PGP & GPG

Ben Rothke writes "PGP (Pretty Good Privacy), as most Slashdot readers know, is one of the most popular software encryption programs ever. It is so good and so effective that in the early 1990s the FBI launched a multi-year investigation against Phil Zimmerman, the creator of PGP, for possible violation of federal export laws, especially ITAR (International Traffic in Arms Regulation). After many years of investigation, the FBI ultimately dropped its case against Zimmerman. Even though PGP is synonymous with end-user encryption, there have only been a few books written on the subject. Jump to 2006, and PGP & GPG: Email for the Practical Paranoid is a welcome title." Read the rest of Ben's review.

PGP & GPG: Email for the Practical Paranoid
author	Michael Lucas
pages	216
publisher	No Starch Press
rating	8
reviewer	Ben Rothke
ISBN	1593270712
summary	Pretty good overview of PGP & GPG

On page 167 in Appendix A of the book, the author candidly writes that PGP "comes with a very good and complete manual at over 300 pages". With that, one may question why one would spend $24.95 on a book which covers much of the same information as the bundled documentation.

The reality is that there is a large class of people that will simply not read any form of documentation. Rather, they prefer something with an ISBN number. Such people are a boon to authors (of which I am one) and publishers. For that group, PGP & GPG: Email for the Practical Paranoid provides a pretty good overview of how to use PGP.

The book is written for an end-user who, while comfortable with the workings of technology, is new to the sometimes strange world of public key cryptography. The author writes in an easy-to-read style and, through repetition, inculcates the principal ideas of encryption and cryptography to the reader.

The introduction and first chapter provide a good presentation of the concepts of encryption, cryptography and public-key cryptography. The idea of public-key cryptography, on which PGP is based, is not so intuitive, and many people struggle with the basic concepts. The first chapter, appropriately titled 'Cryptography Kindergarten' is a good read for those who are public-key cryptography challenged.

On a side note, the notion that even smart end-users can be intimidated by public key cryptography was detailed in a now seminal research paper 'Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0.'

The premise of the paper is that user errors cause or contribute to most computer security failures, yet user interfaces for security still tend to be clumsy, confusing, or near-nonexistent. The authors argue that effective security requires a different usability standard, and that it will not be achieved through the user interface design techniques appropriate to other types of consumer software. The authors conclude that PGP 5.0 is not usable enough to provide effective security for most computer users despite its attractive graphical user interface. Even though PGP is in version 9.x, it still suffers from usability flaws.

Cryptography purists may recoil when the author repeatedly uses the term 'military-grade encryption.' Military-grade encryption and military-grade cryptography are overused terms, most often by marketing departments, but there is no real definition of 'military-grade encryption' -- and even if there were, it would be classified. Most people use 'military-grade encryption' to mean really strong crypto, much like those who use the term 'Olympic-size swimming pool' to refer to a really large pool. But the term 'military-grade encryption' is so misused by so many people that it is a lost cause to try to fight it.

In the rest of the book, chapters 2 - 11, the author details the varied usages of PGP & GPG. The book also details the differences between OpenPGP, PGP and GPG.
The difference between them is that PGP is a commercial piece of software, GPG (Gnu Privacy Guard) is open source, and OpenPGP is a protocol that defines a standard format for encrypted messages, signatures, and certificates for exchanging public keys.

The author astutely writes that while PGP provides really strong security, this is only if, and this is a huge if, it is implemented correctly. Chapter 11 notes that although OpenPGP provides a reliable method of authentication and encryption, it is also not unbreakable. OpenPGP can be vulnerable to many different types of attacks and weaknesses, including poor implementation, hardware or software compromise, fake keys and more. It is important to realize that OpenPGP provides significant, but not unbreakable security.

At 180 pages and priced at $24.95, PGP & GPG: Email for the Practical Paranoid is an excellent book that shows the end-user in an easy to read and often entertaining style just about everything they need to know to effectively and properly use PGP and OpenPGP.

For those that want to save money and perhaps save a few trees, the free documentation that comes along with the product is similarly worth reading.

---

You can purchase PGP & GPG: Email for the Practical Paranoid from bn.com.

Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

A New Core Class in College?

The first chapter, appropriately titled 'Cryptography Kindergarten' is a good read for those who are public-key cryptography challenged.

So basically 99.9% of users online today.

So What Does It Mean?

(Pretty Good Privacy), as most Slashdot readers know, is one of the most popular software encryption programs ever.

This statement may indeed be true. And yet, 98 out of 100 people on the street would have no idea what PGP is. What does that say about software encryption programs.

No one knows, no one cares and very few have been affected by their ignorance.

Re:So What Does It Mean?

No one knows, no one cares and very few have been affected by their ignorance.

I'm sure many, many people have been affected.. it's just that when they get their email read or their private files exploited, they're ignorant that it could possibly have been prevented. Someone who doesn't know how to lock their front door might still be affected by a burglary.

Re:So What Does It Mean?

Mod this poster up! The inventors of public key encryption envisioned a future where encrypting email would be as common as stuffing a letter in an envelope. Phishing would be unheard of since a digital signature would prove that the mail came from who it said it did.

The US government, of course, didn't want this future to come about and put roadblocks in place to prevent it. So, today we have phoney email scams and unencrypted personnel data that gets scattered to the winds on unsecured government and private sector computers. Encrypt your email? Why you must be doing something illegal!

Dennisk

Re:So What Does It Mean?

And yet, 98 out of 100 people on the street would have no idea what PGP is.

That's because nerds usually don't go out on the street. :P

Should rename the book

PGP & GPG: Email for the Practical Paranoid

title soon to become "PGP & GPG: encryption for the practical suspicious target of the homeland security dept."

Re:Should rename the book

Wait a minute...how do we know you're the real Michael Lucas? :-)

Pretty Poor Privacy

I can't say I ever found any PGP product good for any application. It was way too complicated and just not what was needed.

Instead, I found my holy grail of encryption in Truecrypt (http://truecrypt.org )which simply has rocked for the longest time (I'm in no way associated with it). Its free, and as far as I'm concerned as far as free encryption tools go, nothing can touch it, esp if you use one of the double pass encyption methods down the list, and don't label your volumes as truecrypt volumes or keep the encrytion program and the encrypted data on the same harddrive (use a USB key). No way they can identify what it is if you leave no clues.

Unfortunatly, I found out today on Wikipedia that Truecrypt has a rather lest than sparkling history... it seems rather sordid actually from what its homepage would allude to....

http://en.wikipedia.org/wiki/Truecrypt [wikipedia.org]

PGP's probelm was it was never really integrated into an email system, and it had that totally messy key system that really was not worth bothering with or learning unless you were a highly trained memeber of secret police agency (as opposed to John Q public). There definatly is a begging need for good encryption of plain text ascii emails, but PGP just doesn't step up to the job. It needs to be integrated end to end in sendmail or whatever other mail transport servers, and inside the big heavyweight email programs used out there... PINE, Netscape Mail, the webmail services, and perhaps even OUtlook.

Skip Truecrypt, encrypt your data in a small volume and attach it as a file to who you want to send it to... in fact, encrypt whole harddrives or create files that can be mounted as virtual harddrives.

Truecrypt: http://truecrypt.org/ [truecrypt.org]

Zimmerman is more of a posterboy against the man than really than anything else in my practical opinion. I don't know any compgeek that uses PGP, or anyone that uses it to encrypt their mail.

Slashdot and Public Keys

There's a Public Key field in the User Preferences page on Slashdot, but does anyone know where you go to pick up other users' keys?

Mil Grade Crypto... IS defined :-P

"Cryptography purists may recoil when the author repeatedly uses the term 'military-grade encryption.' ... there is no real definition of 'military-grade encryption' -- and even if there were, it would be classified."

Ahem, reference http://www.nsa.gov/ia/industry/crypto_suite_b.cfm [nsa.gov]

While Suite A is classified, Suite B, specifically AES, is specifically mentioned as being suitable for up to TOP SECRET info.

Military grade is not a useless term, as it is therein defined.

HOO-AH!

book quality / IT

one may question why one would spend $24.95 on a book which covers much of the same information as the bundled documentation.

Yeah, I've noticed this on most IT books. And I'm not one of those people "who want an ISBN". I don't think those people even read the books...
I wonder if there is a book called "Linux man pages explained - with complete printouts"...

One sided comparison

The author astutely writes that while PGP provides really strong security, this is only if, and this is a huge if, it is implemented correctly.

OpenPGP can be vulnerable to many different types of attacks and weaknesses, including poor implementation...

So one is vulnerable from poor implementation and the other provides really strong security? Hardware or software compromise is a flaw of only OpenPGP? Seems like a slightly tilted comparison.

Misdirected criticism

The failure of secure email to proliferate has nothing to do with PGP's usability issues. 99% of email users already have S/MIME integrated into their mail readers as a standard feature - very usable and secure, yet almost universally unused. It's not about the user interface, it's about perceived need (or lack thereof).

S/MIME

When people say "X.509" when talking about email security, what they mean is S/MIME. It is pretty clear S/MIME is going to win the battle to be the most common form of email security on the Internet. It has built-in support on Outlook, Thunderbird, hell--even mutt.

If people CHOOSE to trust a PKI, S/MIME works WAY better than PGP because key distribution is much easier. If they don't want to do a PKI, they can still trust individual certificates, just like PGP. They can verify certificates by reading thumbprints over the phone, if they like.

Basically, S/MIME can do everything PGP/MIME can do except the "web of trust." And WoT is just WAY too much work for 99.9% of the population. PGP will eventually vanish.

Outlook plugin?

I've been looking at different plugins for gpg but haven't found anything that's quite what I want. The best one I've found is something that uses the clipboard for encryption/decryption. Works OK for someone who doesn't mind a little work.
What I'd like to see is an Outlook plugin (or OExpress) that does the following. (Please note that I wrote O/OE because they are the major players)

* GPG included to make it easy for the user. Just one install for the whole package.
* Automatically create keypair during installation
* Default option to keep passphrase cached (not safe, yes I know, I know)
* Automatically decrypt/sigcheck all incoming emails
* Automatically encrypt/sign all outgoing mails.
* Attach the pubkey to all outgoing mails where the address isn't in my keyring.
* Automatically (just ask for password confirmation or something) addition of incoming pubkeys to my keyring.
* GPL :-)
* The people who got the pubkey would also get a link to where to download the plugin.

I'm sure someone can expand this list quite a bit and I'm sure I forgot half of what I wanted to put on that list, but it's a start anyway.

Anyone care to write such a plugin? Or is there one already that I don't know of?
I do think that if there was something to that effect that you would see a spike in encrypted emails going across the globe.
I used to encrypt/sign everything but since I was the only one using pgp/gpg it was kind of pointless.

.haeger

I wish security were more accessible to the masses

Just the other day I saw the following on the website of an author selling her own book directly:

Emailing Credit Card Numbers To email your credit card number, we suggest sending two emails. The first email should contain half of the credit card number and expiration date: 1234 5678 XXXX XXXX exp date: 07/XX The second email should contain the other half of the credit card number and expiration date. XXXX XXXX 3141 5926 exp date: XX/05

Sigh...

Re:I wish security were more accessible to the mas

Add to that the number of web sites using an aging perl shopping cart system whereby half the credit card number is immediately emailed to the admin and the rest is stored as plain text on the server. Also the web sites who claim that your numbers are perfectly safe as they are using 128 bit encryption and the data is not decrypted until it reaches their [colocated, probably virtual] server. I had an argument with some previous employers when they insisted on calling their colocated RAQ3 a "secure server". I pointed out that they had never even seen the facility that it was housed in, and the private data was freely accessable using telnet, because it wasn't encrypted once ssl had done with it.

Just as a an example, I set up a shopping cart of the type I mentioned and they thought it was the mutts nutz until I showed them that I was receiving both parts of the credit card numbers by email at a private email account. Even then I don't think they thought it was a problem. I left shortly afterwards.

I wonder whose harvesting those numbers now...

BTW, I deleted that shopping cart, so I am not guilty of abusing the system. It was done to prove a point. [slashdot.org]

Documentation != books?

The reality is that there is a large class of people that will simply not read any form of documentation. Rather, they prefer something with an ISBN number.

So a large class of people prefer to read, what, barcodes??

Advice for me

For those that want to save money and perhaps save a few trees, the free documentation that comes along with the product is similarly worth reading.

I want to save money, but I hate trees. What do you suggest I do?

Olympic-Sized Pool Dimensions

For those who are curious: "The dimensions of an Olympic pool are required to be 25 metres by 50 metres." http://www.faqfarm.com/Q/What_are_the_dimensions_o f_an_Olympic-sized_swimming_pool [faqfarm.com] I am still looking for the definition of 'military-grade encryption'.

Interoperability?

When I first read the title I hoped the ability for these systems to communicate correctly was what was being addressed. I've been working with a bank for weeks now trying to get things I encrypt with GPG to be decryptable by their PGP "Universal Server" product. They can install PGP Desktop on a PC and decrypt my messages just fine. They have this larger/fancier package that decrypts upstream of their Exchange server and internally passes on the unencrypted emails to their folks. It also has a webmail (https) interface for outsiders to send/receive things to them, etc.. It simply refuses to decrypt something created by GPG and PGP's support has been thoroughly useless so far. Hrm...

Getting Started with PGP and GPG

Uncanny timing on this article for me -- I just this morning set up both PGP and GPG clients on my Windows machine. I found some inspiration in this tutorial on PGP:

http://www.haltabuse.org/pgp/win/index.shtml [haltabuse.org]

The tutorial talks about version 7 or 8 of the software when it was still freeware. Version 9 it appears still offers the basic functionality for free, but I have to admit that I was a bit put off by the fact that it's presented as a 30 day trial with a EULA that includes passages like this:

You hereby expressly consent to PGP Corp's processing of personal data you provide to PGP Corp (which may be collected by PGP Corp or its distributors) according to PGP Corp's current privacy policy which is incorporated into this Agreement by reference (see ). If "you" are an organization, you will ensure that each member of your organization (including employees and contractors) about whom personal data may be provided to PGP Corp has given his or her express consent to PGP Corp's processing of such personal data. Personal data will be processed by PGP Corp or its distributors in the country where it was collected, or in the location of PGP Corp or its distributors; United States laws regarding processing of personal data may be less stringent than the laws in your jurisdiction.

Standard EULA boilerplate perhaps, but I found it unnerving in a product that's supposed to protect your privacy.

I also downloaded GPG4Win from

http://www.gpg4win.org/ [gpg4win.org]

and got it running. I just succeeded in encrypting a message with the one and decrypting it with the other, so I think I'll go with GPG.

Amazing that such tools aren't de rigueur by now.

The people who do it right

I have to say, I don't personally use them, but I think the hushmail.com people really do crypto right. First, it is (now) genuine OpenPGP encrypted email, i.e. as standard as standard gets. And for people who aren't experts, there's really no key exchange to work out. If you both use hushmail.com, you can sign/encrypt your messages and the site takes care of hooking you up.

I'm all for traditional fingerprint checking and GPG keysigning parties, and yes I even got RMS to sign my key for cool factor. But for "mortals" I think the hushmail.com system is about right.

Is there a definition of military grade encryption

Hi,

If read my give and take below with Abcd1234 about military grade encryption, he refuses to concede that there is no such thing, as the book reviewer stated.

I still challenge anyone to provide an authoritative definition of what military grade encryption is.

Karen

Re:what the...

That was the most difficult google search I've ever done ... Gnu Privacy Guard [gnupg.org]

Re:what the...

GNU privacy guard. Duh!

X.509 requires a CA.

Until Microsoft starts bundling their Certificate Services in Vista Home editions as a My-Identity-broker kind of thing, X.509 is useless for most people. X.509 is in Outlook because Outlook is the frontend for Exchange.

GPG/PGP are asymmetric cryptosystems that don't rely on PKI infrastructure, just per-user public/private keypairs. Not enterprise friendly but they can be used to bootstrap a trusted online relationship.

Re:what the...

A google search would have saved you about 100 keystrokes.

Re:Obligatory

Actually, the obligatory troll in this case is the old "HELLO WORLD HELLO WORLD" gag.

Re:what the...

Post like this make me crave the moderation "-1 lazy bastard"

Re:X.509 is better

I don't think anyone with who: A) has concern for their privacy and security, and B) is in their right mind, would want to use MicroSoft's Outlook email client. (Anyone recall the Outlook exploit that was executed without even opening the email?)

Aside from the fact that noone should use outlook, I read up a tiny bit on X.509. According to Wikipedia, X.509 uses signed certificates from CAs, meaning you have to PAY, and store your certificate with a "trusted company". Not only is this horrible for paranoids who wouldn't trust Verisign, but the US Gov. could subpoena your information from these companies, rendering your encryption useless (against the government).

Re:X.509 is better

First of all, you can get free personal S/MIME email certificates from Thawte, which is a trusted CA. Second of all, you don't have to use a commercial trusted CA. You can also be your own CA and issue yourself all the certificates you want. The only catch is that outside the domain of your CA, your CA will not be a trusted CA, so you either have to establish trust in advance with other users, or live with having an untrusted certificate.

Re:X.509 is better

I read up a tiny bit on X.509.

That is obvious.

According to Wikipedia, X.509 uses signed certificates from CAs, meaning you have to PAY,

No, you can set up your own CA (for free) with openssl. And in fact, you don't need a CA at all. You can use your own certificates that aren't signed by anyone, just like PGP/GPG. In fact, the underlying math (public-key cryptography) is exactly the same as PGP/GPG.

and store your certificate with a "trusted company".

Store your certificate? Bullshit. You send the CA a certificate signing request. They sign it, and send it back to you. The certificate is useless without your private key, and the private key doesn't leave your possession. Decryption can only be done with the private key. So don't lose it.

Not only is this horrible for paranoids who wouldn't trust Verisign,

You don't need to trust Versign for X.509 to work. The only time you need to trust Versign (or any other CA) is to identify the cert of someone you never met. How do you know that a cert really belongs to the person? Verisign (or some other CA) signed the certificate. How do you know if a PGP key really belongs to someone you never met? Someone signed it.

But do you trust the signer? That question occurs with certificates and PGP keys.

but the US Gov. could subpoena your information from these companies, rendering your encryption useless (against the government).

Even if the US Gov't seizes all of verisign's info, that won't help them break your cryptography, since the private key (see above) never left your possession and Verisign never had it.

It's one thing to be paranoid, it's another thing to be an idiot. Understand how cryptography works before you start to rant & rave.

Frankly, if the US Gov't really, really wants to break your encryption, they'll bug your computer, or your house, or call in the NSA, or send in the Marines.

Re:PGP vs. GPG

PGP => Pay to Get Privacy
GPG => Get Privacy Gratis

Re:X.509 is better

Users much prefer the simpicity of an X.509 solution.

The simplicity of X.509? Is completly the other way around. PGP is simple :)

You probably never implemented a corporate PKI infrastructure. I myself love PKI (it's a freeking miracle I got married, I know) and have implemented or at least contributed in implementing several PKI's over the years. Simplicity is definitely not the first thing that comes to mind. Things like OCSP and CRL's you need to check the validity of a key, basically everything around issuing keys, key-escrow etc. it is al pretty complicated. Not nescecairly the theory, but the actual implementation and integration. Plus not to mention expensive. And don't even get me started on the legal side of it, the contracts you need, the legal requirements, webtrust etc.etc.. Brrrrrrr.

PKI is cool, has a lot of potential etc. Put it's not simple in anyway. Microsoft may make it look simple (did I just say that?), by basically "trusting" loads of CA's defaultly but how much is that trust worth exactly? Not much in my eyes. Oke, the encryption during transit... that should be ok. But is the signer of that email really who he says he is?

Between me, my friends and my colleguae's we use GPG. Bunch of my friends are on Mac's like me others are on Linux or BSD flavored machines. Some even use Windows. I don't even know al the plug-ins everyone uses. Hell, I don't know the name of mine. It integrated with Apple Mail and I just press the buttons etc, type in my passphrase and it works. Simple. Plus the keys I trust, I explicitly trusted by hand. Basically this kind of trust is loads better then accepting any mail certificate issued by the Verisigns of the world.

Here is the Mac link: http://macgpg.sourceforge.net/ [sourceforge.net] . Loads of GUI GPG tools.

X.509 is worse

Me, via IM: Hey, John, here's my GPG key. <pastes GPG key into IM window>
John: Cool. Here's mine.

Et voila - we can now start sending private messages back and forth (neglecting man-in-the-middle issues with the key exchange that can be trivially avoided with a single phone call or in-person meeting). Notice the missing step: neither of us paid Verisign or another CA for the privilege of saying "Hey, wanna go to lunch?" in private.

Re:X.509 is better

X.509 is a heap a crap for a number of reasons, but top of my list is that obtaining a cert for it is such a monumental bother that it renders the whole exercise pointless. You can either pay for a cert or go a-hunting for a free cert, but either way, the CAs want everything but a stool sample before they issue you with a cert that expires in anywhwere from 60 days to a year away. If you're lucky you might find a cert that lasts longer, but all that pain and suffering gets you a cert which the CAs do not validate or vouch for in any way.

Conversely, all it takes to to use PGP is a few seconds with the wizard to generate your key and you're all set. It doesn't ask you for your passport number or your ssn, or your birthday or anything else. Integration with mail readers is slightly harder, but solutions exist for PGP and GPG for most popular readers. Once you have the key you're all set to use it for as long as you like. If you're paranoid about impersonation you can even get a few friends to sign your key.

Re:X.509 is better

There is only one thing missing here Who controlls the 509 certs.. Everyone seems to miss that companies pay Microslop to include them as trusted CA providers.. Yes.. 75k to get trusted and 10K per year to stay trusted.. I have been using pgp/gpg for years.. it works fine.. I use it to encrypt my hard disk and confidential mail to my friends.. Fred

Re:paranoia?

My guesses include:

* They've coerced the author to build in a backdoor (a la clipper).
* They've spent enough billions on serious hardware that they can brute-force it in a reasonable time.
* They've got some very clever mathematician to figure out a viable attack.


I think you can safely scratch #1, while also safely assuming #2. The trick is how timely, and how much encrypted traffic there is overall. If you or your message has been flagged as a high priority decrypt, then they're likely to throw a lot of crunch at it.

However, if you're not flagged and more people start to use encryption, you're more likely to get lost in the noise.

Your #3, I have no idea. I don't really have enough math knowledge to have a good grasp on the difficulties such a mathematician would face.

Re:PGP vs phishing

No because people clueless enough to be tricked by phishing scams would be too clueless to verify signatures.

Re:Huh?

Not sure what the problem is here. There are still a lot of people who are not online. There are still a lot of people that have long train or bus rides and want to read something along the way. Yeah, there is free stuff, but it is not always accessible to everyone.

Re:X.509 is better

You are a simplistic DIP-SHIT; if you understood, read,
thought about X509 -v- PGP you would quickly realise how
dumb and ignorant you are.

But this is the modern American way, leadership by dumfkofen.