Slashdot Mirror
Is Encryption Really Secure?
taustin continues: "I made a disturbing connection the other day between PGP (or any encryption program) and the many security vulnerabilities that keep cropping up in web browsers and mail clients. It seems we don't go a week without some new way for a 'hostile web site' or 'malicious email' to read files from our hard drives. These are usually downplayed, because, in general, they can only read, not write to or delete, files, and because one needs to know the exact file name and path to exploit them. How easy is it to guess at the path and file name of a file that could be damaging for someone to just read?
Encryption relies on keys, which are kept in keyrings, which are computer files; and those keyring files have a default install location; and while that default location can be changed, the program still keeps track of where it is. In the case of PGP, this is a file called PGPprefs.txt, and that has a default location that (as far as I know) cannot be changed. And if it can be changed, the location of the preferences file has to be stored somewhere.
So it looks to me like it wouldn't be all that tough for someone who knows how to exploit one or more of these vulnerabilities to just grab someone's entire private keyring if they don't have all the patches installed.
What's really disturbing is to compare all this to current 'sneak-and-peek' search warrant practices - where police agents can break into your home or business to conduct a search without having to tell you, before or after, that they've done so. It is not entirely clear if such searches are illegal now, but they would be sanctioned by bills like HR. 2987, the Methamphetamine Anti-Proliferation Act of 1999. With the ability to remotely steal a private key, without even having to enter you home, and legal sanction to do so, there are frightening possibilities.
Having the keyring, of course, is not quite all there is to it. Keyrings are protected by passphrases, as well. But passphrases are not as secure as encryption keys themselves are - they are chosen by the user, and most will fall to dictionary attacks very quickly.
So what are good practices to adopt when using encryption software? Should one keep the keyring on a floppy disk, and never have it in the computer when it's connected? Should PGP (and other encryption programs) be changed so that the user has to manually identify where the keyring is whenever the program starts? Is it possible to make the program as safe in Real Life as the alogrithm is mathematically?"
Then depends heavily on who you are and what your habits are. I agree that I frequently hear about ways for web sites and email to read other people's files, but these almost always rely on the user running extremely poor-quality software. I suspect that the intersection between users of PGP and users of "holeware" (e.g. MS Outlook, MS IE) is actually pretty low. Once you get away from the Microsoft stuff, most people's computers (even Mac users) are pretty resistant to attack.
Too optimisticly put. The encrypted files can be at most as secure as the key;the key is no more secure than the least secure of the system which stores it and the system which it is loaded into for use. That's the best case; errors in the crypto software can degrade security further, but the important point is that God's Own Encryption Algorithm can't improve on the security of the key itself.
Back doors, social engineering, floods, DOS...there are so many more obvious and exploitable ways to break systems...its a waste of time and effort to go for the encryption routine as the target
You can have the strongest crypto in the world, but if your staff writes the passwords on post-it notes stuck to the monitor, you are wide open. Ironically, requiring more frequent password changes, only encourages writing down of passwords even more.
I'm implementing exactly this as part of my work (I'm employed by www.convergence.de). We've demonstrated signing with all the hard crypto happening on the iButton, and now we're completing the integration with GPG; I've met with Werner Koch about the best way to do this. The tamper resistance on the iButton is excellent, and the programming is easier than other such solutions. I'd write more but my wrists hurt; however, please feel free to mail me iwth any questions.
--
Xenu loves you!
It is ironic that the asker of the question quotes 'Secrets and Lies' but fails to understand the point of the book. S&L's point is that there is no such thing as perfect security. Solely focussing on prevention is misguided because hackers will break in. Secrets will be revealed. Encryption will be compromised (especially through side-channel attacks such as this one).
Schneier's point is that building walls is not enough. The computer security model will follow the same model that all other security has historically followed. You will buy insurance. You will get discounts on your insurance by putting into place firewalls, PKI, intrusion detection, etc..
Ultimately, insurance, not security, will give peace of mind.
What's your PGP key?
Don't use 'em. I never knew a real-life computer crime cop or investigator who paid any attention to deciphering encryption. I regard this as a 99% theoretical form of "security." Using big number-crunching high-tech to protect the brief transmission of Internet email gives people a false sense of security. If you get in trouble, it won't be because you were tapped and cracked by the NSA. It'll be because somebody you trusted ratted on you (or because you bragged). Trust me on this. If you're really worried about your privacy, stop using credit cards and shred your trash.
__
__
Men with no respect for life must never be allowed to control the ultimate instruments of death.
GW Bu
Your secret key is as readable as any other bit of in-memory stuff. Which means: very, to root; not very, to most anyone else. But then, if they're root, they can just swap out the PGP binary for a weakened one.
Just snaffling the key file won't help Black Hat, though. It's ususally encrypted with a symmetric cypher before it's ever stored. That's what the key passphrase is for.
--
The OpenSSH people use 3DES as the default cipher and include Blowfish as a faster but less secure alternative. I don't know what you mean by 'Blowfish128' - is that the same as plain Blowfish?
Even if Blowfish is designed to be more secure than triple-DES, that doesn't mean it is more trustworthy. It's newer and hasn't had the same amount of hammering on it over the years as 3DES has had. Triple-DES with three different 56-bit keys is generally considered a good symmetric cipher; its disadvantage is slowness.
-- Ed Avis ed@membled.com
The point is not 'if it is encrypted, it will be secure'. That has never been true.
Rather, what you should remember is that 'if it is not encrypted, it is not secure'.
Personally, I think it is more important to get encryption in there - even with *bad* practices - than to worry about getting the last 1% of security from already-encrypted apps. For example, going from telnet to ssh with password-sending (your password is encrypted in transit) is a huge leap in security. Going from ssh password-sending to public-key authentication is only a small extra step, if anything. Choosing a long passphrase, or going from Blowfish to 3DES, are pretty unimportant for most people. Few crackers are going to see encrypted bits going over the wire and attempt to crack that - even if the passphrase might only be quite short. More important to focus on replacing the existing highly insecure protocols such as NFS.
-- Ed Avis ed@membled.com
1) For just storing keys... So what?
2) It may not be portable, but the keys themselves are (Simple text files with excrypted data) - if you need it on another OS, just copy it over there.
3) will only be used to store the keys, not a lot of performance concerns there.
That is always been the trade off. I know people who ask why do I have to put a password
everytime I come to work why does it matter? Well it will depend on the job. I seen companies
where someone just walked into the back office the safe was open and left with a few grand.
Why did this happen to the company did not inconvience itself with any security measures.
The more security you have the more inconveinent it is to do things. All you have to do is
measure your how inconvience you are willing to give up vs how much security you want.
It fizzled for 2 reasons (I think):
Be careful what you ask for. You might get it.
Actually, the iButton is _designed_ to do the encryption. You authenticate to the iButton with a simple password, select the app you want to run, then pass it data. Depending on the app, it can encrypt the data and pass the encyrpted (or signed) data back.
If you're really paranoid, you want to transfer plain ascii (or something else you trust not to have the ability to 'hack' your viewer on your Palm) to your Visor (with the iButton plugin on the back), view it and make sure the data your iButton is encrypting is the data you told your PC to encrypt...
Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
Sorry but security based on 'things you know' is fundamentally an oximoron.
:-)
At best it causes irksome delay in getting at your info but it really doesn't stop anyone who wants in from getting in. Like the Beatles sang about on the very first "telstar" broadcast: "There's nothing you know that can't be known"
Security based on biometric characteristics of a large sample of sound of you saying a phrase containing certain words or a live camera image is the only way to go.
And that's going to require 64 bit hardware everywhere (M$ ain't playing there either.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
The IButton looks cool, although I'm not 100% clear how it works -- is it just a chip that I can dump my keys to? Or does it need some kind of "dock"? (to be fair, I only scanned the link).
At the same time, it doesn't change the basic premise of this story -- that is, your encryption is only as secure as your keys. If I snag the keychain with your IButton, then that key will eventually be compromised. At the very least, it denies you access to the systems that require your IButton.
Jay (=
I realize that the subject line above may strike some people as heresy. Nonetheless is absolutely true. Security, particularly with respect to computers, is not about privacy it is about risk management. What you're interested in having happen is for your communications to occur in precisely the way you are interested in having them occur. This means that you are interested in managing who has access to the computer, network or data. You wish to minimize the possibility of unauthorized access while maximizing the ability to engage in communication. To do this properly you must first accurately assess the value of the communication which you would protect from unauthorized access.
For example, if you are working in the financial industry your data is probably very valuable indeed. Whereas, if you are working in a car wash your data is probably much less valuable. Even so, for most users of cryptography technology today, the concern seems not to be with risk management but with privacy. What seems to be lost is an understanding that privacy issues are relative. Indeed, privacy is really about access to information and falls under the same milieu of risk management as any other business endeavor.
Cryptography is only one piece of the puzzle. In a bank, for example, there will be air walls, intrusion detection teams, and other measures in place to keep unauthorized access to an absolute minimum. These measures, with the cost of course. Therefore, they will only be taken when their cost is justified by the level of risk of loss of control of the data.
Certainly, for the average user, there are things that they can do to minimize risk which cannot cost much money. They can, for example, utilize onetime pass codes, keep their key ring in a hardware device that is not always connected to the computer, perform routine system integrity checks, etc.
of course, all of these can be breached by a determined hacker/cracker. That is not the point. Perfect securities does not exist within network devices. However, perfect risk management does. And therefore, as security is really about risk management, perfect security does exist and is achievable as long as you do away with the notion that security is about limiting access and rather accept that security is about managing risk.
This seems to have spun off a whole line of 'be careful of dictionary attacks' comments; I think people are failing to realize the difficulty of a dictionary attack on a long string. Dictionary attacks are powerful on pass'words' (or concatenations of words) because you save a huge amount over brute force.
... possibilities. I think in actuality there's a few orders of magnitude more involved, and even if there isn't, just adding in the considerations that capitalization and punctuation add increases the complexity dramatically.
There are, however, many more than 26 words...
Thus, an eight word pass*phrase* is -vastly- more difficult to dictionary-attack than an eight character pass-word-. If this isn't powerful enough for you, add more words... gpg and pgp allow some silly length of passphrase.
But supposing there are 10000 words in the english language (and that your passphrase is in english, but why should it be? Even we under-cultured americans take some token foreign language class and can cobble together a sentance or three in another language...), well, then, an eight word passphrase has 10000^8 = (10^4)^8 = 10^48
(ie, "this is my secret passphrase dont you know" is different from "This is my secret passphrase, don't you know." is different from "THIS IS MY SECRET PASS... " eh, you get the idea.)
In short, passphrases are not vulnerable to dictionary attacks if your passphrase is a reasonable length. (Or rather, the removal of a few orders of magnitude from the problem will not make it crackable on todays hardware, and when
it -does- make a difference, brute force will be only a few years behind, the same way that 8 character passwords are brute-forceable today and were only dictionary attackable a few years back...)
Though, it would be advisable to avoid using famous lines and quotes, since the first passphrase dictionary attack attempt would almost certainly include the 'to be or not to be' speech with various truncations, the first line and chorus line from every top forty song in the last fifty years, etc.
Also, remember, most dictionary based cracking tools try substituting zero for 'O', four for 'A', etc, to match 31337 'spelling' styles, and trying all the case combinations... so those obfuscations don't really help.
It -does- help to try something like, taking the first letter of every word in a sentence, like,
'I'm going to obfuscate my password' -> 'igtomp', which you can that capitalize or obfuscate at leisure (though -nothing- will make a six-character password secure, so use a longer sentence!); this gives the benefits of passphrases (memorizability) even for passwords that have to fit in some small space (like 32 characters or whatever, where a password spelled out might be short enough to still be dictionary vulnerable because it's only 5 words instead of 8 to 10... )
Anyway, that's my thoughts for to-day.
Parity Odd
--Parity
--Parity
'Card carrying' member of the EFF.
I thought the keyring itself is encrypted using conventional (non public key) encryption which is keyed by your passphrase.
Sure, someone getting hold of my keyring compromises the security of any encrypted transmissions I send, but only somewhat, as it is not terribly useful without my passphrase (which will never ever ever fall to a dictionary attack).
-josh
Most of your "non-obvious" security falls to shit if you use disk indexing which most WinNT users do use. You can write an email worm that scans your various indexes for PGP or similar strings and still find your fucking keys. All sorts of recursion are only going to confuse human infiltrators to your system, they're going to do very little to counter a well written worm.
I'm a loner Dottie, a Rebel.
This is funny because in crypto books the subject of protecting private keys (which are really insecure when you think about it) is always really briefly browsed over by the authors. This isn't because they haven't thought of it or anything, it is just the REALLY insecure part of asymetric encryption. You can pick the longest keylength in the history of computing but if your private end of the key is compromised you're fucked. It is safest to assume no means of electronic information storage or transfer is secure. Thus never trust it. Never store private keys opn your hard drive (or anything that is readily available) because it is not really too difficult to write an email worm that finds your private key and emails it off to some address. The best means of a private key would be biometric but even then it can be faked, with enough resources it could be faked rather easily. Keep your private key physically on your person and never assume anything you want secure will always remain secure. Like most things computer security is a matter of dilligence, not the amount of technology you're using.
I'm a loner Dottie, a Rebel.
"In other words, your encrypted files may only be as secure as the computer and network on which the key resides."
Duh.
I am very small, utmostly microscopic.
Right title, but short on depth of answer.A potential solution lies with the OS. Part of the problem with the desktop OS environment right now is everything is working in a trusted environment. Hold on to your flame throwers, I know that the unix like OSes have greater security in this area than the windows boxes, but the truth is, it is still possible to crack a unix box from an internet based attack. That is a design flaw.Conceptually, there should be three levels of operation within a system. There is the core level where system level authority exists. There is a limited trust level where access is determined by user rights, task, and data accessed, and the third level should be a sandbox which has no rights to anything outside the sandbox. From this vantage point, a browser should be functioning in the sandbox. E-mail itself is part of the sandbox in that it is not trusted and should not have rights to access your address book, etc. Yes, this type of solution slows things down and requires the users taking a more active part in decided what an app can do, ie, a warning should come up when the browser attempts to modify c:\command.com (a very easy task for a browser when using netscape).Yes, this is an over simplification, but the point is the OSes have in the past sacrificed security for speed and ease of use. Maybe it is time to start cutting into the speed side of things to get a bit more security.
In a place beyond time and space, in a land far better than this, look for me there...
In other words, your encrypted files may only be as secure as the computer and network on which the key resides.
Well... duh.
My thoughts exactly. I mean.. c'mon. :\
BilldaCat
> and never have it in the computer when it's
> connected?
That's what I was thinking of doing...but then I've got to disconnect to sign emails.
Other possibilities:
> Only criminals would worry about security,
> because the rest of us have nothing to hide
> from the world.
But we do have to protect against the people who would take advantage of us...what about the recent articles on incorrectly configured 802 leaving networks wide open? Do you really think the competition won't just hang out across the street at Starbucks and check out how the competing product works and plans for new features?
Seriously.. how? This is common knowledge.
Security is not a product, it's a procedure.
That doens't mean you shouldn't use pgp.
Will pgp prevent my officemate hacker boy from reading my email? not if he really wants to.. he'll figure out how to spy on me and get my key.
Will it keep some guy who roots my mail server from getting at the secure email stored there? Sure it will.. he's out of luck.
Another good assumption is that the intelligence services prefer breaking fingers to keys. Why waste a billion dollars in computing power when you can simply crack the guys fingers unless they give you the key?
A third one is that they aren't usually that interested in your pr0n collection.
(Yes, it're stolen from applied crypto. But it's good advice.)
-henrik
Ok, the IButton is separate from the USB keychain thing, but they work together, you just have to purchase them separately. The USB thing is called the "2 in 1 Fob", and you can buy it in their store for $31. Your IButton attaches to it.
Need Free Juniper/NetScreen Support? JuniperForum
Ibutton is a small device which fits on your keychain and can plug into the USB port on your computer. You can use it to store your private key, along with the public keys of others. It can also be used as a key to your computer, both through the usb port, or through a little thing you tap it against that you attach to your monitor. It's also good for door authentication, several lock companies make locks that work with these for around $80 each. The Ibutton itself costs between $10 and $25 depending on which model you get. It can do other things too, and it's not a foolproof way to prevent someone from getting at your key, but, it's a good preventative measure, and it's sure to make it harder for an attacker.
Need Free Juniper/NetScreen Support? JuniperForum
Ask Slashdot poses a question - a yes or no question, at that. I answered it, and somehow this is offtopic?
Methinks moderators need to take a step back and look at the whole situation before making hasty decisions. That, or jump off a cliff and die. *hug*
Cheers,
levine
Does anyone know of a good program out there to "break" (or brute-force) a pgp phasephrase?
Many years ago when I was in college I pgp'ed some files. Like a good boy, I didn't write down the passphrase, I memorized it. Needless to say, some years later I can no longer get in to them.
I mostly "know" my passphrase, but not enough to brute it. If there was something out there like l0pht that would allow me to config which characters to use in the brute force and which ones not to use, it would be very useful.
Quack
7) Keep repeating to yourself "There's no such thing as too paranoid" and "My secrets are every bit as interesting I believe them to be".
Otherwise, all that other stuff will start to feel like a big waste of time.
And remember that your "smart media" is only as smart as the device you stick it in. Even if it can't read your key, it can log your communications.
--
Bush's assertion: there ought to be limits to freedom
Well this sounds like a job for a smartcard, but it doesn't look like [Open]PGP goes that way right now.
-- Colin
Well, yes. I read it again after submitting it and was not pleased. Anyway...
Regarding the third level, this should be "as many sandboxes as necessary". Isolation is useful there. Perhaps we have to go the full bytecode way, or some kind of virtual machine designed for isolation (plex86?), or maybe FreeBSD's jail could do the job if beefed up a bit.
In a more general view capabilities may be an interesting way to make it difficult for some software to acquire more rights than necessary; these allow for real fine granularity on, well, anything. Works better with really componentized kernels, though.
-- Colin
Actually, their "cryptographic" model is supposed to do just that. The button is a small CPU with JavaCard 2.0, some RAM and a "1024-bit math accelerator".
It is tamper resistant; tamper evident and has features like rapid zeroization and self-destruct (fuses the connect with excess voltage).
Very cool.
http://www.ibutton.com/ibuttons/java.html
--
Charles E. Hill
Learning HOW to think is more important than learning WHAT to think.
PGP only goes so far. If you only use encryption for sensitive material, you flag it as such.
To solve for this, I'm writing a specification for transparent encryption of email using standard MUAs. Please feel free to check out the PPS homepage, which will be moving to SourceForge sometime RSN (basically, I'm just waiting to get over the learning curve at my new company). The nice things about PSS are that it does not require that a user know their email is being encrypted and that it does not require a specific encryption back-end (it's design assumes something PGP-like, but you could easily adapt any public-key system).
Let me know what you think, and send me email if you have any questions at all. Thanks!
no. simply because if the biometric data is compromised you cant revoke it. suppose someone gets your retinal data then you no longer have th ability to encrypt ANY data using that type of device FOREVER.
huh ? youre going to give your correspondents physical copies of your private keys ? and how are you going to "burn another gadget" when your biometric information is compromised ? what are you going to do...change your retinas ?
bub..private keys are PRIVATE. your correspondents need to have your PUBLIC keys..youre the only one supposed to have your PRIVATE keys.
You don't need to go overboard. IIRC the passphrase is ultimately reduced to an encryption key for the same block cipher you use for the messages.
You need phrases long enough to give you enough bits to cover the key space, but anything over that is unnecessary. Maybe 25-30 characters. That's long enough to make a dictionary attack on your passphrase about as costly as a brute force attack on the block cipher.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
Thank you for posting the only comment in recent history to even remotely deserve the "Funny" moderation.
--
Encryption is only part of a security solution; it's not a solution by itself. Anyone who expects their communications to be secure just because they use PGP is living in a dreamworld.
In the real world, when very serious people (embassies, intelligence officers, etc.) want to communicate securely, one of the first things they do is a threat analysis. What sort of attacks am I expecting? What sort of attacks am I certain I won't be hit with? Then, the hardest to assess, what sort of attacks am I unaware of?
Once you have this sort of threat assessment, you tailor your security practice to it. Do you really have a well-founded concern that someone's going to use a browser vulnerability to steal your keyring? Okay, then, the answer is simple: don't keep your keyring on the same machine as the web browser. Are you concerned about people Van Ecking your monitor and grabbing your passphrase? Then buy TEMPEST-shielded equipment.
There is no, nor has there ever been, a one-size-fits-all answer in the security arena. We have a great many tools, each of which is meant to protect against one specific type of attacks--or for the really good tools, one specific category of attacks. You mix-and-match these tools to create your own security solution, tailored to your needs.
It's a common affliction of the truly paranoid and the cryptologically naieve to want to be shielded against every method of getting passphrases. I hate to break the news to you guys, but you're nuts. A black-bag job can recover your secret keyring, and give my friend Guido five minutes to talk to your kneecaps and the rest of you will be singing your passphrase to the tune of the Hallelujah Chorus if that's what Guido wants.
On the other hand, most of us don't need to worry about black-bag jobs and Guido.
Assess your threats, people, and make your decisions accordingly.
Remember, all biometrics do is read your fingerprint, retina, whatever, and boil that down into a string of digital 1s and 0s. A number, in other words. That's all. This number is then used to unlock other things, like keys and whatnot. In the end, it's still just "one more number". Except it isn't just a number you know, it's a number that's got its representation tattooed on your body.
Imagine the havoc a trojan fingerprint scanner could cause. Suddenly, a cracker would have thousands of fingerprints. Now Charlie Cracker tries to access a porn site, using the credit-card number of one of these people. The site asks him to "Please press your thumb into the reader for authentication." Instead of pressing his thumb into the reader, though, Charlie Cracker just sends the same 1s and 0s which represent the real person's thumbprint.
Presto! Instant authentication.
Now, this is not anything different from passphrases. A keylogger can do the exact same thing for a passphrase that Charlie Cracker is doing with his biometric hardware. There is one major, significant difference, though.
You can revoke a passphrase-controlled key.
Good luck trying to revoke your thumb, man.
to erase (not just delete, but erase the plaintext after you've encrypted it.
Best Slashdot Co
One of the points made in Secrets and Lies is no, you can't make it as secure. At least, not without much effort. For your PGP data to be really secure you woould have the key in ROM, on some sort of PCMCIA type card, and locked in a safe when not in use. The message would be encrypted on a computer that's not on a network, and the encrypted message would be put on a floppy and sneaker-netted to the networked pc. Due diligence would be used in selecting the public/private pair.
The real question is, how secure do you need the data to be? Secure for a few hours to days (tactical) or secure for a few years to forever (strategic)? For tactical, PGP is Good Enough. For strategic(in text messages) a one time pad is required. Also, who is it secure from? Your annoying kid brother, or the NSA/GCHQ? That, too, determines what security you use.
Best Slashdot Co
An even better approach might be one of those USB flash-storage dongles that have been mentioned here before. They have enough space for your (PGP) keyring and, IIRC, they'll fit on your (metal hoop) keyring. Assuming they work with Linux, this would seem to be a natural application...stick your key in the USB port to enable PGP signing/decryption/etc. They should also be more reliable than 3.5" floppies, which are notorious for dropping bits.
20 January 2017: the End of an Error.
Put your ring on 3.5 and carry it with you. You should be the only one that needs do use it anyway. Make a copy of the 3.5, fold it up and put it in a Hide-A-Key and stick it under your fender. I'll be by later to hardware/software hack the info from the mangled media with my Aiwa PCP(personal cassette player); once it's kludged into my old C=64 of course.
$5K?
All you need is a faraday cage, no? I would have thought that gvmt buildings mandated those built into the walls.
For a personal computer, just wrapping the whole thing in fine chicken wire should do it, I would have thought.
Of course, as the recent drug trial shows, unless you have maintain physical access security of your systems at all times, a dedicated attacker can just install a keyboard snooper on the cable itself, making tempest unnecessary.
I've been a network security professional for about 8 years now, and one of the things that people seem to forget is that security is not some absolute thing which you can measure your stuff against and then be happy that you've met the standard. You constantly have to measure security against the context of what you're trying to protect.
So, for example, my private email communications with my friend in New Jersey are done using GPG. We both have 1024 bit keys. Do I store my private key on some non-interceptible media? Do I have my computer room tempest shielded? No, of course not. But why should I. The risk of my emails being wanted by anyone other than my friend is not very high. My only reason for encrypting our communication is to make it difficult for casual snoops. And given me and my friend's relative importance in the world, those are the only people who will try to eavesdrop on our communication. I'm sure that professional snoops would easily be able to get our communication without our even knowing it. But I'm also pretty sure that there are no professional snoops running around even trying to read our email.
My conclusion: GPG is good enough, becuase the relative risk is very low. Is the exact same set up good enough for communication between the President and the National Security Advisor when talking about issues of national security? Probably not. (Ignore for the moment that the Pres has sworn off email.)
My point: you can't answer the question of "is PGP (or GPG) secure enough?". The answer depends on what you're trying to protect.
Key to financial independence: Spend less than you earn. Save and invest the difference. Do it for a long time.
Encryption is secure, people aren't.
Like the poster states, the biggest problem with the encryption tools is how well we use them. The safety of today's encryption standards are very good. For the average user, and even most users with high security needs, today's encryption tools provide enough safety to make any attempts at decryption just not worthwhile.
But, the only way to make it work is to make the encryption just one part of a total privacy methodology. It has to become a habit and not an afterthought. Because if it's not a central part of you practice, mistakes will be made, and data will be compromised.
Don't rely on defaults. Know where your data is. Know what's encrypted and what isn't. Know who has access to your information. Yes, it's difficult, but it's necessary. We are in the middle of entering a stage of humanity when the free flowing of information will be both a blessing and a curse. The information we need to survive will be easier to find, but at the same time, the information we need to keep from others will be harder to secure. Rather than thinking of security and encryption as just a "Spy thing" we have to think of it as a normal part of our everyday lives, much like shopping online has become a regular thing, when it was just a novelty a few years ago.
It will be hard, and not everyone will care, but eventually we'll get there.
--
+1 Insightful, -1 Troll. What can I say, I'm an Insightful Troll.
And at least for the computer, we all know that the average PC isn't very secure at all. While we all love to knock Windows, Linux has also had its share of recent reports where unauthorized code manages to run with sufficient permissions to do a large amount of damage.
My favorite attack continues to be a small hunk of code that manages to hijack low-level input in a transparent fashion (that is, it passes a copy of the input on, or is listening in parallel, so nothing appears to be "broken"). Monitor the input, keystrokes for example, looking for text that matches whatever you're looking for. Scan likely places on the hard disk. When you find something promising, report it. Try to propogate yourself in non-intrusive ways -- sending lots of e-mail may be quick, but it's obvious -- not good if you're trying to stay undetected.
What I worry about these days is that it has gotten very difficult to know just what software is actually running on the box, regardless of the OS.
A block of Semtex, a remote-controlled explosive charge, a retinal scanner, a dead-man switch wired to your medulla oblongata, TEMPEST shielding, and some decent anti-tampering devices ought to do the trick.
Or did you mean things like making sure the key is only used on YOUR private system and to keep the private key ring on a floppy that's with you at all times?
Only the dead have seen the end of war.
I think there are many points of encryption. Some people would only like to protect their data from prying eyes. Like a brother, sister or parent. Some people use it to hide an affair with a co-worker from the network admin. Some people are criminals hiding data from law enforcement. Some people are spies hiding data from the government. All of these people can use PGP, but for a different purpose. Each of these people are guarding against different potential attacks. "Secrets and Lies" has a chapter on attack trees. These reveal the potential weaknesses in your security process. In each of the example cases above the attack tree is similiar, if not identical. The next analysis would be what risk you are willing to live with and what you would not. If you are hiding your pr0n on your computer, and you parents are not computer savvy, you don't have much threat to worry about. But if you are a spy, you need to worry about the weakness in your attack tree. Because the people who would threaten you would have the ability to exploit these weaknesses. My point is, encryption has many points, and many uses. PGP is used for many of them. But the flaws of the security product are actually flaws of your security process. The best algorithms in the world do not protect you if you're using windows 95 in your office. It pays to attack your own security process and know your weakness. List them, and protect against the ones you are not willing to live with.
Jason
This is exactly why the goverment doesn't care if you use some extremely tough encryption. Of course it makes it more difficult to do mass scans, like carnivore. But not any more difficult for spying on an individual. Bruce says it best, "security is a process, not a product". Sure, you can use your 4096 bit keys in your PGP application. And it would take millions of years to brute force them. But is brute force the best way to attack the PGP process? No way. And this is what the government knows. If I am the government, and I want access to your PGP encrypted data, all I have to do is break into your house while you're at work, copy your private key to a disk, and install some key logger to record your passphrase. It's quite simple really. No need for any brute force. The crack would take minutes, not millions of years. Attack the process, not the product, and most seemingly secure products will fail. Not because the products are bad, but because the process of using the products are bad.
Jason
25 to 30 random printable characters will contain about 256 bits of entropy, about the same as 2 limericks. Ordinary English text is reckoned to contain about 1 bit per letter in theory (an attack by some sophisticated AI which understands English perfectly), but I guess about 2 bits per letter against state-of-the art passphrase crackers.
The following passphrases have about the same theoretical entropy. I don't know about you, but I would find the second much easier to recall, and in practice it should be considerably stronger.
f8Ikz\o%0F
Should tepid raths odiferously rush
Spring thy lemon henchdog from a busch
Avoid obscenities, because every script kiddie knows that they are used MUCH more frequently than most words. Some years ago dirty passwords were recommended by the US government on the grounds that they are not found in dictionaries, and users would be ashamed to write them down. Both these considerations are demonstrably false.
Ask me if I've been required to disclose any crypto keys.
that is precisely way pgp and gpg use a symmetric cipher to encrypt your secret key. secret keys are too long to remember, so they have to be stored electronically and encrypted with a shorter key that can be remembered.
for those thinking "what if they break the symmetric cypher used to encrypt the asymmetric secret key?": you'd be screwed anyway. when you use gpg or pgp, it generates a random symmetric key to encrypt the message with, then uses rsa or el gamal and the public key to encrypt the symmetric key.
To avoid someone compromising my keyring, I keep my passwords encrypted on my Handspring Visor with GNU Keyring.
Perhaps the next step would be to keep my PGP key encrypted on my Visor, and anytime that I need to use it, pull a sync from the pda which requires a passphrase to access it
Better than a damn floppy which always crash and burn when I put them in my pocket.
- passion
... steganography! Hide the key as noise in a random pic or MP3 on your hard-drive. When you need to decrypt something, you select a file at the same time as entering a pass phrase. There is no way anyone with even physical access to the machine and an army of Crays will be able to obtain your private key if the passphrase is also used as a key in the steganographic phase... is there?
Phillip.
Property for sale in Nice, France
It should be pretty straight forward to extract the PGP passphrase from an individual with creative use of needle nose pliars. Don't think encryption will keep your secrets safe if someone REALLY wants to know them.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
In other words, your encrypted files may only be as secure as the computer and network on which the key resides.
Well... duh.
Encryption relies on keys, which are kept in keyrings, which are computer files; and those keyring files have a default install location; and while that default location can be changed, the program still keeps track of where it is. In the case of PGP, this is a file called PGPprefs.txt, and that has a default location that (as far as I know) cannot be changed. And if it can be changed, the location of the preferences file has to be stored somewhere.
*cough* sourcecode *cough*
OK - maybe some people do keep their prOn etc. encrypted.
However, some people (like myself) use it for work purposes - yeah, I'm self-employed, and have some business stuff that I don't want to send out in simple plaintext (because of IP, etc.) so I use crypto for it.
Maybe I'm paranoid, I don't know - but I'd rather at least TRY for some security on my business ideas, so that competition etc. have to work to know what I'm thinking of doing...
Just my 2p worth.
I say we take off and nuke it from orbit. It's the only way to be sure...
--
This space left intentionally blank.
Also, has anyone else heard about GIF-based encryption systems? Two approaches I have heard include (1) the GIF provides the key for a standard encryption system or (2) the GIF is the key to a masking technique (the message is embedded in the GIF by using a +1/+0 shift in the color bits for the pixels to hide the message in the GIF (sort of an electronic form of invisible ink). This latter was featured on a recent television program as a common technique for use in high schools. For more on this, visit steganography
Disclaimer: the company I work for develops biometric devices and algorithms
As someone who's studied the issues obsessively, you cannot be compelled to provide evidence against yourself according to the 5th Amendment, with 2 minor exceptions. You can be compelled to submit to fingerprinting and DNA tests. This is because these are not considered evidence against yourself as much as they are considered generally identifying characteristics, like your physical appearance. Just as you cannot show up to Court or a police lineup wearing a black hood to avoid being identified, you cannot fail to give a fingerprint or DNA sample. This makes sense if you think about it, because the fingerprint or DNA sample is in and of itself not evidence either way, it's just like an "identifying mark."
Can you be compelled to produce physical evidence against yourself, like the key to a lock? Of course not, if you are the defendant and you haven't been dumb enough to tell your lawyer about it. Your attorney has an ethical obligation to the Court, and may have to turn something like that over. You as a defendant do not. The confusion arises because parties to a case other than the defendant or his spouse can be compelled to produce physical evidence. But not a defendant or his spouse.
This doesn't mean that the police can't lie to you and manipulate you to try to extract evidence from you. They can and do all the time. For example, I was once told by the coppers "cooperate [i.e., turn over the stuff we're looking for] and we'll let you go with no bail. Don't cooperate and we'll talk to the judge and make sure you don't go home tonight." So, unsurprisingly, I got a $10,000 bail, since I didn't "cooperate" with the bacon. No wonder I hate pork.
"The more corrupt the state, the more numerous the laws."--Tacitus, *The Annals*
That doesn't make me a bad person. It makes me a person who doesn't adhere to bad laws. As an example, I possess and distribute circumvention devices as defined by the DMCA. That makes me a criminal. Am I likely to get busted for it? A while back I would have said "Of course not." These days, I cover my ass just in case. Likewise, I've participated in discussions that are routinely monitored by the federal piggies, and I distrust them enough to believe that they'd take innocent political discussions to be "threats" against them. For example, the author of a treatise called *Assassination Politics* has been hounded by the IRS, FBI, and ATF for years now, and is currently on trial for "stalking" agents by posting publically available information about them, like names and addresses, and going across the street from their houses to record license plate numbers. Since when is posting public record information, or walking across the street from a house once or twice, stalking? I certainly don't agree with all his political views, but I do not believe someone should be harassed by the authorities for exercising his free speech rights in a political treatise, and then arrested for compiling and posting information about the agents who've been harassing him. If you've followed the Jim Bell case, you know that today he went a little nuts in Court and admitted tampering with mail--even though he isn't charged yet with it--but I'd expect that most people would have a mental breakdown after years of official abuse and harassment.
So, yes, I cover my ass with encrytion as thick as any. I do so because I don't want any of my own free speech to be held against me one day by a government which has proven itself crufty and bloated and untrustworthy. I do so because I help to violate copyrights which are artificially extended far beyond their useful lifetimes and which now interfere with the right of fair use. And between PGP 2.6.3ckt, Scramdisk, Scorch, a batch process for overwriting and restoring settings on startup and shutdown, a ramdisk for swap, two firewalls, enough open land around me to make even TEMPEST unviable, and a physical access control to my computer room, I have one of the most secure systems you could imagine. I not only feel secure, I am secure, from any sort of government aggression or abuse of my rights. Is it overkill? Yes, it is. But better safe than sorry. If every hacker took the precautions I do, the government would be hard pressed to prove a case at all.
"The more corrupt the state, the more numerous the laws."--Tacitus, *The Annals*
I store my passwords in a complex neural network that only I have access to.. my mind.
Encryption: I may not agree with what you say, but I will defend your right to encrypt it...
If you're really worried about the police (or the NSA etc), you need more than encryption to keep your secrets secure. But for most of us, we can get Pretty Good Privacy(TM) from PGP with our keyring on a floppy disk. Just remove the floppy when you're not using it. There is still the issue of temporary copies of your private key floating around on your PC in memory or temp files, but I won't worry about that until I hear that someone has released an exploit that goes to that level of effort. Most haskers/crackers/script kiddies wouldn't be bothered, I suspect. The real answer is consider the "threat" and act accordingly. If you're worried only about script kiddies, you don't need as robust security measures as you do with organizations with lots of resources, such as law enforcement or intelligence agencies.
Fizz
I know someone who had a shrink that kept calling the police, telling them that her patients (one per call, not in a group) were about to comit suicide. She got into big trouble about it eventually.
Having known a few people doing psychology degrees, I've come to believe that they enter the field in an attempt to understand their own psychosies
Rich
I've found that a PDA works well for storing my private key. I never let it out of my sight and and I only copy it to my workstation when I need it. When I'm done, I delete it (and I usually zero the sectors).
You shouldn't have to use tricks at all if your passphrase is actually a phrase. If a dictionary has 30,000 words in it (I don't know how many crack has, but this sounds modest to me), then a four word phrase, with no trickery, has 30,000^4 possible combinations -- that's 8.1E17. If you assume a computer could go through a billion combinations a second (I think that would require a substantial amount of computing power) that would still require 3.17 years to get through the entire list. And that's if the attacker knows that you're using a four word phrase. If you start with one word phrases and work up, that's 30,000x30,000^2x30,000^3x30,000^4 and so on for longer phrases. And any puctuation makes the situation even worse for the attacker. If you use a stock phrase, like a movie or book title, then you would be more open to attack, but most people should be able to come up with an original and easy to remember phrase on their own. Am I wrong?
Got a lock on your bathroom door? What you doing in there, drugs? Jerking off to kiddie porn? Why else would you have a lock on your bathroom door?
I guess I shouldn't bother encrypting all these credit card numbers on the server.... someone will think it's illegal material and bring down the feds on my ass. Better to leave em where anyone can find them easily....
Oh. Good troll. you had me goin there for a while.
Ok my karma is maxed out. When do I become Enlightened?
Oh come on its the childish if your not abd you dont need encyrption analogy.
Consider for a moment you are collaborating about some hot business idea and you just dont want anyone in the world but the other person your collaborating with to see. Ok sure throw out the "Just meet them in person" responses or you shouldnt be doing that on the net anyways. But..
There are those of us who believe that it should be possible to securely talk with each other over the internet.. Without worrying about our encyrption being cracked.
Anyways,
Jeremy
Cheers,
-b
and lets not forget:
d f
http://www.i.cz/en/pdf/openPGP_attack_ENGvktr.p
(A Czech information security firm has found a security flaw in the OpenPGP key format, as used by PGP, GnuPG and other PGP implemenations. The flaw makes it possible for an attacker to forge a PGP signature if he/she can get hold of your private key, even if he/she doesn't know the pass phrase.)
Pick a sentence that means something to you, and pick a number or a few strange symbols that you can remember. Now take the first letter of each word in the sentence and string it together. Insert symbols and numbers where you like, and you have a decently sturdy password. Add longer sentences for more peace of mind.
For instance:
"Slashdot rocks my world and CmdrTaco is a god"
goes to srmwaciag (or srmwactiag if you want to include the Taco part). Add a few symbols in there, say "@$%" and you can get %srm@wa$ctia$g. I actually insert these symbols before the nouns, kinda like perl variables (slashdot being a hash, the world being an array, and god and CmdrTaco being a scalar). Kinda obfuscated, but not too hard to remember (for someone who knows the sentence). Change passes by picking different sentences.
I find that sentences can have virtually infinite combinations, and almost as easy to remember as passwords. Plus they're a little harder to guess without _really_ knowing the person who created it. Granted, it's not the best idea out there, but it's easy and fairly solid.
Before the Meth Act was passed last spring, the Secret Search Warrant provisions were removed in the House Judiciary Committee. Credit to ultraconservative Bob Barr (R GA) and ultraliberal Tammy Baldwin (D WI). Similar language died with last year's Bankruptcy Bill, and was not included in this year's version. As far as I can tell, no similar legislation has been intriduced in the current Congress.
Ben Masel: 51,282 votes for US Senate in the Wisconsin Democratic Primary
Phil Zimmerman alluded to the ease of use issues with PGP when he left Network Associates and went to HushMail. Those issues are (IMO) most likely to result in compromise of security, because the users really must understand all of the links in the process to maintain security.
Bottom line is that you usually can achieve practical security (i.e. the resources needed to crack the ciphertext exceed the value of the plaintext to the potential cracker). But absolute security is very difficult to achieve with current technology. No news there.
They should concentrate the whole dejanews archive to a dictionary and then use it to crack passphrases.
:).
/dev/urandoms, then they might have to use the rubber hose on you, or TEMPEST attacks on your computer. TEMPEST would be preferable :).
Shouldn't be too difficult. The stuff that most people would use are extremely likely to be in the archive somewhere
Of course if you picked a passphrase from various
Cheerio,
Link.
Just shows how much they know. No true dirty GNU hippie would dream about using PGP with it's restrictive licensing. Everyone knows that the one true personal privacy program is GNU Privacy Guard, and it's the only one that GNU hippies would consider using. Furthermore, it's Free Software, so you can avoid the problems described above by hacking the source to use a different default location for your key ring that the attacker won't know. See the true power of Free Software in action! GNU forever!
There's no point in questioning authority if you aren't going to listen to the answers.
3) Keep up-to-date software. Remember the pgp 6.5.1 problem ? (I don't know if I have the right version, but it was something to do with not generating sufficient random numbers - although someone will probably correct me)
Not sure what you're refering to. "Recent" bugs in PGP include:
Hope this helps?
"Mary had a crypto key, she kept it in escrow, and everything that Mary said, the Feds were sure to know."
Hey - I'm involved with Scramdisk - I'm not going to help you ;)))
"Mary had a crypto key, she kept it in escrow, and everything that Mary said, the Feds were sure to know."
Interesting story - you may like to look at my PGP DH vs PGP RSA FAQ.
To quote the FAQ:
8.2. Get the threat in perspective!
The NSA (probably!) aren't specifically interested in you. They aren't going to break into your house to install bugs, or monitor your screen from a block away. They will however collect all of your messages sent over public networks.
PGP protects you from one form of monitoring - Echelon or other passive network sniffing. When your messages are captured by this global monitoring system, along with millions of other messages a day, the NSA can possibly decide to try and decode your message.
The most significant threat to PGP comes from user sloppiness. It is far easier to install a keylogger on your computer, install a trojan version of PGP, or bruteforce your passphrase than to break any of the cryptographic mechanisms employed by PGP.
If you are seriously worried about Intelligence Agencies actively monitoring you, then the last thing you should be worried about is them cryptographically attacking your PGP crypto implementation!
I'm currently working on a new version, and the ToDo list is here.
"Mary had a crypto key, she kept it in escrow, and everything that Mary said, the Feds were sure to know."
The best place to store your keys are in a Java Ibutton from Dallas Semiconductor, IMHO. You can get accessories/holders for it on your watch or your actual keychain (you know, the physical one which encrypts your house and your car to you)... there's even a thread on Slashdot from some time ago on it.
Don't blame me - I voted for Howard Dean. http://dean2004.blogspot.com
With all the backdoors in PGP put in by Micro$oft and the NSA what's the point anyways?
Is it possible to make the program as safe in Real Life as the alogrithm is mathematically?"
Hrmm, let's see, the algoritihim was designed by an extremely intelligent person and verified by other extremely intelligent persons whereas the average enduser is a total moron... so the answer to your question is obviously yes.
You are a fool. Look up "Contelpro" on any search engine and then tell me you have nothing to fear from this goverment
Another day closer to redwood heaven
So I suggest making a loopback encrypted filesystem, placing the key on it and only mounting it when you need the key. It would be nice though if a password dialog would pop up automaticly when the key is needed by some program (say when evolution needs it for gpg).
Monkey sense
Actually, I've been waiting for a post like this for some time, as it presents an opportunity to brainstorm solutions with other /. users.
The point is not to find a foolproof system, but talk and ingeniously devise new techniques that lower the effort vs security tradeoff. What potential (if any) do the new USB keyring drives offer? What risks?
Even though I have little need for security, it's an interesting game. (And on some days I consider it almost a duty to encrypt unimportant email, to help maintain the right to privacy).
Are there any links to web pages on easy DIY tempest shielding for those who don't know much about it? I have an idea of the difficulty involved, but not all the details (eg how big can the holes in a faraday cage be? What are some recommended materials to use?)
Anyone have any good links?
I agree with Lethyos. I finally got around to asking a question that I though would have challenged a lot of /. readers, and benefited the community as a whole, but was denied. Perhaps my Karma was two low, they don't like me, or perhaps /. wants to be the next online Jerry Springer.
BTW, good choice of music Lethyos.
Who wants Pork Chops?
One of the new features of Microsoft's next generation home OS, "Windows XP", is enhanced security.
See, we don't have anything to worry about. We'll just upgrade to windows XP!
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
Encryption only has to be save enough to secure the information as long as the information is of interest. If I have to change passwords every month, it will be difficult for someone else, to get a working one.
The problem with PGP and similar methods is, that one usally does not change the key-pair for a very long time. Thus, if somebody is able to steal the (Password-protected) keyring file, he will have lots of time to get a working private key.
Also floppys can be copied, but a chip card, which does the de/en-cryption is one of the saver ways to secure the private key, since there is no way to read the key. So one has to physically steal the card, and if you find out you have still time to let others know, that your key is no longer valid - at least as much time, as the thief needs to crack your password of the card.
This is correct I was referring only to encryption passkeys or passphrases, i.e., they cant compell you to tell them your password (so keep it in your head).
(2,3-Benzopyrrole)
No you would not. Well don't leave your encryption keys on your computer then. Perhaps a device mentioned here before would be quite the security solution. Keep your encryption key on the same keyring as your hax0r house keys. (And it will be nice to see them try and jimmy the locks of an 8MB key!)
(2,3-Benzopyrrole)
In the US at least, law enforcement cannot "force you to give up passwords to your "secure" files." IIRC, some sort of legal document called the Bill of Rights, i.e., Amendment 5, protects a citizen from self incrimination. The 5th Amendment protects us from having to give up encryption keys. This is a fact (well, now at least). Of course, IANAL, (yet)
(2,3-Benzopyrrole)
His password is "Imelda-Marcos-and-Heidi-Wall-4-eva"
---
taken! (by Davidleeroth) Thanks Bingo Foo!
I am not a psych, and I am sure I would not want to be. But in this case, a few novel ideas might be applicable.
To start from a place that is familiar: We know about paranoia, and we know about hypochondria. and so I made the leap to the idea of something that could be called paranoid hypochondria, which would be a disease where the person is constantly seeing diseases in others. This disease would be very dangerous to have in doctors and shrinks, etc., since whoever checks them?
The next step would be a form of paranoia where a person sees criminality constantly popping up in others, even when inappropriate. This would be dangerous in law enforcement, in legislators, erc.
The implications for human rights are easy enough to work out.
Check out the Vinny the Vampire comic strip
"It is a greater offense to steal men's labor, than their clothes"
Take a second look at the last line of my post, where I mention any saved files get chown'd back to the user. This could be further refined by doing a "safe copy" back into the user's directory. For example, ~/lynx-jail/textfiles/foo.txt would get copied over to ~/textfiles/foo.txt, provided that there are no dotfiles in the path (thus a malicious application couldn't create ~/lynx-jail/.rhosts) and provided that nothing gets copied overwritten by the copy (thus defeating someone attempting to create ~/lynx-jail/Mail/received). You could make this even slicker by specifying that certain files (such as those ending in .txt) may be appended automagically if they already exist. Or it could prompt the user for resolution.
And if you wanted to get really fancy, you could put all the changes under CVS, so that the files within the lynx-jail get checked in.
I've yet to look into any of the more secure operating systems, but one advantage of my system is that it'd require few-to-no changes in the kernel. This is especially desirable if it's going to take awhile before such systems are fully tested and deployed on a regular basis.
Next time, how about reading the article before going off half-cocked? As usual, the Slashdot story has a less-than-accurate summary line. However, if you read the last paragraph (i.e. where we get to the actual question after wading through the background material), it reads "So what are good practices to adopt when using encryption software?". The supplicant then goes on to ask about some particular possibilities for improving overall security (such as keeping your key on a disk). Given that security practices are often as important as security software, I don't see where the problem is.
As far as possible solutions go, one interesting possibility might be dynamically generated chroot jails for network clients. For example, every time I start up lynx, my ~/.lynxrc and ~/lynx_bookmarks would get copied to ~/lynx-jail. Lynx would then be run out of ~/lynx-jail using a dynamically generated "nobody" user account. After lynx terminates, the config files get copied back and any saved files get chown'd over to my normal user account.
Your security is as weak as your enemies and as strong as your allies. Things like "unbreakable" keylengths, though protecting against casual misuse, are rather worthless in the Real World (you know, which is where people make connections ... and stuff).
The entire en/de-cryption process has to take place in a "secure" environment... and a PC will never be remotely that. Now if the Ibutton could take data and en/de-crypt it and pass it back, that would be nice.
According to this it's probable that you know about double your initial guess of 30,000.
The simplest thing to do is run PGP on a computer with no network connection at all. A junky old MSDOS laptop is fine for this. If someone emails you an encrypted message, put it on a floppy disc, move it to your PGP-equipped computer, decrypt it, compose and encrypt an answer, and use the floppy to transfer back the encrypted answer.
"in M$ IIS so big that it gets hacked on a regular basis"
Oh stop with this MS bashing. It really gets boring after a while.
Keep your keys stored on a steganographic filesystem (StegFS), and keep them backed up on a CD stored in a fireproof safe (or any physically secure location). Only activate the security level that your keys are stored in when you plan on using them, and deactivate it otherwise. Obviously, your weakest link will be the key protecting your security level, but they would have to gain executable access to your machine to be able to leverage it.
We could write a software daemon (similar to Gnutella/freenet) that allows us to chain IP ports of nodes together in order to hide who is sending what to whom. For example, if I wanted to send an e-mail that were unencrypted to someone, but I wanted to hide what machine I were using, I could use this system to connect the mail daemon through about six machines who'd be running the system that would pass the e-mail through each one (preferrably encrypted as well). "Portster" or some other trendy name could be used :) (When you run the daemon, it allows others who are running it to connect through your machine to additional machines, ad infinum, until you've chaned enough ports together.)
Got friends?
Something doesn't smell secure around here, Johnson!
Sorry, Sir, but without hands personal hygene is very difficult.
--
A feeling of having made the same mistake before: Deja Foobar
--
A feeling of having made the same mistake before: Deja Foobar
AOL'ers so stupid they type PayPal Id's and passwords into bogus email, which forwards this on to a mailbox somewhere. (I got the spam but spotted the bogousity immediately.)
Security holes in M$ IIS so big that it gets hacked on a regular basis, because either there are so many holes or admins can't/don't keep up. So much for a quality product.
People who open email attachments (let alone use clients well known for their integrated virus vulnerability) even when this sort of scare has gone on for years.
People write passwords on Post-It notes and leave them in their drawers, or que horre on the monitor.
We have met the enemy and he is us. Never was more true.
--
A feeling of having made the same mistake before: Deja Foobar
The whole point of a passphrase is to use a phrase. That means more than one word! I compose a nonsense sentence with misspellings and other substitutions that make it virtually impossible to guess. Go with the suggestion of nonsense obscenity--mix in a variety of misspellings and obscenities into a usually inocuous phrase. Mix in numerics as any 31337 hax0r would (only don't stick to the 31337 rules) and you have something unguessable. There is no need to write it down, since it is memorable to you. If you need to, write yourself a hint that leads obliquely to the phrase. Someone will still have to spend a lot of time to recover a 50-60 character sentence to decode your keyring.
That I use is to keep my PGP keys on my SanDisk CF+ card. I keep a backup of the key on a cd-rom, and the active version is actually plugged into my handheld most of the time. I actually keep most of my documents on it, (with backups on a real system, of course) so that I always have my keyring available to me.
Besides, most people have bigger problems, like running Outlook with everyone they have ever met in the address book. I'd be willing to bet that most of the private email data is sent in unecrypted form, stored unencrypted, and contains no information of use.
It would be quite frustrating, however, for some would-be l337 hax0r type to decrypt all of a user's email, and get 6 pics of his wedding, two recipies for egg nog, and about three hundred lame jokes for every 'useful' piece of info.
-WSAn operating system should be like a light switch... simple, effective, easy to use, and designed for everyone.
Encryption is only good as the security of your computer. So, I need a key... Fine. I also need a master password, fine. I personally use a few different encryption scheme's and a long password.
My concern isn't someone breaking the encryption, it's that someone put a key logger on while I was away from my computer. Or that there is a sniffer, possibly something that my alarms aren't catching.
Wouldn't that be the absolute easiest way to catch passwords?
I do nothing special so I have no real concerns, yet, I have never felt totally safe.
Instead of a password someone needs to come up with a small device that can be plugged into a USB port. This will be your key/password. To activite it you'll need a thumb print. I think that then, and only then, you'll be secure.
Linuxrunner
www.slightlycrewed.com - Because aren't we all?
to get your passphrase and/or other passwords, prior posts spoke of the Government breaking into your home and downloading your key and then placing a keylogger to steal your passphrase. Obviously we could hide our passphrase and use other sotware.... Why hasn't someone invented a computer that needs a password to boot up. No if's, and's, but's.... And then only allows three wrong passwords, if more than three and inputed then the computer starts to wipe and format the drive. Set it up so that even if the computer is shut off, when it is rebooted it will start to reformat. So my info is killed, but if it's so important I'd rather have it that way, keep a back-up on the freenet, and re-install my software.
Just a Thought
LinuxRunner
www.slightlycrewed.com - Because aren't we all?
This is typical of security in all systems. Only secure as the weakest link, which inevitably is the human mind or habits.
---
Vollernurd.
Smokey, this is not 'Nam, this is bowling. There are rules.
In Heidi, however, I have found a soulmate, someone I can love. Someone I can reveal myself to.
I shall try your advice. I cannot tell her I am in command, for we will be merging, but I shall sweep her off her pretty little feet.
KTB:Lover, Poet, Artiste, Aesthete, Programmer.
KTB:Lover, Poet, Artiste, Aesthete, Programmer.
There is no
I desire her for herself, not because she is related to some Open Sores celebrity.
True Love always finds a way. So help me God, I shall make her mine, nomatter the barriers in my way.
KTB:Lover, Poet, Artiste, Aesthete, Programmer.
KTB:Lover, Poet, Artiste, Aesthete, Programmer.
There is no
But there is another demographic that uses it: Lovers.
I have been trying to court Heidi Wall and save her sweet innocence from that bastard offspring of de Sade, shoeboy, for some time. PGP allows me to talk to her and my friends who are aiding me in complete secrecy. By using PGP, I can be much more open in my billet doux than I would ever dare to be normally, as I am sure that third parties are not watching over my shoulder.
Speaking as a virgin, and one who has reserved his heart for one girl and one girl alone, I can say that PGP is enormously useful to me in my courtship. I hope that it further breaks out of its criminal ghetto and is used by lovers everywhere.
If you are courting a girl, try PGP. It helps you reveal your heart.
KTB:Lover, Poet, Artiste, Aesthete, Programmer.
KTB:Lover, Poet, Artiste, Aesthete, Programmer.
There is no
A Crypto-analysis attacks the weakest link and weakest in link in a typical Crypto system, including PGP, is the Human.
This type of attack is so common, it even has a name; "rubber-pipe crypto-analysis". Essentially the idea is that cosh is used to beat the key out of the person.
Crude but effective!
So no; whilst we continue to include a Human factor, Encryption is not really secure, because people are not really secure.
Not to dispel any paranoia here, but I believe you're talking of Tempest. If that's the case, then (subject to my memory, of course) it only has the ability to show what's on your screen--not pick up data bits being shuffled to your RAM and/or hard drive. Think of it as a wireless VNC viewer, with no ability to control. In that case, it's not so easy to grab your private key.
I think what you want is the upgraded version, DGP (Damn Good Privacy), or perhaps UFBP (Unfucking-Believable Privacy). We're expected to release those upgrades Real Soon Now (tm).
There was already a Word marco virus Caligula that attacked the PGP secret keyring and mails it to codebreakers.org, circa 1998.
You are mainly concerned with your private key ring, since lose or corruption of that would be the most damage. If the public key ring was modified you could alter local trust of a specified key, but it could not sign a public key without the private key.
As others have stated the private key itself is protected by symmetric encryption (e.g. IDEA, TripleDES) and you need the passphrase to unencrypt this encryption. So, a private key protected by a poor passphrase could be brute forced using a fast dictonary search tool, similar to Alex Muffett's crack for Unix passwords.
There are several ways to increase the security without irrating the user, such as using a floppy based key ring, using a smartcard memory card to store your own public/private keys, using a Dallas iButton, a removable PCCard (PCMCIA) storage device, or using a crypto smart card that stores your own private/public key, and does the RSA calculations on the card, designed in a such a manner as the keys cannot be extracted from the card. This gets into Differential Power Analysis (PDA) and tamper resistance attacks.
For a high security application, you could consider a hybrid smartcard and PDA (e.g. Palm), which forms a small trusted computer. Of course most security experts wouldn't call a out of the box Palm and PalmOS a trusted platform, but it's an example of a smartcard with a direct human interface (human input & output), rather than trusting a larger more complicated computer which is also more flexible because it is designed to be general purpose. Some 3G cell phones plan on having similar smartcard interfaces I believe. I think Nokia had a prototype. Of course since there have been some trojan SMS messages already seen in Europe, and with WAP expected to expand its capabilities rather than die, you can expect this to be a more virus friendly platform as cellphones evolve.
While Bruce's Secrets and Lies shows his change of heart from the absolute security through cryptography that he and cypherpunks dreamt of in the early 90's, he now understands that absolute security in a practial system is a myth, and wants readers to think like engineers in weighing of trade-offs, how easy to use verus how secure, and how expensive vs. how secure. It is not a reason to give up on cryptography, but to realise that in designing and working with secure systems you need to look at more than just which neat cryptographic algorithms to use.
1) Always, whenever you create a new keypair, create a revocation key. Copy that key onto a floppy / CF / Smartmedia card etc etc, and delete it from the default store. If you're really paranoid about "sneak and peek" etc, revoke and re-issue another key when you start sending really private stuff.
2) Make your passphrase something stupidly difficult. Even two words without spaces is n^2 (where n = number of words you know, probably about 30,000 if your averagely(sic?) smart) harder to crack.
3) Keep up-to-date software. Remember the pgp 6.5.1 problem ? (I don't know if I have the right version, but it was something to do with not generating sufficient random numbers - although someone will probably correct me)
4) Treat all unencrypted email as public domain. Consider it read by your boss, IT department, the recipient's boss and the recipients IT department.
5) Treat all encrypted stuff as just encrypted for a certain period of time. All those encrypted archives that people made 10 years ago ? With todays tech, it'll probably be just a matter of hours before they're all plain text again.
6) Use cryptology for messages that don't require it - otherwise only the interesting stuff will be attacked
That's my 0.03 EUR. Chances are I've kept some gaping holes in their, but what the hell - have to make some posts sometimes....
Two wrongs may not make a right, but three
Doesn't PGP stand for Pretty Good Privacy? (That's not a joke or anything, is it?). If someone wanted to give someone something extremely confidential, would they e-mail it encrypted? No, they would either give it to them personally or get some trusted person to do it.
No encryption is perfect, and is only secure when used for what it's designed for. PGP is good for what it's designed for.
BTW, about the key being as secure as the comp it's stored on, wouldn't the key be on the same machine the thing being encrypted is on? Anyway that's my two cents.
- "Ford, you're turing into a penguin. Stop it." Go Prefect!
I sometimes wonder what the most powerful information-finding institutions have in the way of meme searching. Most people aren't random- when they think of a passphrase, they're going to to choose whatever is on their mind. For example, consider the "Ilovetux" passhrase. A slashdot user suggesting a Linux-realted passphrase seems pretty obvious. How many linux phrases are their in wordspace anyway? 1,000?
It seems to me a sophisticated conspiracy type group could drastically reduce the "keyspace" of words by compiling a playbook of words things people like and starting with that. Instead of comparing all words, why not compare words and quotes from pop songs, the Simpsons (and other tv shows), Final Fantasy characters (and other video games), User Friendly and Penny-Arcade sayings (and other comics). Then they start their search by building phrases from those. (IloveMiranda, IloveTycho, IhateMicrosoft) x2 x3 x4 etc etc.)
I guess this line of thinking stems from my own personal paranoia that people are almost shamefully predictable, and that powerful, possibly sinister forces understand this and use it to their advantage. ; -)
Keeping your keyring on a media like a hard drive or floppy strikes me as a weakness in itself, but you don't need to compound it by storing it on a stored medium. If I were really serious about encryption (I'm only semi-serious, I encrypt things like password files and account details, keep my keyring on a floppy but don't routinely encrypt email) I'd want to see a memory card type technology with a quick and absolute method of destroying the key along with a proven secure method (protocol and technology) of transmitting data back and forth between the card.
Chris Kuivenhoven is a thief, beware
Well at least I didn't post it in vain... Ghost in the Shell pseudo informative doc combining steganography, pgp, and some other nifty things.
As for PGP being safe or not, one thing you have to understand, many of the attacks that claim PGP isn't secure, or etc., may sound like there is nothing you can do to protect yourself, their wrong, dead wrong. Many of the vulnerabilities people find when dealing with crypto cannot be achieved by your typical script kiddie, and often not even a Sr. level Admin, so don't be fooled.
Anyways I would love to keep going on this but I have to bounce =( damn =(
360 degrees of Karma
One point you are missing: to use an encryption key, at some point it has to travel around the computer in the clear -- and apparently organizations like the CIA can pick that up from an antenna across the street, if for some reason they put their best people and equipment on it. Of course, it's much easier to just snatch you and wire up your genitalia until you give them the keys, but sometimes that method has unacceptable repercussions...
Anyway, the equipment to intercept computer emissions is subject to Moore's law too, so someday soon it will be within the price range of industrial spies, and the next year PI's will be using it to dig up dirt for divorce cases. We can ban it. That will work, sure, just like banning guns...
I know more about Tempest than you do -- it's not a spy program, but the armed forces program to make their computers proof against this kind of spying by heavily shielding everything. It also adds $5K or more to the cost (or more like $20K under a gov't contract). The strongest signal would probably be from the video cable, but the keyboard and disk drive cable also emit. Even signals on the motherboard give some emissions. Descrambling the bits (particularly from parallel busses) is quite a challenge, but from the attention given to controlling even motherboard emissions in Tempest systems, apparently the experts don't think it's impossible. Modern FCC-compliant enclosures really do cut down on emissions quite a lot. My guess would be that the easiest thing to tap would be video, LAN, keyboard, mouse, and other external serial interfaces would be considerably harder but possible, and internal parallel interfaces would take technology beyond anything I know of. That is, a really good spy organization might be able to record you typing in your password, then have to break in to use it. If you run with the covers off, you are theoretically at risk of internal SCSI, IDE, or motherboard signals being intercepted, but I have no idea how anyone could intercept 8 to 64 bits parallel and make sense out of it.br>
It isn't a risk I would worry about at present, unless you've really made enemies in high places -- and they'd probably go for a more direct attack anyhow. But technology keeps advancing. To really be safe, you'd want your keys to stay inside of a shielded calculator- or credit-card-sized device, preferably one that had to be unlocked by biometrics (fingerprints, e.g.), read on its own scanner. This device would have to do encryption itself, so as to never send out a private key. However, you'd have to type a message on another machine and send it to the security device in the clear, so there's a little vulnerability there...
All this is highly theoretical -- most users leave their systems open to much cruder methods, like read the password off the post-it note, recover secret documents from the trash, ask someone to let you in so you can do some maintenance...
A faraday cage the size of a PC built on gov't contract might cost $5K by itself. But you've also got to shield and filter all cables that run through it. A power cord can pick up emissions and carry them outside -- so you've got to put a low-pass filter where it goes through the box. VGA cables are notorious emitters (the signal frequency is high enough that a few foot of wire makes a decent antenna). So unless you faraday cage the whole room, you're going to have to use multiple layers of cable shield.
A room-size faraday cage is the simplest solution, but there's more to it than chicken wire. The chicken wire (or aluminum or copper foil) has to be electrically connected all along the edges -- and construction workers don't know how! Doors need conductive gaskets. Power lines need filters. I think it would cost $20K to build as a commercial project. As a government project, with union work rules and inspectors tripping over each other... The armed services do have electronics shops inside faraday cages so top-secret electronics can be worked on, but don't ask me what they spent on them. The one I was in had a bank vault door that must have cost $10K all by itself. (This opened inside the building. But then there was a fire exit door to the outside that was just an ordinary metal door with added gasketing -- and when the air conditioning wasn't working hard enough, the techs would open it to let some air in... 8-)
Everybody should have a little 4k flash dongle with a serial and/or USB interface and some kind of biometric corroborator (little retinal-scan CCD lens you look into?). The whole thing (except for the cable extender) should be a couple co cm long and be carried on their keychain. Your encryption software should ONLY look for your key on your dongle and will only accept it when you're bio validating. These things should be cheap and write once (for the key itself and the bio-print. Lose it (or want another key) - buy another dongle and create a new key. Have not though this through in detail, but does that sound practical?
Not sure you can "take the 5th" to evade the seizure of physical records (eg. my diary can be taken and if it's got a lock on it, I believe I CAN be compelled to surrender the key to it).
The Germans and the Soviets in WWII are an interesting contrast in the use of one-time pads. The Germans built the Enigma machine, confident in it's security because of their confidence that the allies couldn't perform the calculations. The Enigma was of course cracked, with dramatic consequences for Germany. The Soviets by contrast used one-time pads, totally foiling German and Allied intelligence. The only cracked Soviet communications were pads that were used twice, and those took decades.
I think WWII may afford a lesson that all of us PGPers could learn from. Never have complete confidence in your cipher, unless it is a one-time pad.
I posted and all I got was this stupid sig
You are lucky then, The new anti-everything to do with computers law in the UK does I understand cotain provisions to make it an offence to not provide a password or passphrase to files that have been seized. I suppose like contempt of court only in the law, not just the court rules.
If you people would just do as you're told, everything would be OK.
Basically what you're saying is that if you leave your keyring on your main hard drive, it's as secure as your passphrase. This has been a recurring theme in computing since the first password-protected login.
People write down passwords, or tell them to techs, or choose stupid ones. A properly-chosen passphrase isn't going to fall to a dictionary attack. If it's long enough, and uses enough tricks (odd punctuation and capitalization, intentional misspellings, non-words...), then it should do the trick. Why do I say that when we know perfectly well that it's still crackable?
A security system offers inconvenience to those attempting to bypass it. Put together a big parallel processing array, and use up a whole bunch of CPU cycles, and you could crack anything encrypted on my system, but who cares? Who's going to go to that much trouble for my piddly little secrets?
Face it, we don't need Tempest shielding and floppies stored in safes for our personal information. Businesses may be a different story, but it still depends on the type of secret and the size of the business.
I generally use envelopes, but I'm pretty sure that if someone REALLY put their mind to it, they could figure out a way to get into the envelope. I think that was what the original poster was getting at. It doesn't really matter if you use ROT13 or PGP or whatever to encrypt your data, because anyone who is determined enough is going to access the data anyway. If you're dealing with the government or another professional organization, encryption is nothing more than a minor annoyance.
Slashdot: Open Source, Closed Minds.
And I'm not denying that, but there is a distinct difference between "should be" and "is".
Slashdot: Open Source, Closed Minds.
It is good to see you taking the plunge - that first dip into the olympic-sized pool of love.
Speaking as Slashdot Playboy since 1997, I feel I am qualified to advise young pups such as yourself on the appropriate etiquette when wooing a young lady such as this.
I recommend you make the young lady feel in control. Remember - you are a love god and she is your willing pupil. Young ladies love a man who can show her who is boss. Speak firmly but not roughly to here.
Do not suggest PGP to her, tell her that you will be using PGP.
Hold this young lady by the hand. Carry her over the romantic threshold. Slather her in kisses. Make your own provision for prophylatics. Buy her a single red rose. Whisk her off to Paris. Do whatever it is it takes.
Show this feisty young lady you are in command. Fear not the monstrous shoeboy, with his rough and ready approach to women. You shall woo her like she's never been wooed before and will never be wooed again.
--
Slashdot playboy.
Slashdot love god since 1997
There has been a number of posts, indicating that we dont really need 100% secure encryption, since nobody is going to dig THAT deep into our private emails.
I think the question was more from a technical point of view, not just paranoid babble-talk.
We dont need "Nothing is secure, Nothing can be done about Anything" kind of talk, we need radical new ideas.
Anybody has an idea for a 100% secure, practical communication, even if it doesnt involve encryption?
Let's say you have a pretty good passphrase, one that will take on average three months to crack by the NSA (let's for the moment forget how many chars etc. that will be) Now, how about if THE PROGRAM adds say four random bits to your passphrase, _and doesn't store them?_ Every time you use the key the program has to brute-force those last four bits. four bits=16 different permutations so the program will have to make on average 8 attempts to decrypt before it succeds. This slows down the decryption, but only to an utterly insignificant degree. (I think we can afford to wait >0.2 secs more) However, for the NSA (or any attacker, I though I'd just choose the big bad wolf) it will also be eight times as difficult. That means two years instead of three months. You not satisfied with that? Add another random bit. Whoops! Four years. And another. Eight years. Still decryption should not be seriously slowed down for the one who has the passphrase. If (and only if) you're truly parranoid you can add so many random bits that it takes five minutes, or twenty(!) to decrypt a message even with the passphrase. By then it should be faster to attack the public key with factorization. I am not a coder myself so I can't implement this, but it would be very cool if someone did. Alternatively, you could explain to me why this isn't a good idea. (I know it's a slightly better idea on a 1.3 ghz machine than on a smartcard. I also know that you would have to build in an effective brute-forcing program in PGP/GPG but I can't see that this would pose a serious risk-attackers already got those) "Why not simply choose a longer passphrase?" Because that's not always easy, or convenient. Plus it probaly takes longer to type in the extra characters than brute-forcing a couple of bits would. You'll grow old and forgetful one day too. You always have to measure the risk of losing one's data (by forgetting the passphrase) to others gaining access to it.
xkcd is not in the sudoers file. This incident will be reported.
If you're going to ask questions like these, you have to say, "well, is any security really secure?" And the answer to that is of course "no". "You almost certainly don't own a secure computing system with physical access controls, TEMPEST shielding, "air wall" network security, and other protections." DUH! How is this insightful? How does this lead to any meaningful solution to the problem? So what, just stop using encryption? So what, just stop assigning a root password?
This Ask /. implies that it doesn't work at all and that we aughta just stop using it. Why? Because there's no answer - there's no solution. You can't just have everyone shield their PC's from TEMPEST - and of course, exactly how many people are getting scanned in the first place? Not everyone is willing to drop their PC into a vat of concrete with no net connection to keep people from sitting at it to gain access.
So what's my bottom line here? "Is encryption really secure?" Well, as I mentioned, nothing is really secure, so the answer is "no". Of course then again, security works 99% of the time (or a little less), so let's just keep using it and not ask stupid questions like these. They've been thought about before.
Why bother.
How Encryption Works explains with drawings and an animation how public-key and symmetric-key systems, as well as hash algorithms really work.
"Look for the "s" after "http" in the address whenever you are about to enter sensitive information, such as a credit card number, into a form on a Web site."
Looks like it's back to the old-style encryption types:
ROT-13
Pig Latin
Stupidity
------ 1001001
Do you send all your snail mail written on the back of postcards? Somethings don't have to be illegal for me to want to keep them from the eyes of others.
i thank goodness for pgp. i feel so secure. like a warm kitten in a wool sweater with a saucer of milk.
the pr0n-o-matic.
the pr0n-o-matic.
http://www.phatmax.net
Encryption is the most un-kinkin', unhappenin' piece of sheet in the hood right now. Comin atcha, straight up. Lets get those algorithms kickin' again, I'm talking more boggle, more death mental (metal) and belgiun house.
Mud the far cuss.