PGP Alternatives for Email Encryption
A few weeks ago, I wrote an article for 2600 Magazine. (If you’re curious, publication has been confirmed and you’ll probably see it in the Winter 2014-2015 issue.) The form email you get when you email an article submission says:
“We don’t recommend sending PGP encrypted articles as we frequently have problems with people using the wrong keys and/or an incompatible version. If it doesn’t work right away, we discard it and move on to the next submission.”
Well, that was no problem for me. As a productive tech journalist, I email my work to editors at least a few times per week, and those emails are never encrypted. I encrypt an email maybe… once a year? Never for my work, that’s for sure. My late father, a novelist and writing tutor, always told me that people who worry that their work will be plagiarized usually write nothing that’s worth reading. Thanks, Dad!
But there are many situations where it’s very important to encrypt your email. My husband does a lot of work that involves classified information. Many people are employed in areas where they’re bound by non-disclosure agreements. Workplaces that deal with highly sensitive data, such as those in government, finance, or in the medical field, will often have email encryption as part of their IT security policy. Also, I’m able to write articles that may be politically controversial without having to worry about getting arrested, but journalists who live in dictatorships lack my privilege. Email encryption is a must for them.
Phil Zimmermann’s PGP is the most popular standard for email encryption, even in 2014. Sharing public PGP keys has also become something of a nerd trope, akin to having thousands of Magic: The Gathering cards. If there hasn’t been a PGP key sharing joke made by the scriptwriters of The Big Bang Theory already, they’ll likely write one in the future.
For the sake of full disclosure, I must mention that my husband Sean Rooney worked on the development of PGP Command Line for Linux 6.0 in the mid-1990s.
The PGP (Pretty Good Privacy) encryption standard was first published in 1991. Zimmermann designed it with email in mind, but it’s possible to encrypt all kinds of other data with it, including files and file systems. PGP 1.0 used RSA for encryption, along with Zimmermann’s own BassOmatic symmetric key cipher. At the 1991 CRYPTO conference, Israeli cryptographer Eli Biham found significant weaknesses in BassOmatic. Fortunately, that was also the year that IDEA was published, so from PGP 2.0 on, it replaced BassOmatic.
After surviving some legal difficulties from the US government related to Zimmermann being accused of “exporting munitions” for letting PGP slip out of the United States, PGP spread to a number of different email client plugins and a variety of other software. Eventually, Symantec bought the commercial implementation, and open source PGP software is available as GPG and OpenPGP.
In most webmail, emails are unencrypted by default. There’s an open source webmail program called Mailpile if you’d like to run your own webmail servers that use OpenPGP.
The latest news about PGP was announced at Black Hat 2014. Yahoo Chief Information Security Officer Alex Stamos said that Yahoo Mail will debut a “seamless” PGP feature this fall. A Google-developed Chrome extension for PGP-encrypting Gmail has been available for several weeks now, so Yahoo is quickly catching up in their own way.
Even though the PGP standard is still evolving to improve its security, it’s not without its critics in the cryptography community.
I’m an Information Security Researcher, and I can use and implement cryptography competently, but as I was never a math whiz, I could never be a cryptographer. Even so, whenever I see someone share a public PGP key out in the open, such as on the web, it always makes me a little uncomfortable. That was just a gut feeling. In my recent research, I eventually figured out why I’ve always felt that way. Yes, they’re not private keys, and possession of a private key is necessary for decryption. But I know a little bit about reverse engineering and encryption cracking. Even if an asymmetric algorithm is used, enough processing power, time, and sophisticated cracking methodology could crack ciphertext when a cracker has a public key to begin with. For all of the time I’ve spent hardening other people’s public key servers, why does PGP usually necessitate sharing public keys openly?
Matthew Green reacted to Yahoo’s news with cynicism on his Cryptography Engineering blog. As PGP was first published in 1991, he asked why people would want to use a standard as old as when Will Smith was The Fresh Prince of Bel-Air. Pop culture references aside, he made a lot of excellent points. There are so many different versions of PGP still in use. Older standards are used for backwards compatibility. If a sender isn’t mindful of the version of PGP that’s used by their recipient (which is shown when a public key is displayed) and vice versa, both parties have to start all over again. He’s concerned by how much legacy tech is still used. Keep in mind that whenever a new encryption standard is introduced, it’s only a matter of time before it gets cracked, necessitating the development of new technology. No particular encryption standard lasts forever.
He’s also concerned with PGP’s lack of forward secrecy. Forward secrecy is the idea that if ciphertext is lost, destroying the keys should keep it encrypted.
Proper PGP use should mitigate a lot of passive wiretapping, but Green clearly reminds readers that there’s no way that PGP can prevent the NSA from seeing your data if they target you. Edward Snowden has confirmed suspicions that the NSA spies on ordinary people, and it’s very unlikely that a target would be notified somehow.
So, what can you do?
If you operate your own PGP key servers, at least you have some control, but that’s not a pragmatic solution for most people.
My friend, cryptographer Sandy Harris reminded me that he worked on the Free S/WAN project in the 1990s. Free S/WAN is in the same spirit as PGP — make open source encryption technology available to the public so that ordinary people can enjoy some privacy from the government. It was an open source GNU/Linux implementation of IPSec, so that people can have OSI layer three security via Linux-based Internet servers. A large percentage of Internet traffic goes through Linux distros- think of how prevalent Red Hat is and how Apache has dominant webserver marketshare.
Although its last stable release was over a decade ago, Free S/WAN lives on as the Libreswan fork in many Linux-based VPNs. If you use one of those VPNs, maybe you can sleep a little more soundly.
There’s always the Tor proxy network… Its main vulnerability is its exit nodes, but decentralization is its strength. These days, many of my fellow geeks operate Tor servers with Raspberry Pi. A Raspberry Pi can be purchased for a mere $25, and the Tor server software written for the device is free software, of course.
ZixCorp offers their own encrypted email solution, but their technology is propriatery and you’ve got to pay for their services. It’s SaaS (software as a service), so you should trust the security of their servers if you’re going to use their services. It’s a possible option for your business.
Sandy told me that Zimmermann is developing an alternative to PGP with his new company, Silent Circle, founded in 2012. They already have a product that encrypts phone calls from mobile devices and via VoIP, including on the desktop.
If Zimmermann has moved on from PGP already, maybe its time you should as well. That’s food for thought.
What’s the matter with PGP?- Matthew Green
Yahoo to begin offering PGP encryption in Yahoo Mail service- Lee Hutchinson, Ars Technica
Google-released Chrome extension allows easy in-browser Webmail encryption
Frequently Asked Questions About PGPi- pgpi.org
The Protection of Your Secret Key- Ralf Senderek
PGP Attacks- infiNity
PGP Command Line- Symantec
ZixCorp Email Encryption Services
PGP Timeline- Adam Back
History and politics of cryptography- Sandy Harris
Silent Circle Services