B3RN3D

Let your plans be dark and impenetrable as night, and when you move, fall like a thunderbolt.

Reasons to Let PGP Die #1: Metadata

PGP is a 90’s protocol that should have died along with SMTP. I’m tired of it and how we’re still trying very hard to use it. I’m going to start reminding us about the various reasons PGP should die.

Metadata

Lets cover metadata first. Things that are leaked outside of your normal message. We already know that metadata is easy to extract from a plaintext SMTP message, but its actually even easier from a PGP encrypted message.

Example

Here’s a interesting experiment. First run

echo “security” | gpg -ea -r cincinnatus@lavabit.com

You will get something like this:

-----BEGIN PGP MESSAGE-----

hQQMA0x0OAr3LYCzASAAqBaeXxmDctWPmgFCDWEVjxeiG6bCf8/Co5Y8ZOUt7vtb
...

Then on that file, do a

gpg –list-only

If you have the public key, you’ll see something like this which shows the message was encrypted to Edward Snowden’s old PGP key. gpg: encrypted with 8192-bit RSA key, ID F72D80B3, created 2012-09-02 “Cincinnatus (Tor) cincinnatus@lavabit.com

But look at this:

echo “security” | gpg -ea –hidden-recipient cincinnatus@lavabit.com

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1

hQQMAwAAAAAAAAAAAR/+O7sldU8CMp7xZE9aPaOoIgb3i7GumO0mGlkhCZ3JDLhB
...

Notice the A’s in the beginning. What you’ve done is 0’d out the key ID of the intended recipient.

What does this mean

If you are a normal PGP user, the first block in your message is a list of the keyids that it is encrypted to. If you were someone with the ability to intercept communications, you had better believe that PGP encrypted messages are going to be a high value find.

Those people that are using PGP to protect their communications and not using something like HTTPS or SMTPS will be subject to very simple graphing of who and when you are talking to other recipients.

Can it be fixed

You can use --hidden-recipient as a drop in replacement for the -r flag. Even better, Enigmail, the PGP plugin for Thunderbird, will automaticaly do this for you when you send messages to people via BCC.

You should note that when you use this switch, gpg has no idea how to decrypt incoming messages so it just tries every single one of your private keys.

Lets let PGP die.