PGP Turns 30 (philzimmermann.com) 50
prz writes: PGP just hit its 30th birthday. Before 1991, the average person had essentially no tools to communicate securely over long distances. That changed with PGP, which sparked the Crypto Wars of the 1990s. "Here we are, three decades later, and strong crypto is everywhere," writes PGP developer Phil Zimmermann in a blog post. "What was glamorous in the 1990s is now mundane. So much has changed in those decades. That's a long time in dog years and technology years. My own work shifted to end-to-end secure telephony and text messaging. We now have ubiquitous strong crypto in our browsers, in VPNs, in e-commerce and banking apps, in IoT products, in disk encryption, in the TOR network, in cryptocurrencies. And in a resurgence of implementations of the OpenPGP protocol. It would seem impossible to put this toothpaste back in the tube."
He continues: "Yet, we now see a number of governments trying to do exactly that. Pushing back against end-to-end encryption. [...] The need for protecting our right to a private conversation has never been stronger. Many democracies are sliding into populist autocracies. Ordinary citizens and grassroots political opposition groups need to protect themselves against these emerging autocracies as best as they can. If an autocracy inherits or builds a pervasive surveillance infrastructure, it becomes nearly impossible for political opposition to organize, as we can see in China. Secure communications is necessary for grassroots political opposition in those societies."
"It's not only personal freedom at stake. It's national security," says Zimmermann. "We must push back hard in policy space to preserve the right to end-end encryption."
He continues: "Yet, we now see a number of governments trying to do exactly that. Pushing back against end-to-end encryption. [...] The need for protecting our right to a private conversation has never been stronger. Many democracies are sliding into populist autocracies. Ordinary citizens and grassroots political opposition groups need to protect themselves against these emerging autocracies as best as they can. If an autocracy inherits or builds a pervasive surveillance infrastructure, it becomes nearly impossible for political opposition to organize, as we can see in China. Secure communications is necessary for grassroots political opposition in those societies."
"It's not only personal freedom at stake. It's national security," says Zimmermann. "We must push back hard in policy space to preserve the right to end-end encryption."
Congratulations! (Score:5, Insightful)
It is pretty rare for somebody to make this much difference in the world. Learned a lot from the original PGP manual too. Thanks!
Free to override freedom, because the vote! (Score:5, Insightful)
Many democracies are sliding into populist autocracies.
This is the most important sentence you will read this decade. Maybe since the end of WWII.
Re:Free to override freedom, because the vote! (Score:4, Funny)
Thanks Phil Zimmermann for staying true! (Score:3)
Unfortunately... (Score:4, Interesting)
Re:Unfortunately... (Score:5, Informative)
By my reading, the point is not to use PGP as written 30 years ago. The point is that strong crypto and end-to-end encryption in the hands of ordinary users is more important than ever. And the threat from autocratic governments is growing. Therefore there is need to be vigilant and fight the good fight on strong end-to-end encryption.
Re: (Score:3, Informative)
Indeed, back in the early 70s public key crypto was known to the British intelligence services but not to the public. Diffie and Hellman then independently discovered the same thing and finally Zimmerman created PGP, the first practical application implementing it that was available to the public.
Zimmerman was an anti-nuclear activist and intended PGP for use by activists from the start. He was willing to stand up to the government investigation and take considerable risks to thwart their attempt to preven
Re:Unfortunately... (Score:5, Insightful)
The blog is written by someone that has a drum to beat, either by wanting to move people to platforms that are monetized, or with encryption that is not separable from the transport mechanism.
Yes, PGP is old... but it has been proven and audited secure enough. You don't have to use IDEA, and it supports modern algorithms like ED25519. Yes, GnuPG has its issues, but it is F/OSS, and if one doesn't like it, then one can donate to the developers, or fork something. PGP does need something like forward secrecy, and the key server code needs a facelift to minimize denial of service attacks. But the perfect is the enemy of the good here.
PGP and GPG do one thing that most of the .com people don't like: It separates the encryption of the message from the transport layer. I can send a PGP message via email, Signal, stuff the file in a S3 public bucket, post it on USENET under alt.anonymous.messages, or create a QR code. The actual message contents are secure no matter what. The problem is that so many companies want to own that last-mile encryption layer, so they can either monetize it, see what it in the file either directly via "bugs", or indirectly via metadata.
PGP also allows for a web of trust. No other security program does this. SSL is built on having a root that is 100% trustworthy, which has been proven to be a faulty framework over and over again, while PGP's web of trust has stood the test of time, where if you have doubts about a public key, you can try several sources, and if you are 100% sure, you can sign the key, and other people can take your word. This is a LOT more secure than the "just STFU and trust us" which is the entire SSL/TLS model. This also is something the big money guys hate, because there is no single point of failure in a web of trust, and that one doesn't need to pay big bucks to some random joe with a root certificate to sign a PGP/gpg key.
Yes, PGP/gpg show their age, but they do something that a lot of well-moneyed interests want to kill off with fire... and that is to bring distributed freedom and security to the masses. PGP did this 30 years ago (ever see the garbage out back then? Hell, stuff trying to use "DES" only used 1-2 rounds at most... if they even used DES, and not some encryption just hacked up.) PGP continues to do the same thing now. Don't like it, write a new standard that can do what OpenPGP does.
tl;dr, OpenPGP isn't perfect, but it offers privacy and distributed protection in a world of "security has no ROI" companies and "just trust us... ooops" security issues.
Re:Unfortunately... (Score:4, Interesting)
because there is no single point of failure in a web of trust
Of course there is. You identify a target, beat them up and hold them somewhere secure, impersonate them to maintain the illusion of trust, and gather intel at your leisure.
Re: (Score:2)
Most "single points of failure" are those that causes a cascade of failures, but don't cause total collapse on their own. Even by your definition/description, the whole "root certificate authority" would not be considered a single point of failure, rendering the point that GP was trying to make, moot.
That will give you access to a part (or parts at most) of the web. Not all of it. Thus not a single point of failure.
Then PGP is no more secure than root certificate authorities on this front. No failure could let anyone get control of the whole certific
Re: (Score:2)
Then PGP is no more secure than root certificate authorities on this front. No failure could let anyone get control of the whole certificate infrastructure
Not really. What happens if someone gets hold of a single root certificate's private keys? Something like an Entrust.net certificate, serial number 4a538c28, expiring December 2030. They could go about issuing intermediates and server certificates for the entire web.
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
The fact that DigiNotar is thwarted merely by browsers blacklisting all those tickets means it is decidely NOT a single point of failure. And the fact that browsers could just blacklist a whole bunch of certificates at the root means that is an advantage of that system of trust. Imagine trying to do that - even to identify a compromised node - within a web of trust.
Re: (Score:2)
Ah, the "the world is still spinning" argument :-) You got a point but it's little consolation to the Iranians in trouble from the DigiNotar incident.
I don't know much about the PGP web of trust but from what I read, the basic trust decision vests with the user and is user-adjustable. Also, one compromised set of PGP credentials means only the entitie's correspondents are impacted.
Not so for SSL root CAs. The DigiNotar article states it pretty well:
"...call for a deeper reform of HTTPS in order to remove the weakest link possibility that a single compromised CA can affect that many users"
(Referring to the 300,000 Iranians I suppose)
Browser black
Re: (Score:2)
True, PGP's web of trust is user controllable. But that's the downside as well - because that doesn't scale.
Imagine visiting a website and before you even see its contents, you have to decide if it's the real deal. Do you trust that the certificate google.com presents to you is
Re: (Score:2)
Single point of failure means one weakness which causes total collapse on its own.
That is literally the definition of the phrase.
Getting control of the root certificates causes SSL to fail. Nobody has actually managed to get that far, but many have exploited the infrastructure weakness this single point of failure brings with it - which admittedly is not in itself a single point of failure, but *caused* by it.
PGP has no such weakness. If your web of trust is compromised, that does not affect mine. Nor is th
Re: (Score:2)
Single point of failure means one weakness which causes total collapse on its own. That is literally the definition of the phrase.
Then by definition there can be no such thing. Nothing ever fails at a single point. It always is the result of a cascade of failures.
Re: (Score:2)
If your web of trust is compromised, that does not affect mine.
How would you know? Every human on Earth is separated by at most 7.5 degrees of separation. Much much less than that for your own country. You are bound to have overlap with others. That's the whole point of web of trust. Again, security isn't a one-move turn-based game.
That is a failure, whether you call it a single point or not.
Obligatory XKCD (Score:1)
Re: (Score:3, Insightful)
The PGP Problem: A Critique [59.ca]
Re: (Score:2)
The original ciphers are deprecated to the point of danger
I really don't think you mean the original. [wikipedia.org]
There is a usability crisis in encryption (Score:3, Interesting)
There is a usability crisis in encryption. Everything around the encryption user interface needs help. The layperson has no idea about any of this stuff. It's the vaguest of black boxes.
The crypto nerds are happy but no one else is.
If there's going to be broader adaption of encryption, it has to:
1) Be gamified and
2) The gamification concepts standardized
Think Windows Explorer or any other desktop environment. It took the command line directory listing for a user's home directory and turned it into this wacky desktop view, turning directories into folders, introducing drag and drop, the recycle bin, etc. That's the way to improve usability. Encryption needs that. Explaining it in terms of logarithms and exponents doesn't really help the layperson.
Re: (Score:3)
Think about HR emailing people's personal information, SSNs, passports, bank account numbers.
Think about the front desk nurse / receptionist at the doctor's office scanning in your personal information and putting it in email.
A field investigator for high level clearances putting your personal information in email.
Executives trading corporate secrets over all kinds of communication channels.
The lack of tech savvy of these groups cannot be overstated. Yet they are sharing so much key information. This is why
Re: (Score:2)
And here's where I think an answer may lie: take encryption from the purely software world and make it hardware.
Like a private key that's actually a plastic key. It has a standard private key shape with a credit-card style number encoded in it.
And a public key, that's another standard shape.
A USB device that you have to plug the keys into.
A software program that detects the device and keys.
Other people want you to have their public keys, they express snail-mail you a public key
A software program that allows
Re: (Score:3)
Think about HR emailing people's personal information, SSNs, passports, bank account numbers.
Think about the front desk nurse / receptionist at the doctor's office scanning in your personal information and putting it in email.
A field investigator for high level clearances putting your personal information in email.
Executives trading corporate secrets over all kinds of communication channels.
The lack of tech savvy of these groups cannot be overstated.
Agreed. That is why you now find security mandates instead of mere recommendations.
In every single one of your examples, I can find a security mandate within that industry that turns every theoretical employee into an ex-employee.
Every single one.
Those who give a shit about privacy, will be employed in the future. Those who are THAT careless and could give a fuck about personal data, will be relegated to asking if you would like fries with that.
Re: (Score:2)
Agreed. That is why you now find security mandates instead of mere recommendations.
In every single one of your examples, I can find a security mandate within that industry that turns every theoretical employee into an ex-employee.
It has to be easy for the head of HR or for the doctor before they lean on their people to do it.
Re: (Score:3)
Agreed. That is why you now find security mandates instead of mere recommendations.
In every single one of your examples, I can find a security mandate within that industry that turns every theoretical employee into an ex-employee.
It has to be easy for the head of HR or for the doctor before they lean on their people to do it.
Security violations can sometimes be easy. But in reality layers of monitoring should be set up so when these people screw up and create a violation, it is detected.
Re: (Score:2)
You are greatly overestimating the demand for that "black box", and the only true crisis going on right now, is the one around privacy. Or more specifically, getting the average layperson to respect and value it again.
For that reason and that reason alone, I could give a shit how complex an encryption UI really is. The layperson either wants to learn it and figure it out because they still respect and want privacy, or they don't.
Besides, the instant you try and make encryption idiot-proof, society will co
No we're not (Score:3)
> The crypto nerds are happy but no one else is.
No, we're really not.
We're quite frustrated because most users, developers, and sysadmins are doing encryption wrong (or not at all) for exactly the reasons you mentioned.
The interfaces suck. In some cases, that's because of fundamental problems that may be unsolvable. For example, if a user's files / data are encrypted totally transparently, with no effort from the user, and transparently decrypted for use with no effort by the user, they are are transpare
Re: (Score:2)
As an example, in games the items you seek are hidden in caves, which can only be unlocked with the key from sea serpent. You get 5,000 for finding the first item, but the second is harder to find.
They are not handed you to in a nice folder structure, with a search bar at the top where you can type "ruby key" and just get it. :) Windows Explorer the exact opposite of gamification.
Re: (Score:2)
Realize it doesn't have to be a super-cool game. It can be an ultra mundane game, designed by a boring teacher. What the boring game does is to make the abstractions and tasks with those abstractions much easier to 1) understand and 2) execute.
That's it. Nothing more. It's just supposed to make the abstractions and tasks less abstract and more concrete by creating visual representations and doing tasks with those visual representations.
Think about git. And then think about git GUIs. Same kind of thing.
IMO T
Re: (Score:2)
Gamificarion generally doesn't involve intentionally making something more difficult -- it's done for a task that is already difficult or tedious. Gamificarion is about attaching rewards (in the worst case, with enough randomness to trigger addictive behavior) to some behavior that is not inherently rewarding, to get people to do it more often or better.
Whether that's a good trade-off for encryption, and who would be providing those rewards, is another question.
Re: (Score:2)
With desktop environments, they took the output of "ls" or "
Re: (Score:2)
> By gamification, I mean creating simple visual representations (i.e. virtual objects)
People like visual representations. One common term for that is "GUI".
"Gamification" means making it a game; gamification involves challenges to earn points and competition.
Re: (Score:2)
Could not agree more.
There was a point where there was a PGP implementation developed by...I think it was Norton, of all companies...that seemed like it might actually be creeping towards usability by the average person. It never quite got there and it has fallen off the map again.
It's good that there are apps that are trying to incorporate end to end encryption, but I think there is still a pretty big gap out there for email and other messaging.
Re: (Score:2)
I'm not sure that good encryption CAN be usable.
I suspect that dataloss with the loss of a password (or physical key) counts as usable for the average person.
Google sync does OK with their passphrase for the cloud storage (on passwords at least) and using Windows for local storage (so that if you reset the passkey you'll be OK if you still have access to the local computer).
Encrypted data at rest seems to be handled pretty well as long as nobody loses their password and/or fob, it's not the user experience
Yes, but. (Score:2)
Re: (Score:3)
I appreciate the historical signicance of PGP. But "tools for the average user?" No, not really.
Well that's rather fitting for society today, since privacy isn't for the average narcissist anyway.
PGP turns 30 (Score:5, Insightful)
and the 30 year olds of today just don't give a shit about privacy anymore. How ironic.
PGP Public Key post blocked by ascii art filter :( (Score:3)
Well .. I tried to post a PGP public key but was stopped by the Slashdot ascii art filter.
Average person had no tools? (Score:2)
If I may say, nonsense. cryptography dates back millennia, and the "one-time pad" has always worked well. It's burdensome to transfer the pad to the recipient. PGP wasn't unheard of technologically, it was publicly available, easy to use, required no more than typical computing power when published.
Re: (Score:2)
PGP wasn't unheard of technologically, it was publicly available, easy to use, required no more than typical computing power when published.
Perhaps the concept of encryption wasn't unheard of, but I'd put money on the fact that out of 100 randos grabbed off the street, 95 of them have probably never heard of PGP, and don't have a clue what it is.
Emboldened criminals make mistakes (Score:4, Interesting)
Notepad++, on the other hand (Score:1)
Re: (Score:2)
Re: (Score:2)
Cryptonomicon, too (Score:1)
Correlation != Causation (Score:2)
I still think, that any politician who is pushing for "the people" to be denied access to secure, encrypted, internet communications, should be the first to be banned from being able to use SSL/TLS for things like their online banking, email, etc. Then, lets see how long they keep spewing their nonsense.
Many of the leaders (well, politicians, as they can't really be called leaders as they truly believe "tis for thee, not for me") cannot understand that correlation does not imply causation.
Criminals use enc