[Owasp-leaders] Is it ok to share the PGP Keys and keep the PassPhrase private?
jim.manico at owasp.org
Fri Oct 15 09:28:49 EDT 2010
> Every time I had to use PKI (or any type of encryption) it has been a pain
I'm sorry to hear that. I use a commercial solution for PGP email (PGP
Desktop, 100$ USD for a lifetime license) and it's very easy to work with.
There is a support line for you if you need more help. There are many full
disk encryption solutions like TrueCrypt and OS-integrated encryption that
are also both fairly easy to use. WinZIP (commercial) and WinRAR (free) both
offer per-use encryption as well. If you need help, just give me a call -
I'll be glad to help you get set up.
> and I really think we need to figure out better usability ways to allow
users to easily 'do' encryption.
Users do not need to "do" encryption. For cryptographic storage, there are
many easy ways to do full disk encryption which take the complexity out of
the hand of the end user. For email encryption solutions, if you want "easy"
then consider commercial solutions like
http://www.pgp.com/products/desktop_email/ which make PGP email very simple
to use cheaply, while providing support for low tech folks. Sure, if you are
using the free stuff, it's more of a hassle. The commercial solutions make
it easy. And I'm a believer in FOSS, but there is a tradeoff that we must
acknowledge - especially around usability.
> I know that from a purist point of view what I'm doing sounds very wrong,
BUT, at least with it, I immediately create a workflow with the client which
involves the easy use of PGP technology (which is then only a small hop away
from proper PKI (i.e. just get the user to send me his Public key :) (I'll
add that button to the next version of the O2 Script :) ))
You are not using PGP with this solution. PGP is about public/private key
encryption with passphrases. The multiple AuthN factors are a big deal - you
need a passphrase (something you have) and a private key (something you and
only you have). Your solution is better than plaintext, but still very weak.
Keep in mind, you and many other smart folks are trying to sell me on
"security that is good enough". Let me tell you Dinis, security that is
"good enough" is really not security anymore. The bad guys are *way* ahead
of us. Unless you do *great* or *world class* security, your screwed in most
use cases. That is just the reality of the threat-scape of today.
> I think you are being a bit to radical in your view.
What a second here. You are suggesting that we distribute PGP private keys
as part of a real crypto solution, and you are calling ME radical?
> YES, what I'm proposing is not PKI and yes once you share the Private KEY
the model changes. BUT to say that it 'not acceptable' (your previous email)
and should not be used at all, is a bit to extreme.
It's not acceptable at all. It's insanity. It's taking a step backwards. If
you would like me to explain why again, I'll be happy to do so.
> It's funny how cryptography always triggers very emotional and 'strong'
negative opinons (see for example the comments in this thread I also started
at the SecuriTeam blog http://blogs.securiteam.com/index.php/archives/1451).
Shouldn't we be encouraging the use of Cryptography and not bash it?
I am not bashing Cryptography. I think it's great. I'm bashing the idea of
distributing private keys as part of a cryptosystem where the passphrase, a
single passphrase (without a username) is the sole factor to decrypt data.
It's weak security - which equals no security in today's threat-scape.
> Surely, the bottom line that it depends on the use cases, and it surely
must be better than not doing any encryption at all!
My conjecture again is that "good enough" security == no security. We need
to be great - if not world class - or we fail.
> Also we have to be realistic on the attack vectors (since the really good
malicious attackers have better ways to get the data than to use
supercomputers to crack the PassPhrase.
Dinis, my point is that with only a few thousand dollars leveraging off the
shelf hardware and software, you have a mean brute force encryption cracker
or rainbow table generator. You don't need a sophisticated super computer to
crack password based encryption systems like you are suggesting. I'll be
glad to provide more references to back up this conjecture if you like.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders