Slashdot Mirror
PGP/GnuPG June Key Analysis
Drew Streib writes: "In the spirit of some work begun by Neal McBurnett a few years ago, there is a June report of keys from global keyservers. This report covers about 1.5 million keys, from a 1.7GB public binary keyring, focusing on keys that are nearest the center of the web of trust. Using a GnuPG key? This will tell you where you stand in the overall rankings, as well as signatures to look for. Not using one? Maybe you should be." This would be worth reading for the explanation of the analysis alone.
Don't you just wanna SHOOT those people!?!
- A.P.
--
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
As soon as someone integrates it into Mozilla! Mozilla does everything I need in a mailer right now except GPG/PGP support:
Good IMAP support (most stable I've seen)
SIMAP and SSMTP support
Graphical (hey, if I'm useing X, may as well use it)
Cross platform (can use it under Windows or Linux)
..while I'm at it, roaming profile support in mozilla would be nice too.
This is a fascinating bug, BTW. Discussion about NSA security policy, an NAI developer offering his time for the feature, and the effect the patch would have on the tree.
It's highly unlikely (based on the history and state of 0.92) that the patch will make it into the main build, but if you are brave and foolhardy you can try out the code yourself.
I've heard from a reliable source that GnuPG has compatibility issues with PGP. Messages signed/encrypted by one aren't always correctly handled by the other.
Anyone know if there's an issue here, and what it actually is?
Schwab
Editor, A1-AAA AmeriCaptions
The key servers talk HTTP on port 11371. There's also a way to do requests by e-mail, but I don't know the details of how that works.
Since a self-signed key is no more reason to trust the key than finding it on a scrap of paper in the road, this allows us to compute the PGP clue of people using PGP keyservers.
And this is from the part of the population that has the clue to install PGP and find the "upload" button.
Not encouraging.
True, trust is not transitive and anyone can sign my key without even knowing me. But the fact is that very few people actually do that, so for statistical purposes only it still means something.
-
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
Tell them you'll quit as soon as those managerial types quit sending you email with random VB scripts attached :)
Caution: contents may be quarrelsome and meticulous!
Your right to not believe: Americans United for Separation of Church and
"Alice must make a decision in her own mind about whether Carol is a trusted signer."
"Once Alice has a good key for Carol and marks it as trusted, she can then extend the WoT by then getting keys which Carol has signed."
You seem to be contradicting yourself. I agree with you up until the second last paragraph. Alice has a good key for Carol because she trusts Bob to sign keys. But the trust stops there - she shouldn't trust Carol to sign keys! As you said originally, she should know Carol and judge for herself if she can be trusted to sign keys.
/* The beatings will continue until morale improves. */
So, try and setup a keysigning!
If anyone is interested in NYC/Long Island, let me know!
-- 73 de KG2V For the Children - RKBA! "You are what you do when it counts" - the Masso
If your in the NYC area, I'll be glad to get together
-- 73 de KG2V For the Children - RKBA! "You are what you do when it counts" - the Masso
Whaaaa???? And people still buy it? Are they nuts? What kind of security manager would recommend buying closed-source security packages?
------
"...In my own self plug, my own key sits at #1555 with an MSD of 5.4901. I'm just back from a key signing party though, so we'll see how it moves next month..."
Mom: Johnny! What's that smell?
Johnny: What? It's nothin'...
Mom: Come over here. Let me see your eyes.
Johnny: C'mon, cut me some slack...
Mom: They're as red as an apple! Johnny...were you at one of those 'key signing' parties again??
Johnny: No Mom...Leave me alone!
Mom: What did I tell you about hanging around those crypto friends of yours. Are you back on PGP again?
Johnny: Go away! I hate you! You don't understand! *snort*
Mom:: If you're not careful you're going to catch something one of these days!
Ferrari and other exotic car rentals in New York
I put my ID fingerprint on my business card, then my key on the keyserver. If somebody who has my card wants my key, they download it and compare the fingerprints. If they don't have my card, they can call me and read out the fingerprint, or verify it through some other means that is more trustworthy than email.
Self-signatures also prevent third parties from adding another email address to my certificate and submitting it back to the server. If each email address on a certificate is self-signed, only the posessor of the private key could have added those IDs to the key.
The web of trust is one way of verifying that a key really belongs to a particular principal, but it is not the only way. Flexibility is one of the ways PGP wins over other public-key infrastructures (with PGP you are not forced to trust all the parties in the trust web. If you roll your own offline verification method, you don't even need to trust any of them.
-- veni vidi nuclei deceri --- I came, I saw, I dumped core.
Interestingly enough, I was recently forbidden to use PGP anymore while at work. My boss said that PGP signing things confuses people who are less technical (managerial types) and has made them think I'm adversely affecting their email clients due to the random characters that appear.
- --------
Damn managerial types.
-----------------------------------------
This is a good thing. If people ask about the text on the bottom of your message, then you can tell them about encryption and why it is a good idea to use it. It's not just that people don't want the hassle, some of them just may not know that encryption exists for the masses.
Enigma
Enigma
I have configured gpg according to to the webpage on the topic, but it just responds:
gpg: error sending to `search.keyserver.net': eof
I have e-mailed the webmaster, but no respons. I had a few responses from the gnupg-users mailing lists, but nobody knows anything to resolve the problem. I have even tried to talk HTTP to it. It seems like it just won't listen. Is the server broken?
Everything works fine with wwwkeys.pgp.net, though.
Employee of Inrupt, Project Release Manager and Community Manager for Solid
What you said is true. As a sidenote, with a bit of work PGP trust can be transitive without getting thru public key server. CA(Certificate Authority) is a good example.
/. /    |\/| |\/| |\/| / Run, Bill!
Say a root CA A issues CA B, which in turn issues CA C. Carol's public key is digitally signed with CA C. Since Alice only has root CA A which comes with her browser by default(like Verisign). Alice then use CA B to verify CA C, then use root CA A to verify B. By this transitive relationship Alice can then trust Carol's public key as she can trust root CA A.
Too bad applying for a personal/server CA from root CA like Verisign is quite expensive. A free public key server is still very important to us.
 _
Could anyone explain what the point of Public Key Servers is?
:)
/. /    |\/| |\/| |\/| / Run, Bill!
I wonder why this was mod'd as 'Funny'. It's a pretty good question.
It's not like 'centralizing' security responsibility as in 'Passport' services. It's a part of key-management/key-distribution in public-key encription system.
In layman's term, having a centralized public keys repository could help maintaining higher security comparing with requesting public key from an individual by email.
Say you'd like to send a confidential message to A, and you start by requesting A his public key; if an intruder is listening to your email, and learn from your initial public-key request mail that you are going to have a secure transfer, then the intruder might be able to impersonate A and send you a fake public-key.
That's more issues on it, just gave you a very simple exmaple....anyway I wish it helps.
 _
I'd rather use an algorythm that is pretty much proven by the cryptographic and mathematical community to be unbreakable than some new one that has yet to be proven (or, more importantly, disproven). Cryptography is not a science where newer=better.
Could anyone explain what the point of Public Key Servers is?
The analysis misunderstands one of the most fundamental principles of the PGP trust model: trust is not transitive.
What this means is that if Alice trusts Bob to sign keys, and Bob trusts Carol, Alice does not automatically trust Carol. She may not even know Carol. Just because Bob trusts her, that doesn't necessarily mean that Alice should trust her.
After all, Alice is trusting Bob to accurately sign keys. She judges in her own mind how trustworthy and reliable he is at this task. How likely is he to screw up and sign a bogus key? These are the issues she considers.
To have transitive trust, she needs to make a much more careful evaluation of Bob. She must decide not just how good he is at mechanically verifying keys, but also how good a judge of character he is. If she were going to trust Carol just on his say-so, she would need to know that he is able to judge good key signers. This is a different type of skill than just being a good key signer. It is a people skill, not a technical one.
For these reasons and more, PGP does not use transitive trust. If Alice trusts Bob as a signer, and he signs Carol's key, Alice concludes that she has a good key for Carol, that is, a key that truly belongs to Carol and not someone else. But she does not conclude that Carol is a good signer. PGP software will not treat signatures Carol makes as valid.
Alice must make a decision in her own mind about whether Carol is a trusted signer. Only if Alice marks Carol's key as trusted will Carol's signatures then start being effective. In PGP, it is the end user who makes the decisions about trust.
Because PGP uses non-transitive trust, the metric in the dtype.org article is not very relevant. It doesn't matter if there is a chain of signatures from Alice to Zelda, because that will not make Zelda's key trusted. Alice (and every other end user) needs to decide for themselves which keys they will trust.
What, then, is the role of the "Web of Trust" in PGP? It works like this. In the example above, suppose Alice knew Carol and did in fact want to trust her. Well, to trust her she needs her key. But how does she know that she got the right key? This is where the web of trust comes in.
If she gets Carol's key from the key server and it is signed by Bob, whom Alice knows and trusts, she can conclude from this that she has Carol's true key. She can then mark this key as a "trusted introducer" (in PGP terminology) and at this point, signatures issued by Carol's keys are trusted by Alice.
The web of trust played a part, by helping Alice to know that she had a good key from Carol. She didn't have to call Carol up and verify fingerprints, she didn't even have to sign Carol's key. Bob's signature on Carol's key was enough to know that the key was correct.
Once Alice has a good key for Carol and marks it as trusted, she can then extend the WoT by then getting keys which Carol has signed. She knows that these keys are correct as well, and possibly some of those key holders are people Alice will also trust as introducers. In this way the Web of Trust gets extended, but each person makes his or her own trust decisions.
I hope this clarifies how the Web of Trust works in actuality.
Well, no. "Security through obscurity" doesn't help much against a dedicated attack; since this is the only type of attack you need to worry about when you're using reasonably strong crypto, there's no loss in admitting the type of encryption. With only a handful of popular algorithms (and those not equally likely), you'd only be gaining one or two bits worth of security were you hide the algorithm. It isn't worth the trouble.
But still, when I encrypt data with one of the symmetric ciphers (-s) and specifically selecting the algorithm (blowfish, serpent, aes, etc.) with the --cipher-algo switch it produces some encrypted file which when I decrypt... does NOT require me to specify the cipher algo, yet still knows when I put in the wrong password.
This could still be accomplished by trying each of them and reporting failure if none of them worked. But in fact, the PGP file format simply stores the information. Blowfish, etc. are handled similarly.
What does any of THIS have to do with public/private key ciphers?
Nothing. In my first post I was just addressing your question about how it could "know" if you had a bad key, without weakening the encryption.
-- MarkusQ
The public key is based on a number that is the product of two large primes. The private key is based on the primes.
When you attempt to decrypt the message you are in effect asserting "The public key was divisible by these two numbers." At that point it is easy to check, and say either "you are right, here's the plain text" or "nope, it isn't divisible by them." Thus GPG can tell when you put in the wrong key, since multiplying two numbers and comparing them to a third is easy. (Note again: this is a gross oversimplification to just nail down the point in question. There are a LOT of details beyond this.)
Notice that this does not mean that it is easy to "work out" the factors of the large number; the whole basis of this system is that it's easy to check an answer, but there are more potential answers than you could possible check (and a few other details, such as the fact that checking a subset does not provide any information about the unchecked values, etc.).
Hope that helps.
-- MarkusQ
Network Associates PGP is closed source, as of release 7.x. Phil Zimmermann has left Network Associates' payroll, citing "philosophical differences" over the direction of PGP's development. (Can we say, "Ironcald non-disclosure & noncompete clauses"?) In the crypto world, this means that NAI PGP is dead and buried, though one can still decently use versions up to 6.5.8. We can hope that Network Associates management will come to their senses, but not expect it. PGP was great while it lasted, but as of 2001 it's over.
GPG is going to be the new standard, beyond question. Those who care about the issues that crypto addresses-- privacy, security, non-repudiation, and anonymity (remailers use PKI technology)-- need to put some focus on the fact that the vast majority of public key crypto users are still PGP users. In the transitional period following the de facto death of NAI PGP, compatability is the single most important issue. GPG and PGP key formats are partially incompatable and often fail to inter-operate.
From the standpoint of crypto advocacy, the incompatabilities between GPG and PGP create a logistical nightmare. It's hard enough to try to persuade "normal" people to use PGP; asking them to deal with two incompatable standards is simply impossible. You might as well tell them, "Crypto is beyond your reach, forget all about using it unless you are a computer professional." Or tell them that it's OK to use closed source crypto and just ignore all the Bad Things that this implies.
The PGP user community, made up largely of non-geeks, will largely disappear along with PGP itself, unless they are assisted in the transition to GPG. What they want and in many cases need, is Win32 binaries (already available), GUI front ends for Win32 (none yet exist, at least nothing comparable to the "PGP Tray" utility), and most of all, "legacy" support for PGP keys (not available and AFAIK not even planned). I personally have not published and do not use a GPG key, because I still have to maintain full compatability with PGP users.
Enough rant for now. Send your Windows oriented users to http://home.mpinet.net/pilobilus/EZ_PGP.htm if they are having trouble getting started with PGP. If you think my position has some sense in it, let the GPG developers know: because I want to take that PGP tutorial page DOWN sometime soon, and replace it with a GPG quick-start tutorial: One that the same kind of people who write to thank me for the existing page, will still be able to understand and use.
99 buckets of bits on the wall...
99 buckets of bits on the wall...
take one down and pass it around, 99 buckets of bits on the wall
Jim Rivers of PARC once said GPG could be the most important advent since the Web - if there was a defacto method of distributing keys. The fact remains that there are no universal mechanisms out there, and the ones that make the promises are coupled with incredibly profitable buisness plans that will never have significant backing by the public.
And given the topic (privacy), no corporate or government agency will bother to invest in and standardize on a palitable service.
Without both the people, the government, AND corporate backing, no such mechanism can be considered a true success.