Open in app

Sign in

Write

Sign in

PGP (In)Security

A tale of loopholes in PGP!

SecurityGOAT
5 min readJul 18, 2021

Introduction

Back in the late 1980s a few visionaries realized that this new ‘e-mail’ thing was awfully convenient and would likely be the future — but that Internet mail protocols made virtually no effort to protect the content of transmitted messages. In those days email transited the Internet in cleartext, often coming to rest in poorly-secured mailspools.

This inspired folks like Phil Zimmermann to create tools to deal with the problem. Zimmermann’s PGP was a revolution. It gave users access to efficient public-key cryptography and fast symmetric ciphers in package you could install on a standard PC. Even better, PGP was compatible with legacy email systems: it would convert your ciphertext into a convenient ASCII armored format that could be easily pasted into the sophisticated email clients of the day — things like “mail”, “pine” or “the Compuserve e-mail client”.

Reference: https://blog.cryptographyengineering.com/2014/08/13/whats-matter-with-pgp/

In this post, I am listing out some points on PGP’s complexity and how insecure and hard to use it can be!

By Belinda Fewings on Unspash

Let’s start with the problems:

Complexity

Setting up PGP can be a pain for non-technical (and some technical) users! You might have to download an email client like Thunderbird and generate PGP keys and install plugins like Enigmail. All manual stuff which is to be done and that adds resistance! And since you are presented with the choice of generating keys yourself, it can be quite easy to choose keys with insecure defaults — like RSA keys with less bytes for example! Although, the options provided for RSA keys in Thunderbird are quite reasonable (3072 or 4096 bits keys), but not all clients might offer good options! And that’s why when it comes in user’s hands to choose their security, its too easy to get things wrong and shoot yourself in the foot!

Large Keys!

PGP keys aren’t designed to be human-friendly. They are large keys and come with a fingerprint to verify if the correct key has been pulled from the keyserver.

In order to fetch the keys from keyserver, one can provide the key fingerprint and pull it from the keyserver. But in the past, there had been issues where GnuPG 2.0.18, the client won’t actually bother to check the fingerprint of the received key. A malicious server (or HTTP attacker) can ship you back the wrong key and you’ll get no warning. This is fixed in the very latest versions of GPG but the point is that if we need a lot of machinery to pull off those huge keys and still get wrong, then this is worrisome right! Why not instead share it via twitter? Modern EC keys are compact so why not use those, instead of huge RSA keys, provided that EC keys provide stronger encryption with very short keys compared to RSA!

Key Management Sucks!!

  1. If you have to remove a key from the keyserver, its quite difficult! You can revoke the key but it still stays around on the keyserver (marked as revoked).
  2. Your public key contains your name and email information embedded in it. So there’s some room for spam there…
  3. Plus if there’s an email which you intend to keep secret, then you must NOT upload your keys on the keyserver.
  4. There’s this concept called “Web of Trust”, where if someone trusts your keys, then their metadata is also contained within your key, to indicate that they trust you. But then it exposes others about me being in touch with the trustee, which might not something that a person who is conducting a secret operation might ever want!
  5. If the keys are not uploaded to the keyserver, then thee key management is all manual — you upload your public key on your website or some public forum where you want to share it with only selected parties.

No Perfect Forward Secrecy

PGP doesn’t has Perfect Forward Secrecy, since it essentially uses the same key for every message you send to a person!

Terrible mail client implementations

Well, the PGP key management softwares require you to enter the passphrase every time you want to decrypt your emails! And that means you get bugged every single time you want to read an encrypted email. Plus you risk the passphrase being in the memory even for a non-secret encrypted email!

Plus, PGP clients makes it quite easy to send emails with encryption turned-off, send unencrypted emails with encryption turned-on and selecting wrong key to encrypt the email!

Since PGP was designed to be compatible with non-encrypted emails, that thing bites us back now!

Old Protocol in new Era

PGP was realized in early 90’s and there’s no way one could have perceived all the issues we would be facing in 2021! The internet has changed quite a lot in last 2 decades and the threat model has completely changed! What worked fine back then might not be relevant for today’s needs. For instance the encryption scheme considered secure back then are no more secure now — we have more computing power and less number of bits just won’t do the needful today! So I believe that things have to change and there are better alternatives to the problems PGP used to solve. So why not try those out :)

I have linked an article which highlights the “Modern Alternatives to PGP”.

Swiss Army Knife

PGP is a tool, a standard, a file format, … and tries to do a lot of things by itself — package signing, file encryption, email encryption, etc and thus it has its own problems there. If doesn’t focuses on doing one thing and doing it well but handling a myriad of problems, all with one standard!

Backward Compatibility

And on top of that this standard was conceived in 1990’s and in order to still support older implementations and client, it maintain backwards compatibility. So, that means it still has those old algorithms and standards lurking around and would likely stay in the future as well, in the name of backwards compatibility, as we all know either we can have backwards compatibility or sound cryptography, but not both!

References and Interesting Reads

What's the matter with PGP?

Last Thursday, Yahoo announced their plans to support end-to-end encryption using a fork of Google's end-to-end email…

blog.cryptographyengineering.com

I highly recommend you all to check this article — a bit longer but it does the job of explaining issues with PGP very well!

The PGP Problem

Cryptography engineers have been tearing their hair out over PGP's deficiencies for (literally) decades. When other…

latacora.micro.blog

Modern Alternatives to PGP

Did your last Yubikey just break? Perhaps you forgot an offline backup password. Maybe you're just tired of living like…

blog.gtank.cc

Closing Thoughts

So in this post, we saw how easy it is to mess up while using PGP! So make sure you check out the alternatives to PGP and consider using them!

Enjoyed this post? Let me know your thoughts in the comments below :)

Btw if you are enjoying my work and would like to support me, then please check out my Patreon page: https://www.patreon.com/SecurityGOAT

See ya!
Until next time, keep learning and happy hacking :)

Pgp
Crypto
Infosec
Cryptography
Pretty Good Privacy

--

--

SecurityGOAT
SecurityGOAT

Written by SecurityGOAT

364 Followers
0 Following

Wannabe Hacker! Teaching Infosec in my own insightful ways :) Twitter: twitter.com/_SecurityGOAT | Support: buymeacoffee.com/SecurityGOAT

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams