[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: comments on PGP *5*


On Tue, 15 Sep 1998, Joseph Carter wrote:

>Hint:  NEVER EVER accept binary-only encryption.

    Heh, yep.  I'm actually sufficiently paranoid that when I packaged
my own compiles of PGP into /usr/local, I gave the packages sufficiently
high version numbers that nothing would attempt to replace them :)

>> combination, would you?  The safe is provided for company use only.  If
>> you want your own safe, nobody's stopping you from going out to Wal-Mart
>> and buying one, and then you don't have to share the combination with
>> anyone.  This is exactly what the situation is with PGP.
>...by circumventing the purpose, that only someone with private key and pass
>phrase can decrypt mail.  The proper way of allowing this would be to give a

    This is irritating.  Take a look at how it works again.  Only
someone with the private key and pass phrase can decrypt mail.  In the
case of ARR, only someone with the private key matching the public key
of the original intended recipient, or the private key matching the ARR
public key can decrypt the mail.  This is the correct way of handling
this.  My objection is that there are no warnings plastered over such
transmissions, and that since most companies are well aware that
individuals send and receive personal information (and wisely allow it
for morale reasons), that failing to warn employees that messages they
encrypt can be read by the company is a form of deception. 
    As a side note to this, you should never use PGP for authentication
from a computer within a highly secured area.  Encrypt without signing.
Some of those systems have keystroke grabbers recording everything.

>copy of the private key to your boss, extracting it in plain form directly
>to floppy (you DO NOT EVER put an unencrypted key on your hard drive unless
>you are EXTREMELY stupid)  Your boss then encrypts the key with his or the
>company's pass phrase---which should be kept locked in a secure but offsite

   No!  This is the wrong way of doing things!  First off, to be
useful, you'd have to store the passphrase to said key at the same
time.  Without that, you still can't read mail to the employee.
Second, you'd have to make sure that the employee always encrypted not 
only to the intended recipient, but to himself.  This is just about
the same as using an ARR, except that you're now double-using a key.  In
the case of a breach, not only can the attacker now read all company
mail, but he can now spoof a signed message from any such stored keys.
This includes your boss!  

>Congratulations, your boss or his successors may read email sent to your
>corporate key without compromise to the security of PGP or even to your pass
>phrase.  You DID wipe or outright destroy that floppy didn't you?  Probably

    If the key is compromised, you can pretty well guess that the
passphrase was also compromised, since the company would need access to
both the key and passphrase for this to be useful.

>an extended stay on a bulk eraser would eliminate any useful magnetic
>traces, even if you're paranoid.  And the process can be automated with a

    My understanding is that this is not correct.  The reason for the
large number of random overwrites in a secure wipe is precisely because
this is not correct.  Even a powerful bulk eraser will leave traces.

>batch file (or even a compiled batch file) to make sure nobody screws it up. 
>And YES, you can have batch files in windoze!  I used them all the time,

    No!  This is again the wrong solution.  Windows may arbitrarily
leave data stored in the swapfile, including a copy of the key itself in
a worst-case type scenario.  Do not use Windows for any kind of
important encryption.

>Oh wait.  There's no way a pointy hair would understand all of that.

    Considering that even the computer-adept get confused on these
issues, that's one thing I can agree with.

    Secure message recovery is not as simple as it looks, but give the
PGP folks some credit.  They did make a reasonable attempt to think it

 Zed Pobre <zed@va.debian.org> | PGP key on servers, fingerprint on finger

Version: 5.0
Charset: noconv


Reply to: