my main point in my post above was that PGP is terrific for private communications with friends and colleagues, and it has special value to businesses, but beware false confidence when it comes to thinking you're hidden from the NSA. And PGP (and S/MIME) users need to realize that sender and recipient names/addresses are entirely exposed.

    ----------

    Bottom line: you are correct. It also guards against tampering of your emails-- if you or a correspondent receive a modified email, you'll know.
     
  8. sjinsjca macrumors 68000

    sjinsjca

    Joined:
    Oct 30, 2008
    #8
    The video relates to elliptic curve encryption only. You're interpreting what's said in the video way too broadly and feverishly IMHO.
     
  9. bradl macrumors 68040

    bradl

    Joined:
    Jun 16, 2008
    #9
    Okay.. now that I've escaped the clutches of the NSA, the TSA, the RIAA, and the MPAA, all while avoiding Kim DotCom and Paris Hilton's new duet video they've threatened to upload, I can get back to my post. :)

    PGP is very safe; however, you should be weary of which version you are using. Back in the early 90s, when Phil Zimmerman was writing all of it, he was under constant surveillance and pressure to not distribute his code, especially because of the patents/copyrights/trademarks/whatever-the-hell-it-was over the RSA algorithms that were used in key encryption and cryptography. The long and short of that: it wasn't allowed to be exported, as the US had judged that cryptography was a munition. However it did get out, so there were the threats to charge Zimmerman under one of the Arms Export Control Act, though he never did export PGP with that algorithm.

    There was an international version that was released (the code was open source) that did not include that algorithm. There was nothing in the laws that said you couldn't import algorithms; you just couldn't export them from the US.

    Luckily the license for those expired, Zimmerman wasn't charged, and all is well.

    Now for the software. PGP went commercial, which didn't help things. GnuPG popped up, and that's been the the most used variant for PGP that I've seen in a long time. I would trust that or the commercial version of PGP (though the commercial version was bought by Symantec, so YMMV there).

    The key with it is to first avoid the RSA and IDEA algorithms; those have been cracked. Second is to avoide anything lower than a 2048-bit key; those are also susceptible to being cracked. Same with MD5, and I want to say that SHA1 has been as well (I may be wrong with SHA1).

    For years I've had a 4096-bit key available if I wanted to do any secure communication with anyone, and have used various ciphers supported. If you keep the size of your relatively high (2048-bit will be okay, but again, I went 4096-bit to make sure that people are good and dead before they crack it), then you should be okay.

    Also, if you are really paranoid, hand off your public key to the person you want to have it in person; have them sign your key in person, as well as you sign theirs. That eliminates anything man-in-the-middle, etc. From there, you should be good; sign your message, encrypt it, and off you go.

    BL.
     
  10. MorphingDragon macrumors 603

    MorphingDragon

    Joined:
    Mar 27, 2009
    Location:
    The World Inbetween
    #10
    Take any Cyber Security course and learn how little you are actually protected. You likely use someone else's computer platform, do you trust each component of it? Do you know that if you use a cryptography package that another part of your system isn't going to compromise it? Even if you trust no one, the nuances required to actually implement this stuff is beyond one person to do well and securely.

    Simply put, if you want maximum security DO NOT use any form of digital communication. The numbers are just so against you.

    RSA keys <1024bit have been "cracked". It's not by breaking the algorithm itself, but by abusing certain properties and doing static and statistical analysis on input and output. These things all take time and bigger keys become exponentially harder to break.

    Crypotgraphy should be though of not by how secure you need data, but how long data needs to be secure. RSA2048bit is fine if you need protection for a week. AES256 is fine if you only need protection for less than a day. But nothing will protect you forever.
     
  11. bradl macrumors 68040

    bradl

    Joined:
    Jun 16, 2008
    #11
    Well said, and thank you for correcting me and filling in the gaps I was missing. That was 10 - 20 years ago! :D

    Seriously though, when it comes to things like PGP, and from being an ISO (Information Security Officer) down to my profession (Unix/Linux Sysadmin) all the way down to the classes being talked about here, the biggest thing here is that it is basically in your profession to be paranoid. You don't know what is attacking you or trying to get to the sensitive data you have, so you must protect yourself against every sort of attack.

    The key here, and why I am wanting so bad to be out of this profession, is to not let that paranoia run your life. Case in point (and I hate to bring it up in this thread): some gun advocates who believe that everyone is out to get them, so they carry their arms with them at all times. That isn't to say that they are right or wrong, but you can't spend your life living in fear of "what if", otherwise, that fear will rule and be your life.

    I just don't want to live like that anymore; it gets to be very lonely and hermit-like.

    I believe someone already made mention of it before: if the encrypted message is to be emailed, the headers for the email message are still in clear text format, unless sent or received over a secure protocol like POP3S, SMTPS, or IMAPS (POP3 over SSL, SMTP over SSL/TLS or IMAP over SSL). If not, the message will be sent in clear text, while the PGP-encrypted data will be contained in the body of the message. But it's the headers (read: metadata) that the NSA or those who intercept the message would have.

    So if you really want security, encrypt the message (the body), send it over a secure protocol (anything over SSL or secure VPN), and don't leave the message lying in state on the receiving server (once it's there, it's open and available to be decrypted).

    O'Reilly and Associates put out a book roughly 20 years ago about PGP; they recently updated it with PGP and GPG. That book will be exactly what you are looking for with your research.

    BL.
     
  12. MorphingDragon macrumors 603

    MorphingDragon

    Joined:
    Mar 27, 2009
    Location:
    The World Inbetween
    #12
    Hence security researches wanting to change the general paradigm of cyber security.

    Changing the status quo however is easier said than done.
     

Share This Page