E-mail crypto is as usable as it ever was, say boffins The main reason the world is able to read and enjoy the contents of Hillary Clinton's emails is that crypto tools aren't any better than back when Phil Zimmerman created PGP, the crypto system even he can't use. That's the conclusion of this study into e-mail crypto usability, a follow-up to a study which reached the same …
Particular with regard to detached-signatures.
Trying to register Electronics Workbench years ago.
They call their license key a "signature" (their choice of terminology). Despite me providing the said "signature" in the body of the email, and being as blunt about it as possible, they still insisted on trying to open the 'signature.asc' file then complaining it was corrupt.
they leak so much metadata in their multiple layers of headers that it's almost irrelevant whether the content is fully encrypted or not, and using which technique?
eMail should be replaced by BTC block-chain techniques that ensure multiple addressees *other* than the final intended one should receive the crypted msgs. plausibly deniable metadata. privacy reasons.
Only terribly inefficient. See freenet. Also, have you seen the size of the Bitcoin blockchain lately? It'd be like having to carry around a ledger the size of the Encyclopaedia Britannica everyday...
As for the metadata, what's to stop the plods from checking and winnowing out the fake destinations and finding other ways to remove your plausible deniability (just as they can defeat deniable encryption by simply not stopping the rubber hosing until they get what they want or you're unconscious)?
This post has been deleted by its author
You can get keys with the magic command 'gpg --keyserver wwwkeys.uk.pgp.net --recv-keys KEY_ID'. Unfortunately, to work this out for yourself, you have to read the manual. You can get mutt to retrieve the correct key for a particular encrypted email by adding the following to '~/.muttrc':
set pgp_getkeys_command="/usr/bin/gpg --no-verbose --batch --quiet --recv-keys %r"
and by adding something like 'keyserver wwwkeys.uk.pgp.net' to '~/.gnupg/gpg.conf'.
There are similar settings for encrypting, decrypting, signing and verifying, each at the press of a button (plus typing in a proper password for decrypting and signing). Other mail user agents may or may not be as easy to configure :-)
The obvious way to get the right key is to meet in person and exchange keys - or at least key finger prints. The less obvious way is to read and understand how the chain of trust works.
Communicating private messages requires reading and thinking, so it is way too much effort for the average netizen. Dumbing it down just means people will think a picture of a key on a web page means it is safe to type in their bank details.
I see none of the 3 people who have downvoted me so far wish to give an explanation as to what is wrong with my statement.
This worries me.
Look at the original comment, look at the domain that is listed. Now get a MITM attacker to divert requests to that domain so they go elsewhere. See for example the replies here:-
http://security.stackexchange.com/questions/4161/shouldnt-gpg-key-fetching-use-a-secure-connection
You've just shown why PGP is unusable for the average people - especially since most of them don't use Linux. And meeting people in person was something feasible when the Internet was much, much smaller - the chain of trust as well.
That is the very flaw of PGP (not the algorithm, the infrastrcture) - it was designed for a much smaller Internet,and computer savvy people. It can't really work today without big changes.
When it started, everything was designed for the computer literate citizens.
Over time though, people made it easier to get access and use it - and companies who facilitated this made out like bandits.
Security hasn't progressed. Why? Well because there simply isn't the demand for it.
Issue isn't that people can't use PGP keys - it's people don't know they want to use them. If there was a clamour for security tools, somebody would be selling them. My guess is that they'd be bundled in with your "internet security suite" you bought for silly money, from PC World.
"You can get keys with the magic command 'gpg --keyserver wwwkeys.uk.pgp.net --recv-keys KEY_ID'. Unfortunately, to work this out for yourself, you have to read the manual. You can get mutt to retrieve the correct key for a particular encrypted email by adding the following to '~/.muttrc':"
But sadly the key will be absolutely useless for general security because:
1. It does not validate who you actually are.
2. There is no way of remote acquaintances you want to communicate with or who want to communicate to obtain a key they can be assured actually belongs you.
3. Plus all the stuff about general internet insecurity (DNS hijacking, man-in-the-middle, etc.).
4. Plus the fact that as far as governments go, all encryption is breakable encryption.
5. The people who think they know so much about encryption know so little about communications they don't realize that 100% knowing who you are communicating with is the person you think they are (not necessarily their legal name, but the correct person) is absolutely vital.
@Flocke Kroes - ye gods, if that's the way of it, then it IS effectively unusable, for most people. There needs to be a UI for all that! I'm in the 'just because I CAN use the command line and am not frightened of it doesn;t mean I want to' category - and, I'd add, being able to encrypt ones emails seems to me something that one shouldn't HAVE to use a command line for.
Reading and thinking is not the problem - you're forgetting that people generally use computers to make life more fun/convenient, not to gain an education in the inner workings of software. Making things unecessarily obscure simply means they won't use the thing in question (in this case, secure email) at all. Given that there;s plenty of other pieces of software that offer a UI walk-through to make things easy (eg; Linux Mint installer, for an obvious one), I don't see why PGP whould be any different.
"The obvious way to get the right key is to meet in person and exchange keys - or at least key finger prints. The less obvious way is to read and understand how the chain of trust works."
And then you run into the First Contact Problem. How does Alice know Bob is really Bob and not Mallory if Alice has never met Bob before? And if she tries to use a third party, how can she know Trent is really Trent?
I'd have thought that the only truly safe way to get someone's public key would be to meet them in person or go to a key party.
NO! Not that kind of key party! This kind of party!
Basically, the only way to be sure is to meet the person, face-to-face and exchange key fingerprints.
I did experiment with encoding a GPG key as QR codes to put them on a business card, but couldn't reliably scan them back. A 4096-bit RSA key on paper is huge. ECC is smaller, but still too big.
This post has been deleted by its author
I use it at work, with Symantec Encryption Desktop (formerly known as PGP), and it's already not so easy to communicate externally (even via the integrated PGP webmail), but at least the system takes care of key renewal and distribution somewhat automatically, and has a master key.
But for regular people? Even not considering interaction with others, let's think of the practicality:
what do you tell them when they lose their key? Forget their passphrase? «Oh, sorry, every email you've received or sent for a couple year - you can't read them anymore»?
Yes, they should make backups, of course, everybody should, I know that song. But we're talking about real people here, with a life. Making regular backups is already not easy at home. Making a proper backup of a PGP key, even less so.
This post has been deleted by its author
OK, but even if I served the key over https, you'd still be back the old, "do you trust the CA?", argument.
Yes. I wasn't addressing that point.
At least with my key, you know it's the same, 'me', you are communicating with each time
No, you don't. http is trivially intercepted, so even if I were *sure* that the website is yours, Mallory could be spoofing the signature. Over http, it really isn't very difficult.
Vic.
This post has been deleted by its author
"There are loads of decent mail clients with PGP and GPG support built right in. It's not really that hard."
No, it really is that hard. Just because YOU can do it, doesn't mean EVERYONE can do it. Built-in support is only one tiny aspect of getting it to work. Most people I know continue to choose outlook, and since I don't have to support it, I don't. Bottom line is they go without - they don't even try to google it, or ask anyone else.
So, it really IS that hard.
Ha!
I use thunderbird. I installed the extensions etc. Now, I've in the past set up secure VPN server on Win2K and also on Linux, generated keys and setup clients. Did it on port 80 so it would work almost anywhere.
a) I gave up on getting a key generated for PGP
b) No-one I exchange email with is going to even try.
It's really too hard. I've been setting up SW, since 1980.
Setting up servers & OS since 1986
UNIX since 1986, Linux since 1999
It's stupidly hard. People complain about how hard it is to setup decent WiFi Security with a good password etc. This is very much harder.
It's stupidly hard.
It isn't hard. It's uninteresting.
I set up encryption on my webmail server some years ago. I wrote a tutorial for all my users, and mailed it to everyone. I got the return receipts to say that they'd read it.
No-one used it.
It's not that they didn't understand - they had a click-by-click tutorial, with me to fall back on if it wasn't clear. They just didn't care enough to do anything about it.
And that's where we are now - the vast majority of email users just don't care about encryption, even after the Snowden revelations. Perhaps they'll care a bit more after they've seen the new Bond film[1].
Vic.
[1] They won't. But I can dream, can't I?
ProtonMail is great, (although some messages were too encrypted for my Raspberry Pi2 to always decrypt in the client)
It has the problem that ProtonMail only encrypts from their Mail server to your client, so unless both sides in the correspondence have joined the queue for an account, (https://protonmail.com/invite), then all your details are spilled as the mail is sent in plaintext outside of Proton.
A better system is to use S/MIME certificates and acquire peer - to - peer trust
A better system is to use S/MIME certificates and acquire peer - to - peer trust with your friends, acquaintances.
S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of MIME data
you generate & install (annually) a certificate to guarantee that this is YOU, this signs all your mails, giving integrity; when you correspond to friends who similarly have dropped an S/MIME cert onto their email client, then your encryption can kick-in, and you have direct P2P protection, without bothering about sharing your keys with the whole world.
it is actually foolproof!
the complicated step used to be that you had to buy an S/MIME cert. Now Comodo give a single free one per email address:
https://secure.instantssl.com/products/frontpage?area=SecureEmailCertificate
the above page generates covert public & private keys in your (desktop PC) browser, you have to click a verify link in your email, then the browser will generate the key.cert (from the covert key pair) that you drop onto your email client. Your Mail client will save teh private key, and ship the public key to *anyone* that you normally mail.
If they acquire their free Comodo cert - then you can start exchanging mostly# private messages. [# I imagine there will be state-level backdoors, but it will keep all your data away from criminals, Google even!]
I did manage to get S/MIME working reliably for Gmail accounts using seamail type clients on the Raspberry Pi2 hardware. Google was most annoyed about the encrypted messages, refusing to allow access due to "insecurity of your client" - until I had ticked lots of boxes in the Gmail setup to "allow insecure clients" e.g. on Linux MINT or Raspbian.
It takes about an hour, and it works.
This message is signed by COMODO SHA-256 Client Authentication and Secure Email CA, Org: COMODO CA Limited, Salford, Greater Manchester, GB. email address: anonymous.coward@gmail.com. expires. Saturday 5th Nev 2016 at 01:59:59 CET This certificate is valid.
If Comodo doesn't vet your email address (and you - a "veriy link" is quite useless to achieve it), the certificate is almost useless. It can provide encryption, but it can't provide authentication. You can be protected from casual snooping, but you can't be sure you're communicating with the "right" endpoint.
Once you have you public/private pair, how do you share the public key in a sensible way? Attach it to messages? Useless - anybody can attach whatever he or she likes. It's the same problem you have with PGP - different technology, same problem. All the email encryption schemes need a way to properly exchange (or find) keys, and trust them in any moment.
In Italy PEC (Posta Elettronica Certificata - Certified Electronic Mail) offers something alike (it does use S/MIME for easy interop), but it heavily relies on "certified third parties" to emit certificates and managed them (and mail servers as well, but it also provides non-repudiation and receive/read timestamps) - of course the system is secure as much as the certified partners - and being the certification a government matter, guess what?
It has the problem that ProtonMail only encrypts from their Mail server to your client, so unless both sides in the correspondence have joined the queue for an account, (https://protonmail.com/invite), then all your details are spilled as the mail is sent in plaintext outside of Proton.
Well, quite. The idea is to get them used to having some kind of privacy without needing a computer science degree to get started. ProtonMail seem to be activating new accounts after a couple of days.
A better system is to use S/MIME certificates and acquire peer - to - peer trust
Once they have acquired the privacy habit then a more flexible path will be taken. Education has to happen in steps.
Protonmail is secure to the likes of Google. However the key to decrypt the inbox is stored on their servers. You may have to use a password to enable it but if the servers are compromised they can grab that easily. You think that the servers aren't of interest to the NSA? Do you think that the physicists from CERN know enough about operational security to keep out the NSA? That is in addition to the fact that the session is enabled in a web browser.Security in a web browser is like open heart surgery in an abattoir.
If you want to be secure get a free s/mime certificate from comodo - it's more practical.
...but if the people using it to send or receive messages do not understand the reasons why it has been designed in the way that is has been designed then there is really no point in using it.
It is a bit like a food manufacturer putting up notices in the lavatories for people to "now wash your hands" and for said people to then exit said lavatories and to then change from their muddy boots into the footwear they will use in the production area.
The 'Powers That Be' like crypto being unusable by laypeople.
The unfortunate thing is that no person, no corporation and no organization from the regular world (non-government) has had the required combination of courage, brains, financial independence, and a 'blackmail proof personal life' to be able to alter the situation.
Include Google (and many other corporations) in the "Powers That Be" - how can it read all of your email to provide you with "tailored adds and services" if it can't read your mails? There is still someone who believes GMail exist to provide a free email service for the masses, and not to collect and analyze that useful source of people data?
I'm not all that convinced Google gives a crap about encrypted personal communication - they want to know what they should be advertising to you, and in my experience not all that much of that sort of thing gets talked about in private mail. Do you really boast all that often to your mates "this new Konica-Minolta XYZ-123 is awesome, all my Bahamas photos came out great!"..? Because even if you did that (encrypted), that's not the mail Google is interested in - it rather cares about the Amazon receipt confirming purchase of one XYZ-123 and that other proof of purchase for two flight tickets to Bahamas and back - both of which would be by definition unencrypted...
Why "both of which would be by definition unencrypted"? I'd expect my receipts with all those data and tickets data to be encrypted as well - and especially them.
And are you sure you don't discuss via email a travel to Bahamas, maybe contacting a hotels or travel agencies? Don't you send photos (or links to them) via email with all those interesting data in EXIF information - and the image themselves can today be processed to extract information from them.
Google does care a lot about *your* lack of encryption... believe me.
When will usable crypto be available to all, it's a proper disgrace. The only people you can securely communicate with now are other techno-cogniscenti; You all know full well that none-IT people cannot use crypto reliably. That's what the trial shows. I tried using encryption once, it didn't work out well, no one was interested. It seemed like too much effort to most, the rest didn't understand why
That will happen when MS create a "new" patented standard built into Windows/Outlook so "everybody" can easily encrypt/decrypt with a single click. Of course, it won't be interoperable with any other client, but since simply everyone use Windows 10 these, where's the problem? Key storage will be secure at https://mskey.nsa.gov for extra peace of mind.
"When will usable crypto be available to all, it's a proper disgrace."
Sadly, it's the foibles of humanity as a whole. Otherwise, you wouldn't hear stories of gang violence, teenage pregnancy, and other tragedies you read in the newspapers/news sites every single day. Quite simply, too many people simply don't care, and as a result, they're gonna take the rest of us with them.
Never.
You all are like a bunch of illiterates crying about how learning to read is too hard, and when are they going to start giving us picture books so we won't even have to try anymore. But just as you can't convey all the information in War and Peace, or the Bible or in some textbook solely in pictures, you can't dumb down crypto into a couple of button clicks. Crypto isn't complicated because "THEY" don't want you to use it, any more than Quantum Mechanics is hard because some mysterious cabal wants to keep a tight rein on the secrets of the universe.
These things are hard simply because they are in fact hard. Popular shows about science regularly try to dumb down QM into little cartoons and skits to try to get across the ideas involved, and we viewers all claim that we get it now, and pat ourselves on the backs for our great achievement in learning, and do you know how many of us go on to apply our understanding in the real world, or make some sort of discovery, or even learn a tiny bit more about it on our own? I would hazard a guess that it's a number so infinitely tiny you may as well just round it down to nil and understand that dumbed down alternatives are no fit replacement for the real thing.
If you want the benefits that come with literacy, you are going to have to learn to read, rather than pray for better picture books. If you want to become an actual scientist you will have to study the actual sciences, as you could watch every popular science show that ever existed, and at the end find yourself no closer to actually being able to perform the tasks the job requires of you. And if you want to if you want to communicate privately, you're going to have to learn how to click some buttons in a certain order, or how to type some words into a command line, or, and god help me here... that dummy a couple posts up talking about how hard it is to 'do a proper backup of a PGP key'. It's a file. A PGP key is just a file, like any other on your computer. Copy and paste it to a USB stick or burn it on a CD and hide it somewhere in your house. And you other fools coming up with nightmare scenarios about, "How can I get your key and know that it's actually from you? What if we're living in The Matrix or something and there's no way for me to bla bla bla..." Get over this idea you have that NSA/GCHQ surveillance involves some guy actively watching you 24/7 and pre-emptively hacking every site you go to in real time. Even Snowden wasn't worried about this nonsense you all are navel gazing about, and he actually would have had reason to do so. Modern day equivalent of arguing about angels dancing on the head of a pin...
Wow 514 words, with 2661 characters in total. All your answers (ironically) were a form of obfuscation, which seems to be the goal of encryption. Fortunately over the many years that I've lived, when someone shouts complexity, or 'it's all way too hard' it usually means they are trying to cover the nacked vulnerability of their own ignorance with a small fig leaf of an argument.
Have a beer, and chill
Every year, my financial advisor asks me to send them a list of my accounts (bank, ISAs, shares, etc) that they do not control directly, with the balances. Every year I ask them if they can handle PGP encrypted mail yet. Every year they say "What?". So, I print the spreadsheet, put the sheet of paper in an envelope, stick the flap down and post it.
It is long past time that the Financial Services Authority imposed a rule that all IFAs must be able to handle encrypted mail and must use it. If that rule existed then there would very soon be a lot of suppliers making packages for the IFAs and for their customers. Quite quickly they would become easy to use, and use would spread out from there.
Of course, the packages would not provide military level security and key management: they would be designed to provide commercial level security. But it would be a good step forward to normalise use of encrypted mail for commercial communications (order confirmations from Amazon, for example). I am sure Google would generate a key for every Gmail account and run their own keyserver to make those available, for example.
Then the geeks (like us El Reg readers) could choose to use much-harder-to-use almost-military-grade software BUT STILL BE ABLE TO COMMUNICATE WITH THEIR LESS SECURITY-CONCERNED FRIENDS!
Actually, that what Italy did with PEC - which became mandatory for any business last year - but you have to rely on third party supplier (and pay them, although prices for the basic service are pretty low, a few euro per year), and the system is not widespread yet because it has some shortcomings, and also because people doesn't like to pay nor like any little complication.
Moreover such a system works in Italy only.
At present encryption is an added extra to email. It needs to be built in to the protocol and hence into every application involved.
Until that's the case it will always be a minority sport. You can set up your PGP-equipped client and your key-server but how do you get your bank, your insurer and your aunt Mabel to make any use of them when 99.99% of their other correspondents (100% in case of aunt Mabel) have not only no interest but no knowledge?
At the very least we need extensions to SMTP to make it near invisible:
1. Your mail server is also where you hang out your public key.
2. Your server & client nag you until you click the button to generate a key & put it out there.
3. If your correspondent has published a key your client automatically uses it to encrypt outbound mail.
4. If you have generated your own key your client automatically uses it to sign outbound mail.
5. Your client automatically uses the key(s) as appropriate to decrypt and/or check signatures.
As an interim step new versions of S/W would have the features but tolerate their interlocutors not having them or their users not having published keys but the next generation would refuse to deal with unencrypted mail.
Yes, I know it's not as good as privately exchanged keys but it ensures that the infrastructure is there for those who want to go the extra mile. And no it doesn't do much for anybody who just wants to use webmail unless the decryption is built into the browser rather than the webmail server - but then they're not exactly bothered by security anyway. Actually that second point might not be as bad as it seems if the existence of routinely secure mail by other means were to prompt the webmail users to think again.
Or maybe you have a better method of moving to universal encryption in mind.
so for the standard user in the real world that would be some kind of .exe file you want them to download, run with administrative privileges (assuming they don't do everything as "admin" already because its easier and they/re not IT security aware) possibly from some spoofed address pretending to be their bank/utility/ISP etc.
Alas the road to hell is paved with good intentions.
I get to the latest comment in the list and find you have beaten me to this suggestion.
Yes, encrypted zip and the password sent by snail mail.I have seen the US Department of Defense ask for contract bids to be submitted in that fashion, so that the bid is confidential until after the deadline for sending it in.
Surely this is the biggest challenge of all facing IT, namely convincing the average (none tech savvy) jo public that it's in their best interest to encrypt sensitive email. Then to provide them with usable tools, such that they can use encryption easily, reliably, and in a verifiably secure manner. Of course governments don't really want that to happen at all, otherwise I suspect it would have happened already. The current state of play vis-a-vis encryption is a shameful mess, I bet it's no problem for Gov/Military/GCHQ/NSA to send encrypted communiques.
....automatic Mailvelope invites for new recipients....
Or, as I like to call it, an open invitation to all and sundry to spamcast fake Mailvelope invites[1] with moody links in.
(See Mozilla's famous "upgrade flash here now" popup and the subsequent mass pwnage of FF users via a fake "upgrade flash here now" popup for a classic example of this particular stupidity in action).
[1] Goes through spam filters, users trust it, what's not to like?
Heck what gives. If anybody really wants encryption they can have it with any email client.
There's a tiny price:
1) Understand what you're doing, and get ready.
2) When sending and receiving hand en/decrypt the messages.
No need for magic that you don't understand, just do it. (A GUI has inherent security risks.)
True the world seems largely populated by people who don't care. So be it. Those who do care can do it today, with those similarly inclined.
A lot of businesses need to get with the program and just get it working, else the world+dog may be reading their messages. Sheesh.
"A lot of businesses need to get with the program and just get it working, else the world+dog may be reading their messages. Sheesh."
The problem is that the ones who DON'T get it will end up taking US with them. Like your neighbor who happens to tag a picture that happens to contain you in it. Suddenly, BLAM! demographics with increasing facial scanning accuracy start to tag you without your knowledge. Or the Facebook walls that mention you even if you never visit Facebook.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
