B3RN3D

Let your plans be dark and impenetrable as night, and when you move, fall like a thunderbolt.

Reasons to Let PGP Die #3: Outdated Crypto

There are some crypto problems with PGP. And at first you might go “Yeah right, I use 4096bit RSA keys” but let me explain.

No Perfect Forward Secrecy

Forward secrecy is the idea even if you lose your encryption keys and the attacker is able to intercept the communications between you and another party, they still would be unable to see what you sent them. This is normally accomplished by using a long term key, to negotiate two short term, session keys. This is the basis of what Diffie-Hellman provides.

Sounds cool right? You want that right? If you use PGP, it’s not possible. The risk here is that when you generate your key, and your key is compromised, this is an ultimate loss. There’s nothing you can do to prevent an attacker from being able to decrypt something that was previously encrypted.

Let me give you an example of how bad this is. Let’s say that you realized you were undersurveillance and that you decided that you were going to encrypt your communications with PGP. You knew full well that the surveillance continued but without your private PGP key, there was nothing they could do. The people surveilling you would record every email you sent and just keep them. Flash forward 2 years when there is an Adobe Flash 0'day and someone uses it to compromise your GPG key. Upon compromise, they can use your keys to decrypt all of the old emails. Everything. There’s nothing you can do.

Crypto Weakness

When PGP first came out, they recommended using a 1024 RSA certificate to protect the messages. You should now know that 1024 is not considered strong by any means and should not be used. Look into the future and imagine what the cryptographic standards might be in 5 years, 10 years, or 20 years. You must assume there will be cryptographic advances to make it easier to crack RSA or even ECC certificates.

The problem is that if someone was watching your communications, storing them, and hoping to decrypt them later, this will eventually become easier. If they took your PGP encrypted messages you used in the 90’s, it’s likely they can easily crack them with enough power.

Even if you might say, “No big deal, I’ve revoked those certificates and I use a new one” the issue is all of your previous communications are done and you can’t re-encrypt them.

They just started adding support for ECC in the 2.1 branch of GPG but they are still far away from Quantum resistent algithm support. You should expect that your ultra secure software should invest time to at least be up-to-date in which cryptographic primitives it uses.

Fixes?

This is one of those ultimate killers. There’s no fix to flaws in cryptography in this case. You could somehow bolt-on a system that builds short-term session keys for encrypting messages which would help in both issues above. Maybe come up with a way of layering encryption to reduce the liklihood of it being cracked. But that’s now how PGP works and we’re talking about a completely different, two-way negotiation based system that isn’t possible over PGP or SMTP.

If you must use PGP, you should ask yourself, in 5 years, will I be in trouble if anyone reads this? What about in 10? What if your kids and grandkids are able to read this message. That may help you decide when and how to use PGP.