[ Home | Articles | Account | People | Projects | FAQ ] | Use of encryption : not when it's needed |
Posted 16 Apr 2003 at 21:52 UTC by gilbou  |
Most people seem to use encryption (like GnuPG) to protect sensitive content and most of the time keep to "clear text" exchanges. But it seems to me that the most gains are when it's used all the time, especially when content is NOT sensitive.
I have been discussing with miod about using encryption on email, and our respective views makes me think about the use of encipherment on email.
We all know or most the various explanations that our deer Zimmerman gave to justify the use of encryption, and the idea of PGP or GnuPG as "enveloppes" for content.
But I feel like most people don't understand that encryption on email is not about protecting the contents at all, but protecting against traffic analysis.
If we have two people communicating securely, what does it mean ? First, they need to be able to exchange information, even on a un-secure and prone to MITM (so called man in the middle attacks) links.
The Diffie-Hellman protocol allows us to exchange keys, secret ones, over an insecure medium and thus without any prior secret.
As most know, DH can be under attack of MITM. So to construct a secure link you usually exchange public keys the most secure way you can (physically between people) then you use those under a Diffie-Hellman exchange to initiate and maintain a secure link.
Now if the attacker can't MITM because of this secure prior exchange of public keys (which are in fact to be considered like a vital shared secret exchange, even if they're public keys) there is still traffic analysis.
Traffic analysis is extensively used by militaries (I know of it well since I worked for two years in the army on a field covered by what we french call the "chiffre") so to counter-it you have to continously emit enciphered content. This has two uses: first it counters traffic analysis, then it can be used to detect injection of data in the cipher line.
So my point of view over the use of GnuPG or PGP on email is those tools are not to be used to mainly protect content, but to counter attackers from determining *when* an email exchanged is important, and when it is not. This seems much more vital to me than the first thought encryption of content. If you are to use PGP or GnuPG, you must encipher everything and not only "contents when they are sensitive" since they offer an easy traffic analysis, and can be collected for a future private key compromission of theft. Once every exchanged is under encryption, attackers can no longer know when an exchange contains sensitive information or not (while traffic analysis can still be used - think of chain of commands).
But I feel like most people that use those means of encryption use them only when there is "sensitive content" and they don't use them most of the time. I have trouble to explain them that encryption is useful if it is used *all the time, each time* once keys have been exchanged, and that this is much more important in fact than the protection of content itself to some way.
There are types of traffic analysis that encryption doesn't and really can't prevent. For example if Osama Bin Laden has a known email address and he and I conversed via encryption it could still be observed that I was communicating with him. In that particular case, communication alone would be enough to draw suspicion and more in depth analysis. In that case encryption may also act as a flag to draw even more suspicion, assuming your protecting your privacy from a well funded nation state that can actually break RSA or El Gamal with a medium sized key then in that case the use of encryption may actually reduce your privacy. If enough of us used encryption then we could develope a secure anonymous protocol that would also prevent that type of traffic analysis, onion routers and mix master remailers can, in theory, do it but it really only works if enough people play along with you. It's not to hard to learn a secret or learn who is communicating with who in a "crowd" of two people. First step is to get people to take it seriouslyMy fiance and I email each other all of the time. Before we started using GPG people might be able to read our little arguments, the stupid things we say to each other that only we think is funny and such but "they" never said anything about it. Since we started using it she has been called in twice to explain what the encrypted email was. Nothing bad has happened but the fact that the censor software couldn't read it triggered more attention. The second time was because we had be resonding to the same thread so much that the encrypted size exceeded some threshold (16 or 32K maybe) and she had to explain her self again; they thought she may have been sending documents. Now we both work at places that are sane enough that they didn't need to see anything, the business would have been well within their rights to force one of us to decrypt the messages for them or fire one of us. It was almost a perfect case of encryption actually decreasing your privacy.
I personally maintain my keyring regularly, I always check sigs when I can (particularly on bugtraq and other mailing lists) and I have a list of about a dozen people I regularly email with that use encryption. It has taken over a decade to get to that point; since the PGP 1.0 beta period when Phil uploaded it to the MicroManiac in Boulder Colorado...
Now I've said this about a hundred times in several forums. Mozilla has Enigmail which works wonderfully. Evolution supports PGP and GPG. Kmail does. Pine does. There are plugins for Eudora and Outlook. At the very least you can start signing your email, all the time. If you accept PGP/GPG email, say so. Sign your source code also, I've first hand seen a trojaned copy of code.
As a side effect, if everybody starts encrypting email and the web of trust really starts to kick in, the problem of spam can be solved simply by requiring keys with a certain level of trust and by using signing authorities.
Let us also not forget that encryption and signing, specifically with regard to email, is not just used to protect the contents of the envelope, but also to validate the contents of the envelope as unmodified in-transit, and coming from the intended sender, also unmodified.I use gpg on most of my email now, if it goes outbound to lists or to places where I need to be sure that my name is associated with that post, or when my mail may traverse a system I do not trust implicitly. For system-to-system communication, it's all vpn, ssh, and stunnel, including between machines on my own LAN and PAN.
There are many reasons to use encryption, and securing the contents of the encrypted blob is only one of those reasons.
But I hardly ever for encryption. The main reason for this is that encryption requires the person on the other end to have software capable of decrypting it. Signing does not require software on the other end capable of deciphering signatures before the other person can read it, unless they have a really broken mailer.
At any place I work, the vast majority of my traffic out of their network is encrypted. It ALWAYS will be, and if they don't like it, I will find someplace else to work. If they can't decide whether or not I should work there on the basis of the work I do, then they're a bunch of incompetents and their company is likely to fail sometime soon anyway.
Anyone know any good way to turn the Enigmail xpi into a .deb? I assume that using alien on the rpm won't work due to differences in things like where the mozilla registry files live. And my searches for "xpi deb" and "enigmail deb" only show other people (including enigmail's author) asking essentially the same thing...I know you can install it by running mozilla as root, but I'll be danged if I'll do something THAT insecure in order to install software for enhancing my security!
Stuart.
Omnifarious: it's possible you might face the situation where an employer or potential employer has a company-wide policy requiring they can read your correspondence for reasons of legal paranoia at the executive level, even though your immediate colleagues might be the best and most clued people in the world. And legal cautiousness is not much of an indicator of whether the company will "fail sometime soon"...
I made myself fairly unpopular when I was using GPG with Evolution. As I understand it, Evolution doesn't support inline keys/encrypting, only the newer MIME method, which doesn't work well with various other email clients, both open source and proprietary. Most vocally, Outlook and Outlook Express users reported various problems with reading my emails when they were just signed, let alone encrypted.Evolution also failed to show the signature on signed+encrypted messages that I received, and would give 'bad signature' errors for people who had keys covering multiple email addresses. I eventually stopped using it, returning reluctantly to plain text for all my email.
Denny: Is using Evolution more important to you than signing and/or encrypting your messages? Why not switch to another client? Nelson mentioned several besides Evolution (but forgot mutt!).
Crypto gives us various tools:Key Exchange protocols: Like Diffie-Hellman, IKE (from IPSec) etc. These protocols can be secured against MITM (man in the middle) by either using certificates (see ANSI X.509), or Identity based encryption schemes (but those assume complete trust in some center).
MACs: Message Authentication Codes, they can be used to insure no packets have been thrown nor injected into a session. AES-CBC-MAC should be sufficient for most of you paranoids out there (and if they are after you, you are not paranoid).
Symetric Key Encryption:Once we two have a secret key, we use a fast encryption algorihtm, based on that key. The current standrad is AES, even though NESSIE and some other projects (like cryptrec) suggest some other secure secret key algorithms.
Asymetric Key Encryption: When we only know the public key of some user. Those algorithms can be used as parts of key exchange algorithms (but be careful how to use them).
Digital Signatures: Usually they take the message, hash it to a constant length value, warp it up by various techniques (see for example RSA-PSS) and then use a public key to sign the message. There are signature methods which contains also encryption of the message (or embedding) and you need to verify the signature before being able to read the message.
Evolution is so nice in many ways that I continue using evolution and submit bug reports on bad behavior.
If some mailer has problems with PGP/MIME, that's their problem. It's in the standard. Any mailer that had a MIME implementation worth anything at all in the first place should handle it just fine. It's also a lot cleaner and more accurate than the embedded signature method.
When people tell me their mailer is having a problem, I will make an accomodation for them (unless they're on a mailing list), but I'll also point them at a link to the RFC and tell them their mail software is buggy, and they should file a bug report.
dlc: Evolution and mutt aren't comparable pieces of software - one is command-line and one is GUI. I use Evolution because it means I can deal with the bulk of email I get in any given day noticeably faster than I could in PINE, which I used before. In the process of selecting Evolution I tried various email clients and it was the only one that I found more or less transparent to use.What I really wanted was something similar to Pegasus Mail for Linux. They've been saying for years now that they're not going to do it themselves, which seems a shame.
Omnifarious: I looked at the RFC for PGP when someone complained about my use of MIME signatures. It says mail clients should always support the inline method, plus optionally supporting the MIME method. The MIME method is recognised as being better, but the inline method is the 'lowest common denominator'.
I still think it's incredibly lame that some email clients *cough*outlook*cough* respond to the presence of a GPG signature by showing the message body as a text file attachment (remembering that IT departments have spent the last three years trying to train end-users not to open attachments).
If you look around online, you'll see that the MIME-only 'bug' has been reported to the Evolution team, in fact debated with some heat on their mailing lists, and they seem uninterested in doing anything about it. Personally I think the bug of not displaying signatures on encrypted messages is more serious, as it offers the potential for someone to forge an encrypted message. The bug of not recognising multi-address keys is highly annoying too. The MIME problem is one of those things that leaves me split between knowing the Evolution team is in the wrong, but also knowing that they've chosen the better of the two options. It's just not the one they're supposed to choose, if they're only willing to implement one method. *shrug*
FOAF updates: Trust rankings are now exported, making the data available to other users and websites. An external FOAF URI has been added, allowing users to link to an additional FOAF file.
Keep up with the latest Advogato features by reading the Advogato status blog.
If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!
del.icio.us
Digg
Google bookmark
reddit
Simpy
StumbleUpon
Furl
Newsvine
Technorati
Tailrank