Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
"Why Johnny Can't Encrypt"

By iGrrrl in Culture
Wed May 08, 2002 at 02:17:16 PM EST
Tags: Security (all tags)
Security

Encryption technology has been around for a long time, yet there seems to be some stigma attached to using it. And everyday email users may not even know it exists. There appear to be serious barriers to convincing people to ensure their own privacy. Why is that? Is there a perception that if you care about these issues you must be some icky UNIX/Linux misfit? In the wake of September 11, is there a perception that people only need privacy encryption for nefarious purposes?


The upcoming Ylem Forum, titled Artists, Freedom and Privacy, will have a talk about these issues. (Wednesday, May 15, 7:30 PM at The Exploratorium in McBean Theater, 3601 Lyon St., San Francisco, CA)

"Why Johnny Can't Encrypt: Social Aspects and Barriers to Adoption of Privacy Technology" is the subject of Matt Hamrick's talk. The title is borrowed from a 1999 paper by Alma Whitten and J. D. Tygar. The paper examined the interface for PGP 5.0, and concluded that it wasn't easy enough for average naive users. PGP is up to version 10 now, but it's still nowhere near... Forget "universal"! It's not even common enough that Joe Average knows what Pretty Good Privacy is!

The other issue here goes back to an old attitude about privacy questions such as urine testing and even digital identity. "If you're not doing anything wrong, why should you care?" Phil Zimmerman, inventor of PGP, was sent hate mail after the September 11 attacks for inventing technology that could aid terrorists. By some thinking, all innocent people should feel fine about having their email scanned. They certainly didn't blink when Magic Lantern, which is supposed to be able to break PGP encryption, was announced.

And yet, according to a talk by David Barnes, privacy is the #1 concern that most users have when using the web. He likens using privacy technology to using condoms and wearing seatbelts, where the benefit should be considered much greater than the hassle. People say they're concerned about privacy and security, but they don't want to do anything about it. A very small percentage of internet users employ any kind of active security measures.

Fear of geekiness? Fear of looking like they have something to hide? Why?

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Poll
PGP?
o Have it, but don't use it. 43%
o What is it? 0%
o Carnivore can eat my mail for all I care. 10%
o Only for the paranoid. 2%
o Use it only for sensitive electronic transmission. 22%
o Use it all the time. 20%

Votes: 235
Results | Other Polls

Related Links
o Ylem
o Matt Hamrick
o paper by Alma Whitten and J. D. Tygar
o Pretty Good Privacy
o Phil Zimmerman
o Magic Lantern
o talk by David Barnes
o Also by iGrrrl


Display: Sort:
"Why Johnny Can't Encrypt" | 166 comments (155 topical, 11 editorial, 0 hidden)
The biggest problem for me... (4.33 / 6) (#5)
by Trollificus on Wed May 08, 2002 at 12:06:33 PM EST

...in using encryption for E-mail was that no one I knew would use it!
Having a PGP key is useless if my recipients won't download or use the key.
Maybe they figure it's too convenient, or they have no idea how it works. But it would be nice if some of them would at least give it a try.

"The separation of church and state is a fiction. The nation is the kingdom of God, period."
--Bishop Harold Calvin Ray of West Palm Beach, FL

correction (none / 0) (#16)
by Trollificus on Wed May 08, 2002 at 01:22:53 PM EST

Inconvenient, not convenient.
Haven't had my caffeine for the day. *still waking up*

"The separation of church and state is a fiction. The nation is the kingdom of God, period."
--Bishop Harold Calvin Ray of West Palm Beach, FL
[ Parent ]

My experience too (4.00 / 1) (#48)
by squigly on Wed May 08, 2002 at 04:20:48 PM EST

I sent my pgp public key to everyone on my email list. Those who did understand what it was just ignored it. A lot of my friends didn't and wouldn;t understand what it was. I tried explaining it to them, but they couldn't see the point.

I got the feeling that they felt downloading an extra aplication to handle encryption was too difficult. They simply didn't believe it was going to be worth the time and effort taken to download and install. Then there's an extra step of typing in a secure passsword. It's only a small effort, but people don't believe that anyone will spy on their email, and the perceived risk of this is too small to justify even the minimal effort to prevent it.

All we need is to give everyone an easy capability to encrypt. For some reason, no email package comes with encrpyption built-in. This adds to the difficulties. If Outlook came with an autoencrypt feature (e.g. no password, always signed, always attached your public key, and always encrypted if you were sending to someone whose key had been sent to you) then people may well start using it. Until then, they won't because its too difficult.

[ Parent ]

encryption uptake (none / 0) (#91)
by martingale on Wed May 08, 2002 at 09:47:21 PM EST

All we need is to give everyone an easy capability to encrypt. For some reason, no email package comes
Either that, or if someone writes a virus/trojan that spies on people's email and propagates all the juicy bits to their friends. *Shudder*.

[ Parent ]
passwords and theft (none / 0) (#135)
by janra on Thu May 09, 2002 at 01:26:35 PM EST

Then there's an extra step of typing in a secure passsword.

Let me rephrase. "Then there's the horrible process of coming up with a password that joe sysadmin doesn't say is 'too easy' and remembering it, I think I'll just write it down on this sticky note and put it on my monitor." Or they'll insist on using a dead simple password, like my current employer. And this is the same guy who trusts his memory enough that when I asked him what his backup strategy was, he tapped his temple and said "It's all up here." Yet he can't remember a halfway-secure password. *sigh*

If Outlook came with an autoencrypt feature (e.g. no password, always signed, always attached your public key, and always encrypted if you were sending to someone whose key had been sent to you) then people may well start using it.

...and because they don't have a password on their key, somebody could steal it and impersonate them, and read their email, and pretty much completely negate the entire point of having said encryption in the first place, making it so that people trust public-key encryption about as much as they trust that the "From:" header in junk mail always lists who sent the email. Ie, only people who don't know how easy it is to spoof.


--
Discuss the art and craft of writing
That's the problem with world domination... Nobody is willing to wait for it anymore, work slowly towards it, drink more and enjoy the ride more.
[ Parent ]
Email is not different than snail mail (none / 0) (#152)
by trane on Fri May 10, 2002 at 06:51:08 PM EST

Look how insecure our system of delivering physical mail is...

[ Parent ]
Barriers to widesread encryption usage (4.66 / 3) (#7)
by jabber on Wed May 08, 2002 at 12:13:44 PM EST

Most 'vanilla' people I know of do not know HOW to use encryption, what it involves, or what it even means. Encryption, to them, is something the CIA does; something that requires a graduate degree to understand.

The more aware, but still 'nilla' people think it's overkill, and see the hassle associated with encryption to be not worth the effort. And this is where I think the true barrier is. Encryption isn't easy.

No popular email program offers a simple method for encrypting. It's all a hassle, and so it's not worth doing. Doubly so due to the 'Microsoft Office Effect'. Since the recipient of the email is not likely to have encryption, encrypting would make the email inconvenient. This is the reason most people I know switched to Office - the people they worked with used it, so to be compatible, and make life convenient, they switched.

No large number of people will switch to something inconvenient unless they are forced, and even then they will resist. Encryption isn't plagued so much by fears of terrorism and 'I have nothing to hide' mentality as it is by plain old laziness. The NIMBY crowd would be glad to adopt routine encryption, so long as they never have to think about it after a simple initial install. And here is the rub, encryption requires the users attention, and most people don't pay attention unless they can do it in 8-second sound-byte increments AND have it be FUN.

[TINK5C] |"Is K5 my kapusta intellectual teddy bear?"| "Yes"

And it's thought of as 'suspicious' (4.33 / 3) (#25)
by thebrix on Wed May 08, 2002 at 02:53:37 PM EST

It has a severe image problem; the zeitgeist seems to be that 'if you encrypt you're up to no good' ... probably engendered by 11/9 and aftermath ('the terrorists used the Internet' in suitably doomladen tones).

(On this theme, I've had funny looks recently when I say I shred documents. The owners of these funny looks are entitled to them ... but do they really put old credit card statements or utility bills straight into the bin?)

[ Parent ]

shredding/throwing away (3.00 / 1) (#86)
by R343L on Wed May 08, 2002 at 07:57:40 PM EST

You throw old bills away? Shouldn't they be locked in a fire-proof safe? And behind an lasar intruder detection system....You know, like in all those movies. Someone could put your shreds together! :)

Rachael
"Like cheese spread over too much cantelope, the people I spoke with liked their shoes." Ctrl-Alt-Del
[ Parent ]

Encryption is a funny thing (4.50 / 4) (#8)
by jann on Wed May 08, 2002 at 12:35:28 PM EST

I am a computer user. I know computers fairly well. I could setup PGP and use it. I was going to as well but then I thought about it.

WHY?????

Bear with me. What the hell would I encypt. Sure passwords on my *nix boxen but PGP ... really ... I had nothing to encrypt. So I asked my friends ... the closest I got was a friends fiance who didn't want her boy'f reading her diary stored on her HDD. All my comp. type friends told me ... nay lectured me ... on how important encryption was but none could give me an example of when they would ever use it. I have never sent an e-mail that was so "important and sensitive" that it required so much as a ROT13 let alone a 1024bit PGP encryption.

For Neal Stephenson characters building a datahaven in the pacific, encryption was a good plot device, and Solitare was a good idea (even if it has now been found to have flaws as an algorithim) But in the real world ... My real world ... personal encryption like PGP is as useful as tits on a bull. Encryption is an interesting academic exercise for peeps like me but I am not about to secure away my Cisco router configs before I send them to the Cisco TAC for debugging.

That said give me a job with the feds and my opionion might be different.

J

digi sigs (4.00 / 1) (#13)
by jeffy124 on Wed May 08, 2002 at 01:04:15 PM EST

what digital signitures? maybe not among friends, but here at work we digitally sign something that's of importance. Like when we give teh server new ssh keys, the admin will send out an email with the new public key fingerprints and sign it to ensure integrity of the message.
--
You're the straw that broke the camel's back!
[ Parent ]
Sure, but... (none / 0) (#26)
by Otter on Wed May 08, 2002 at 03:19:49 PM EST

And mail and remote login protocols that don't make you send passwords in cleartext. And secure http for sending credit card numbers and such.

But that was the original poster's point. When encryption is trivially easy to use and serves a purpose, it will be used. But for nearly all routine computer use, it offers little benefit, is difficult to use and, in the case of email, means that the recipient almost certainly won't be able to read it.


[ Parent ]

My brother can tell you (5.00 / 1) (#27)
by vadim on Wed May 08, 2002 at 03:23:20 PM EST

Yesterday my mom was asking me if I had a document she wrote a few months ago. I did a search and didn't find it. Then we turned on my brother's computer and looked there. Still nothing. Just for fun I did a search on *.jpg and found a *large* collecion of porn on his computer. He heard us laughing at some odd stuff was there (disney porn) and disconnected the computer. So, obviously he did have something to hide.

What about me, I've got things like databases with data that should stay here, a big archive of my personal emails, and other computers I use ssh with. I've got a computer set up as a mail server and it uses IMAP with SSL. I use PGP/gnupg if possible, and I'm planning to have the home directory encrypted on the mail machine.

I think some paranoia is good. That's why I use PGPdisk and store all my Gnutella downloads on it just in case I ever get something that I shouldn't. Some extra safety is never bad.

Even if my brother ever figures how to use a sniffer and a disk editor as revenge I'm already safe. The advantage is that I know what to do if I ever need to do something the rest of my family wouldn't approve. And it doens't have to be illegal at all to have a reason to hide it.
--
<@chani> I *cannot* remember names. but I did memorize 214 digits of pi once.
[ Parent ]

Would you send your mail without an envelope (4.00 / 1) (#28)
by Skippy on Wed May 08, 2002 at 03:24:52 PM EST

It's roughly equivalent. Most people do more sensitive things using the postal service than they do with email so it's not an exact correlation. I wouldn't want anyone reading my mail so I use envelopes. I don't do anything important via email without encryption (which unfortunately means I don't do much important via email). And I digitally sign all email.

# I am now finished talking out my ass about things that I am not qualified to discuss. #
[ Parent ]
Yes, if I ... (4.50 / 2) (#46)
by pyramid termite on Wed May 08, 2002 at 04:18:47 PM EST

... had to rebuild my mailbox to send it, had to send a special letter opener to all my friends and didn't have anything to say that I didn't mind saying on a postcard. All I've got to say is that anyone's spying on me, they must be very bored.
On the Internet, anyone can accuse you of being a dog.
[ Parent ]
Regular mail is safe?!? (none / 0) (#153)
by trane on Fri May 10, 2002 at 06:58:07 PM EST

How hard is it to open an envelope, even (if you wish) without the real recipient noticing that you've opened it?

[ Parent ]
Encrypt to not stand out (4.33 / 3) (#93)
by Katrillien on Wed May 08, 2002 at 10:41:59 PM EST

One day you might need to send encrypted mail. Maybe the mafia is after you, your government turns against you or you've found out that your employer's main competitor is spying on you and your colleages.

Consistently applying encryption now means that the day you find yourself in need your really secret mail will not raise anyones attention. Rather, it will be lost in the sea of regular unintelligible gibberish that appears to be your mailbox.

Well, that's the theory.

[ Parent ]

What would you encrypt? ... Everything! (none / 0) (#166)
by Master of None on Sat Jun 22, 2002 at 12:59:33 AM EST

Encryption algorithms sometimes fail, or are otherwise improperly implemented.  Even worse, your key will eventually become worthless as computers gain enough processing power to crack older encryption schemes by sheer brute force.  

So what's to stop someone from sifting through your IM chat logs, personal e-mails, book-drafts, or work projects you took home on that zip disk?  If you only encrypt what you want to keep secret, then it's an obvious target for cracking.  But what if you have 800+ documents in various formats, as well as every email you've ever kept... every last one of them encrypted?  

If it takes a few days to crack open any given document (on tomorrow's beefy computers), then it could be litterally years before the black-hat stumbled upon the one document that you really wanted to keep private.  By then, they hopefully would have bent all that processing power at more lower-hanging fruit.

With all that said, I rarely do encrypt anything because of the previously stated reasons.  But if the time does come when I have something I want to be kept dead secret, you can bet your shiney hiney that I'll be encrypting everything I can find.  A needle in a haystack can be easily found compared to a particular needle in a pile of other needles.

--
Master of None: Often wrong, never in doubt.
[ Parent ]

Missing Poll Option: Use it for signatures only (5.00 / 4) (#9)
by placebo on Wed May 08, 2002 at 12:37:40 PM EST

I sign most of my email with GnuPG. Kmail and Evolution have always made this very easy for me. I know that 99% of the people I send mail to probably don't understand this string of seemingly random characters at the end of my messages. However, I figure that it's there if they're in the know and want to verify its authenticity.

I would encrypt more, but just as most people can't (don't know how) to verify signatures, they can't/don't know how to decrypt.

I've often wished that email clients that know they support PGP would add some sort of "X-Supports-PGP: GnuPG 1.0.7" header to all mail. If mail clients would scan for these, and flag addresses in your address book as PGP capable, then automatically favor encryption for these addresses, it would go a long way towards making PGP more usable. The problem is that I just don't know who has it and who doesn't, without sending some mass spam.

---
A friend in need's a friend indeed...

Don't know how to decrypt? (5.00 / 1) (#15)
by cgray4 on Wed May 08, 2002 at 01:14:04 PM EST

The public key encryption system means that a person must first make a public key before any message to her can be encrypted.  Thus, if it is possible to encrypt your message to her, she has already taken the first step with PGP/GnuPG.  So it's very likely that she knows how to decrypt.

So really the big worry is getting people to make key pairs in the first place.

[ Parent ]

Missing the obvious (4.00 / 1) (#18)
by placebo on Wed May 08, 2002 at 01:33:35 PM EST

Sorry, I just thought about this at lunch. Perhaps a better idea would be to automate the searching of several key repositories. If a key to an address your sending to is found, pop up a message offering to encrypt (and notifying the user that they may want to obtain the public key through some method of higher trust).

---
A friend in need's a friend indeed...
[ Parent ]

Higher trust (none / 0) (#165)
by sean23007 on Sun Jun 16, 2002 at 01:33:23 AM EST

There would sure need to be some level of higher trust if it were possible to easily and automatically create a database of all email users who used any kind of encryption. For all the reasons stated above, you might not want people to know you used encryption, but if they had a list of all email addresses that used encryption, your adoption of it might raise some hackles, if you know what I mean. And for those of you that fear the government for whatever reason, wouldn't this make it really easy for the government to start a file on anyone and everyone who might be trying to hide something, anything, from said government? It absolutely would. You definitely would need to have a whole lot of trust if you would support a database of this kind, and if you had that much trust, what's the point of being paranoid in the first place, eh?

Lack of eloquence does not denote lack of intelligence, though they often coincide.
[ Parent ]
Convenience, time, network effects (5.00 / 9) (#17)
by Jetifi on Wed May 08, 2002 at 01:26:29 PM EST

Most human-computer interactions are made easier by employing metaphors (windows, scroll bars, buttons), but the concepts involved in public key crypto are complex and have no adequate real-world analogy. This makes it difficult to get to grips with. By no means am I implying that users are dumb - it's more about computer literacy than anything else.

Add signing, revocation, hybrid crypto-systems, webbed/hierarchical trust structures, all of which are necessary for the correct use of something like PGP, and Johnny loses interest.

Another reason I believe crypto isn't that wide-spread is convenience. Most security tools today rely on passwords or passphrases for user identification. Good 8-character passwords are irritating to users, let alone passphrases. Enforcing these on users (for example in a corporate environment) is often the reason for post-its bearing passwords.

In addition to the inconvenience, most security, and crypto in particular, is time-consuming. Passwords, key expiry, encryption, decryption - even when done right, crypto isn't transparent. Unfortunately, like all security, it can't be transparent if it is to work for the benefit of the user. In the corporate environment, this is usually dealt with through user education.

Single sign-on is nice, and can help in some cases (Kerberos, Windows networking), but one of the intrinsic problems of single sign-on is that all too often you end up applying one set of credentials to multiple security domains. The end result is analogous to having credit card numbers protected by your HotMail password, which is not a good idea.

Another potential work-around for all this is biometrics. People could adjust to signing something with a thumb-print. However, if biometrics become commonplace, they'll probably be used for financial, medical and governmental purposes before anything else - the infrastructure costs see to that.1

If this were to happen, having biometric hardware commonly available, combined with having public key certificates tied to biometric data, starts to sound like a good idea. But then you consider issues such as ''what's the trusted computing base?'', and problems like ''how do you revoke an iris-scan-based signature?'', and things spiral out of control. PGP identities are easier to revoke, but harder to use.

The problem at the root of this is that modern hard crypto can only be used for identifying and/or authenticating computers or computer data to other computers. In order to identify humans, some level of trust is involved - trusting a computer, a keyboard, an ATM, or other hardware.

Although people like their privacy, there's no wide-spread indication that they do anything about it. For example, the huge majority of surfers have cookies enabled. And no-one thinks about all the SMTP servers their email passes through.

At this stage the envelope analogy is employed. ''Wouldn't you put your letters in an envelope, instead of letting the postman read your mail?'' However, this accurately enough describes the current situation - the only protection there is gained through implied trust of the middle-man, and the lack of an architecture to systematically breach that trust, carnivore notwithstanding.

All these problems prevent the adoption of personal crypto on an individual basis. Crypto in things like email is something that a lot of people could really benefit from, but the network effect just isn't there - not enough people use PGP, or even the S/MIME capabilities of popular clients like Outlook. You can't send a signed email to a stranger and be sure that the recipient can verify it. However, you can send a fax almost anywhere.

(by the way, I think PGP is actually at version 7. And development has been frozen by NIA)

1: Any large scale crypto apparatus for public use will have key-escrow built in, although they probably won't call it that. ''Key recovery'' and ''shared trust'' both sound good to the press.



Binding. (5.00 / 2) (#58)
by Cerebus on Wed May 08, 2002 at 04:47:29 PM EST

The problem at the root of this is that modern hard crypto can only be used for identifying and/or authenticating computers or computer data to other computers. In order to identify humans, some level of trust is involved - trusting a computer, a keyboard, an ATM, or other hardware.

Exactly.  This is what's known as the "binding problem."  Every computer-mediated authentication scheme in use is an attempt to bind a set of bits to a physical identity.  With each, you eventually get to that leap of faith where you simply trust that the correct person is there, at the end of it all.
-- Cerebus
[ Parent ]

Problem with S/MIME (5.00 / 1) (#68)
by mindstrm on Wed May 08, 2002 at 05:18:43 PM EST

It's really a problem with the global PKI structure.

Joe average can't just start sending secure mail. Joe needs to get a certificate.. and every piece of software out there wants you to BUY It from some authority that merely paid to have their root certificate included in MS applications.

We need a way for joe to cleanly and easily create a key and carry it around with him, and to use it everywhere.  Regardless of what they say.. I don't need to be paying Thawte or someone money to prove who I am.

Really, we can look at the reasons we can't design an email system that encrypts and makes it easy for everyone to use.

The main thing is that people need a way to not lose their key.  People don't understand files and directories. We need a standard, common method of storing and retrieving keys, and something so dead easy anyone can do it.
And, we need a global web of trust that's totally decentralized. My own security token will say what keys I trust and do not trust to sign something, it will not be embedded in an application or OS.

In short, if everyone and his dog had a smartcard, and every computer and/or authentication device had a reader, we would be set. You set up your new windows or linux box, want to create an account? insert your card, select the appropriate key (or have one generated and added to the card for future use). IT could be made very, very transparent.

Until we have that... we don't have somethin geveryone can use.

[ Parent ]

Heh (4.75 / 4) (#21)
by trhurler on Wed May 08, 2002 at 02:03:32 PM EST

Magic Lantern wouldn't "break" anything. It would just send the plaintext from your computer as well as the encrypted text. This is what Bruce Schneier has now been saying for quite a while in repentence for his overoptimism in writing his first book: encryption is nice, but if you have a shitty security model overall(any version of Windows does, Unix does, and so on,) then even properly used one time pads will not save you from a determined attacker; the encryption is like a huge steel door bolted onto a house made of matchsticks. If you attack the door, you lose, but punching a hole in the wall and walking around the door is trivial.

At any rate, the reason most people don't use encryption is the same reason most people use Outlook Express. Sure it sucks in every possible way - but it doesn't require them to think or learn much, so they use it. Sadly, encryption really can't be that easy to use unless and until our operating systems are trustworthy, and the only OSes these people can use are the worst of the bunch. It is, as Schneier suggests, going to get worse before it gets better. A lot worse. It is questionable whether it will EVER get better for your average person, because all the solutions proposed to date actually involve functional frontal lobes in the user of the system. Of course, he puts it more tactfully, but that's irrelevant:)

--
'God dammit, your posts make me hard.' --LilDebbie

Uh oh it's encrypted... (4.66 / 6) (#22)
by Graymalkin on Wed May 08, 2002 at 02:33:30 PM EST

The REAL reason Joe Sixpack doesn't encrypt e-mail or even want to is when he sees something encrypted in a movie or on television a character says "uh oh, it's encrypted this will take a minute" and then precedes to break the encryption scheme with a couple of keystrokes. As dumb as it sounds this is the conception the general populace has about encryption. I've had people tell me before they wouldn't encrypt anything because someone could easily crack the encryption and read it (yes the irony has been picked up). People don't realize how purvasive encryption is because they don't have to deal with it. If it could be implimented in computers as transparently as it is transparently implimented on ATM cards people would use it without realizing it and never complain. You don't drive a car by manually moving the tie rod. If they did nobody would drive cars.

Transparent ease of encryption (5.00 / 3) (#24)
by RadiantMatrix on Wed May 08, 2002 at 02:43:25 PM EST

I don't know if you have ever had opportunity to use PGP products for Windows.

PGP integrates nicely with several major e-mail programs, including Eudora Mail and Outlook/Outlook Express. Granted, initally setting up encryption is somewhat of a hassle -- but once set up, the only piece of non-transparent operation is the prompt for a passphrase when decrypting or signing.

People are pretty used to using a password/passphrase, so this isn't really a leap for them. The biggest leap is getting people to understand that using encryption isn't the result of paranoia. This could partially be accomplished if computer retailers did a good job of packing freeware encryption software on thier systems and explaining thier advantages and use to customers. However, that doesn't directly make them money, so they don't bother.

Personally, I get anyone that I e-mail on a regular basis to use encryption. I even forced my bank to get PGP because I refused to e-mail them any personal information unless they used encryption. The biggest force for change in this matter will be demand.

--
$w="q\$x";for($w){s/q/\:/;s/\$/-/;s/x/\)\n/;}print($w)
[ Parent ]

Encryption for Dummies (4.00 / 1) (#106)
by Graymalkin on Thu May 09, 2002 at 01:07:40 AM EST

I've used PGP in Windows for years and while it does integrate well into both Eudora and Outlook it is still complex for dumb users. Even getting ahold of PGP is hassle enough to keep people from obtaining it let alone using it. PGP should have just been included into e-mail clients and a key pair would be generated when the user ran an account creation wizard. A short explanation along the lines of :

Encryption is not an evil hacker past time but a simple method to keep private conversations with friends and family private. Sending unencrypted e-mail is like writing on a post card, anyone handling it can read it. Encrypting e-mail is like putting a letter in a security envelope. Encrypting your mail is easy and option with this program.

PGP never made it that easy to either use or understand. At the key creation stage after telling people what encryption did, they'd be prompted for a passphrase and the program and blamo new encryption keypair, the public key  automagically uploaded to a key server specified by the program's publisher or advanced user. Unfortunately neither ISPs or e-mail program vendors were much interested in propogating encryption for users and it has never been mainsteam in e-mail. Few if any major ISPs send e-mail over secure links, hell most merely use plaintext usernames and passwords. Encryption has always been seen as a hacker conspiracy theorist cyberpunk tool of mass destruction and ironically as a weak means to protect an individual's private communicato.

[ Parent ]
PGP not easy? (none / 0) (#133)
by RadiantMatrix on Thu May 09, 2002 at 12:51:11 PM EST

Obtaining and installing PGP is, I admit, a big pain in the ass -- especially if you use an OS that only has a commandline version available. However, if retailers would include the software and a breif explanation of why it's a good thing, more people would be inclined to go through the (relatively easy) key generation.

AFAIK, the newer versions of PGP (as of 5.0, IIRC) do prompt the user to upload thier public key immediately after generation.

All of the ease-of-use in the world won't help without a change in perception, though -- and we seem to agree on this point. I still hold that the best way to start is with the people you e-mail regularly.

I ususally explain it something like this:

There are probably not that many pieces of e-mail you send that are so private they need to be encrypted. But, if you only encrypt the private ones, it is easy for someone to know which messages are important. If you encrypt as much as possible, then anyone who wants to get the important data will have to crack all your mails -- and few people have the kind of resources they need for that.
I also use the envelope metaphor that you used above.

--
$w="q\$x";for($w){s/q/\:/;s/\$/-/;s/x/\)\n/;}print($w)
[ Parent ]
S/MIME (none / 0) (#107)
by macpeep on Thu May 09, 2002 at 02:00:44 AM EST

Well, S/MIME is totally transparent if you use some umm.. modern.. email clients. With some clients, so is PGP. All you have to is check the "always encrypt email when possible" checkbox and possibly the "always digitally sign email" checkbox and you just continue using the app like before, but all your emails will be encrypted and/or signed.

I had an S/MIME signature for two years and I used it by default. The thing tho, was that nobody else that I knew used S/MIME so other than for signing, it was pretty useless. On the other hand, nobody I know uses PGP either..

[ Parent ]

Why I don't encrypt (3.50 / 2) (#23)
by weirdling on Wed May 08, 2002 at 02:33:46 PM EST

  1. too friggin much trouble.  Yeah, I could, but the work far outweighs the benefits.
  2. large number of emails virtually guarantees that someone would have to target me personally to get any useful data.  Such a person needn't actually read the email 'en route'.
  3. the only exception to 2 is Carnivore, and I don't see why I should put myself out just so the government can do something illegal.  In other words, we need to stop Carnivore, not make everyone encrypt email, as it's pretty obvious which is the cheaper solution.
So, maybe I'm a trusting soul, but I'd rather see some way I could cause serious personal damage to anyone who read my email than bother with massive encryption.

That being said, of course, anyone else who wants to encrypt is free to, as we live in a society where one is innocent until proven guilty and 'the appearance of evil' is not proof of evil.

I'm not doing this again; last time no one believed it.

Wrong. (4.00 / 4) (#62)
by mindstrm on Wed May 08, 2002 at 05:05:53 PM EST

All your arguments are wrong. Yes.. I know they are your opinion.. but they are exactly what's wrong with the perception of things.

1) Too much trouble
 - Yes.. agreed. Encryption should be built in and standard in every application and protocol. IT should not besomething you have to consciously 'use'... not another layer of work.
It's also trouble because the people you are sending to don't use it either. IF everyone used pgp, a good plugin would exist, and it would be seamless. It's still a niche thing, however.

2) Targetting you personally. So until someone actually violates you, you have no reason to protect yourself?  Good theory.

3) Legal or not, snooping will happen. If carnivore is removed, something else will take it's place. The solution is to make encryption standard.

[ Parent ]

misunderstanding (none / 0) (#134)
by weirdling on Thu May 09, 2002 at 01:21:47 PM EST

in 2, I wasn't arguing that there is no point in encryption until someone targets you; I was arguing that encryption is kinda like a steel door on a house of matches.  Unless you're willing to engage in the sort of all-encompassing paranoia that is a royal pain in the ass, you're not going to stop someone from snooping on you; they're way too good.  Encryption would stop random snooping, but that's pretty rare, given the volume of mail.

As to making encryption standard simply because someone will snoop, that's a huge cop-out.  The fight to stop government intrusion won't end with just snooping on plain-text, you know.  It'll move on to snooping on encrypted text.  Don't think so?  Remember Clipper?  No, far better to enact strong legal safeguards and harsh penalties for violation, so that any snooping results in being stomped.  That will actually deter hackers as well as government.

I'm not doing this again; last time no one believed it.
[ Parent ]

Corporations (5.00 / 1) (#154)
by DodgyGeezer on Sat May 11, 2002 at 01:20:22 PM EST

It's not just the government.  How do you know your ISP isn't harvesting information from their SMTP server and selling it to companies like Experian?  Experian has records on over 95% of American households, they have a presence in over 44 countries world wide, they store a suprising amount of diversified information, and they sell it to other companies and can have a direct impact on your life by why of credit ratings.  My numbers might be wrong, but that was the situation when the company I worked for got bought by them 3 to 4 years ago.

The UK has somehow held on through the assault on freedom by the current goverment to its 198x Data Protection Act.  I think this act should just be the starting point though.  I truly feel sorry for Americans who have no equivalent and are at the mercy of corporation's voluntary code of ethics.

Did you ever Simon Garfunkel's "Database Nation"?  Great book.

[ Parent ]

Yeah, but... (none / 0) (#160)
by weirdling on Mon May 13, 2002 at 05:40:37 PM EST

True, large corporations often do engage in spying.  However, this is, once again, a regulatory issue.  If caught doing such, they should face stiff penalties.  That's generally adequate to deter the majority of corporations, as corporations are essentially out to make money, so fines and so on directly hurt them.

However, what of the downside?  Any security solution likely to be deployed widely will be easily compromised due to its promiscuity.  Security is a mindset, not an encryption algorithm, and the mindset that results in high security also results in enormous effort.  I don't wish to expend the effort.  That's just my opinion.

However, anyone who wants is welcome to implement whatever level of security they deem necessary.

I'm not doing this again; last time no one believed it.
[ Parent ]

How about search results? (3.50 / 4) (#29)
by marktaw on Wed May 08, 2002 at 03:28:24 PM EST

Google could be hiding secret messages in it's ordering of the top entries for certain search terms and we'd never know. Just think, the Secret Service could be monitoring someone's packets trying to figure out why a certain spy's favorite website is Google, and why he always searches for stuff related to (choose topic).

The thing is, he has a list of search terms to use on various days. Based on the top (or even bottom) listings, he's receiving messages from another spy who's managed to infiltrate google's development staff.

I mean really. What does the amazon.com sales rank number really mean? It looks like gibberish to me and all the things I buy seem to have a sales rank in the low thousands. I think that's definately used to transmit some sort of message.

Reminds me of the level of paranoia I saw in the movie A Beautiful Mind. Any ordering of anything could be used to encode hidden messages.

Even more subtle letterman possibility: The order of songs played by Paul Schaeffer and the band.

The real trick to Steganography is that the people doing the encoding don't know the message is there. As far as I know this techinique dates back to, well, probably as far back as written communication, possibly before. Artists have been hiding symbols in paintings since there have been paintings. Only they call it art. Books have been written about deciphering the hidden (usually masonic) meanings of said paintings.

I mean, how many movies have used the techinique of you pretend to call John but really call Mary. "John, I'm running a little late. I'll meet you at the cafe in two hours. Great. See you then."

The real message is "Hey Mary, I can't talk, but I want you to meet me at the cafe in 2 hours." This could also be a kind of steganography.


Benefits vs. work. (none / 0) (#30)
by physicsgod on Wed May 08, 2002 at 03:30:02 PM EST

What benifits exist to encrypting email? I for one am not terribly interested in people reading my email, anymore than I'm interested in people eavesdropping on my conversations at the mall. I don't send credit card numbers, passwords, or plans for world domination over email, so why should I bother?

--- "Those not wearing body armor are hereby advised to keep their arguments on-topic" Schlock Mercenary
Good question! (none / 0) (#50)
by thebrix on Wed May 08, 2002 at 04:26:51 PM EST

I used to sign email for a bit (using S/MIME and The Bat!). Only for 'a bit'.

I gave up because of similar reasons as yours: although once set up S/MIME was pretty transparent at my end, people kept complaining about 'lumps of gibberish' or 'strange icons' at their end and, in 99 per cent of cases. the material in the email was so trivial signing was way over the top.

The only occasion I've ever encrypted email was when running a campaign and someone wanted to transmit confidential information. At least using S/MIME was better than their initial suggestion (conversing in German; I know the United Kingdom is famously monolingual, but I expect better from my spies and spooks ;)

Personally, I think things like Web tracking (cookies, webbugs etcetera) have the capacity to be much more dangerous than any reading of email - because there are no nuances and huge pattern-matching possibilities in the information gathered - so I'm very careful with cookies and install a proxy to squash advertising and popups, which are annoying in any case.

[ Parent ]

Traffic analysis (5.00 / 2) (#136)
by hackerhue on Thu May 09, 2002 at 02:34:15 PM EST

The only occasion I've ever encrypted email was when running a campaign and someone wanted to transmit confidential information.
And anyone watching your email transmissions knows that something is up, once they see encrypted messages. If you encrypt even things that are not confidential, attackers will not be able to figure out what's confidential and what's not.

[ Parent ]
normal people (5.00 / 1) (#31)
by trener on Wed May 08, 2002 at 03:33:47 PM EST

just don't -want- that extra step. installing pgp, setting up passphrases, hassling friends to use encryption.. i'm a software dev, and even i just don't care enough to bother.

but, for the sake of argument, lets assume that a typical 'arts major' decides to start using encryption. how many of her friends, do you think, would have encryption? if she started hassling them, would she really be able to explain what it is, how it works, how to get it set up? and do you honestly think that her friends would care enough to start using encryption?

which brings me to my next point: no one talks about anything earth-shatteringly important in e-mail. or, that's the impression. i mean, look at your own e-mail - sure, it'd be annoying if someone were reading it, but really, is there anything in there that's -that- important? and if there is, how many messages did you have to go through to find it? multiply that into the terabytes, and you've got the internet - the signal-to-noise level is horrible. and i think people realize that, at some level. they know that their e-mail is basically unimportant, and it's hidden in MOUNTAINS of other basically unimportant e-mail.

myself.. i'd encrypt my e-mail, if there were that critical mass of users already out there.. but there isn't, and i have zeeeero interest in helping to build that critical mass, so fuckit... if it's something -that- important that no one else can know, i'll give the person a call.

Signal-to-noise (5.00 / 2) (#75)
by DarkZero on Wed May 08, 2002 at 06:05:51 PM EST

The real problem, I think, is that people think that their e-mail isn't important, even though it really, really is. People think that they're just bullshitting with their friends, but as soon as one of their friends asks for directions to their house to get to a party or for their phone number because they can't remember it off the top of their head, that address or phone number can be used to get all of their other personal information fairly easily, at least to the point where you can track the person down to their house and possibly the number (and identities) of family members living with them.

Faking SMTP headers also makes it incredibly easy. All you have to do is fake your e-mail address to look like a person's friend, and then you can ask them a simple question like "How do I get to your house again?" or "I can't remember your phone number. What was it again?". Or for a serious stalker: "How's your family doing?". To which almost anyone would respond to their "friend": "Well, Mom's still in the hospital right now (shouldn't be too hard to get that address), Jenny's doing alright in high school (teenage daughter?: check), but I just broke up with Rob (lack of protective boyfriend: check)..." That could go on for awhile, and I'm sure you understand what I'm getting at.

I think that people just don't realize how important their online communications are until someone actually goes after them, at which point it's too late.

[ Parent ]

We use encryption all of the time. It's called SSL (5.00 / 2) (#32)
by pwayner on Wed May 08, 2002 at 03:38:39 PM EST

This is a great article that raises an important point, but I think we should back up a moment and take stock of the successes. Most people use encryption whenever they use an SSL protected page. This mechanism is not perfect, but it is common, relatively strong, and relatively well-designed. Shoot. The mechanism even uses certificates for one end. So say what you will about the existence of a Public-Key Infrastructure, people are using these things.

Now that I've covered the half of the glass that is full, I think it's great we're talking about the half that isn't. For me, I encrypt in only a few cases because it's too much trouble. The software isn't distributed enough to make it useful. The compatability issues are too annoying. There's only so many hours in a day. When you couple it with the other weaknesses in the overall system, it's hard to make it a priority for chatter about the weekend. If it was easy as going to an SSL-enabled website, I would do it.

SSL isn't for users (4.00 / 2) (#37)
by Jetifi on Wed May 08, 2002 at 03:59:50 PM EST

SSL is there because it protects companies from fraud and liability claims, as well as enabling ecommerce in the first place. If SSL had initially been targeted at privacy-loving users, I doubt it would be as wide-spread as it is today.

When it comes down to it, I believe that SSL is widespread because .com's want your money. They see shelling out for crypto-cards and X.509 certs from companies like Verisign, as an expense, not an investment.

I agree with your comments on PGP, however. FYI, there's a secure mail system (S/MIME) that uses X.509 certificates same as SSL. The end result is that it's a hierarchical trust system, so you have to pay Thawte or Verisign (although they're now one and the same) for a cert that's been signed by an authority.



[ Parent ]
Not for users? (none / 0) (#49)
by vadim on Wed May 08, 2002 at 04:21:59 PM EST

You know, I'm quite happy knowing my ISP can't see the contents of my Jabber messages. It's quite conventient. Not as secure as encrypting them with PGP, but at least I know for sure that they're not seen in unencrypted form anywhere in Spain since I don't talk to anybody from here.
--
<@chani> I *cannot* remember names. but I did memorize 214 digits of pi once.
[ Parent ]
Good point (none / 0) (#54)
by Jetifi on Wed May 08, 2002 at 04:43:49 PM EST

Should have written, not originally meant for users. I'm quite happy to see netizens benefit from it through :-)

Jabber using SSL is cool. Whether or not your messages will ever be read in Spain depends on the mode that SSL is used in. The default mode isn't forward secure, i.e. if someone gets the key at some point in the future, they'll be able to read all past traffic, since it was encrypted under the same key.

If, however, Jabber changes the SSL key regularly, then you're OK :-)



[ Parent ]
PGP and instant messaging... yes. (none / 0) (#119)
by zirtix on Thu May 09, 2002 at 05:45:11 AM EST

It is possible to use PGP inside Jabber.  Gabber on Linux does this (using GnuPG) very well.  It will tell you if someone who seems to be online has signed their 'presence', and will automatically encrypt your messages.

Don't know about Windows though.

[ Parent ]

Whoa (3.50 / 2) (#33)
by vadim on Wed May 08, 2002 at 03:44:41 PM EST

So much whining about how hard it is when it's so easy! Here are the steps:

1. gpg --gen-key
2. gpg --send-keys
3. open KMail
4. tell it to use your key

Done. Easy, and very well integrated. All you have to do is to type your pass phrase when asked. Verfication is automatic. You could even choose not to have a passphrase at all, but it isn't a good idea.
--
<@chani> I *cannot* remember names. but I did memorize 214 digits of pi once.

that's how easy it -would- be... (3.50 / 2) (#34)
by trener on Wed May 08, 2002 at 03:47:07 PM EST

if everyone else had gpg already.

they don't.
so add in that step where you install gpg for all of your computer illiterate friends.

[ Parent ]
Okay (3.00 / 1) (#35)
by vadim on Wed May 08, 2002 at 03:51:02 PM EST

Debian version:
0. apt-get install gnupg

Mandrake version:
0. urpmi gnupg

Better?
--
<@chani> I *cannot* remember names. but I did memorize 214 digits of pi once.
[ Parent ]

Given that ... (3.00 / 1) (#36)
by Simon Kinahan on Wed May 08, 2002 at 03:55:40 PM EST

... the computer illiterate generally use Windows, no, not really.

Thats the problem: the relevant encryption scheme needs to be supported at both ends. Outlook and Outlook Express don't support encryption at all, ergo its not possible to communicate with the majority of computer users in encrypted email.

Simon

If you disagree, post, don't moderate
[ Parent ]

Where did I mention Windows? (none / 0) (#41)
by vadim on Wed May 08, 2002 at 04:06:11 PM EST

KMail is a Linux program. KDE has been ported to cygwin, but only 1.1.2 works, and 2.2.1 is in progress. The really good gpg support is in 3.0. Anyway, I wouldn't worry much about that since a typical Windows newbie doesn't even know how to uninstall a program.

But for Linux newbies I think the instructions are quite good. I would have loved a few of these when I was a newbie. For me using it wasn't hard, I just didn't know what to pick from a list of more than 1000 packages.
--
<@chani> I *cannot* remember names. but I did memorize 214 digits of pi once.
[ Parent ]

Both support S/MIME [nt] (none / 0) (#43)
by thebrix on Wed May 08, 2002 at 04:15:02 PM EST



[ Parent ]
Outlook/Outlook Express (5.00 / 1) (#57)
by DJBongHit on Wed May 08, 2002 at 04:44:26 PM EST

I'm not sure about Outlook Express, but I know for a fact that there exists a PGP plugin for Outlook.

~DJBongHit

--
GNU GPL: Free as in herpes.

[ Parent ]
your friends all have linux... (4.00 / 2) (#38)
by trener on Wed May 08, 2002 at 04:02:11 PM EST

... my friends all have windows.
along with 99.5% of the rest of the world.

this article wasn't talking about linux geeks installing encryption. this article was talking about normal people. so, for normal people, you get to add in that step where you install linux for them. and teach it to them. or install pgp for them. and teach it to them.

and don't forget to multiply these steps by the number of friends you have. normal people have quite a few.

basically, what i'm saying, is.. even if it's not -thaatt- hard (and it really isn't), it adds up when you have to do it all for your friends, and it's effort that people just won't bother spending.

[ Parent ]
Well... (2.00 / 4) (#44)
by vadim on Wed May 08, 2002 at 04:15:54 PM EST

Excuse me, but I find it quite offensive that you imply that people who use Linux aren't 'normal'. Of course I talk to few people, who usually have some kind of interest in computers, and I got most of them to try Linux. But still, it isn't anything very hard. Besides there's nothing hard in installing it, it's the matter of checking a few checkboxes in the installer. I'm sure everybody can do that.
--
<@chani> I *cannot* remember names. but I did memorize 214 digits of pi once.
[ Parent ]
dude.. (3.00 / 2) (#60)
by trener on Wed May 08, 2002 at 04:58:19 PM EST

.. they aren't normal.

and no, i'm not saying that in any kind of 'all-linux-geeks-are-losers' kind of way. i'm saying that in a 0.5% kind of way. (or.. whatever.. is it 1.5% desktop penetration for linux?)

normal people - that is, the average johnny (which is who this article is talking about) - use windows.

[ Parent ]
Hmm (2.00 / 4) (#63)
by vadim on Wed May 08, 2002 at 05:07:03 PM EST

Maybe. But be careful with the word 'normal'. I remember how a few years ago some people from a gays and lesbians group came to my school to educate people a bit. It went well, but I've heard one of them got really angry when somebody asked 'But that's not normal, right?'. Maybe the right word would have been 'common'?
--
<@chani> I *cannot* remember names. but I did memorize 214 digits of pi once.
[ Parent ]
Damn geeks! ;) (4.66 / 3) (#67)
by jabber on Wed May 08, 2002 at 05:17:37 PM EST

Most 'normal' people also get the jist of the conversation based on context, and do not nit-pick semantics over the connotation and denotation of words like 'normal' and 'hacker', or the manifold meanings of the word 'free'. We're all a bit on the abnormal (meaning FREAKY) side here.

[TINK5C] |"Is K5 my kapusta intellectual teddy bear?"| "Yes"
[ Parent ]

Solution ... (5.00 / 1) (#117)
by vrai on Thu May 09, 2002 at 05:19:30 AM EST

Email all your Windows owning friends a copy of the freeware PGP. Make sure you label it cool_pic.gif.exe or something similar. The Windows user will then execute the program, click on OK to all the setup questions and hey-presto: the user has a default install of PGP. Of course corporate users will invariably have auto-execute attachments turned on so they can skip the first step.

Teaching them to use it is the easy part. The only people I am likely to want to send sensitive information to are fairly f**king clever. They may not be techies but they can figure out how to use a simple application with the help of a how-to email from me.

[ Parent ]

Exchanging keys (4.00 / 1) (#111)
by Lynoure on Thu May 09, 2002 at 03:22:46 AM EST

Generating and using keys is relatively easy. It's the exchanging of the keys that seems like lot of work to people and as the result of that is easily done badly (eg. by just emailing the keys without ever verifying the fingerprints).

[ Parent ]
Opportunistic encryption (4.00 / 2) (#39)
by pw201 on Wed May 08, 2002 at 04:03:43 PM EST

My experience with PGP is a common one, I think: I thought it was cool for a brief period as an undergrad. I generated my RSA key and looked around for people to email. Of course, there was no one who I told confidential things to who would be able to use PGP, so the key fell by the wayside.

To my mind, all this hard key management stuff must be completely hidden from a naive user (though the ability for a more experienced user to get at it must be preserved). ISTM that an opportunistic schemes like Herbivore are one way of satisfying this requirement. In the Herbivore scheme, users' MUAs exchange keys during the users' first email exchange. Thereafter, those keys are used to secure further mails.

This sort of system is vulnerable to man in the middle attacks and so on, but if everyone was using it, it would certainly have an impact on the integrity of email.

My grand vision of email in the future is that the archiac systems we now use (and which are readily abused by forgers, spammers, viruses and suchlike) will be done away with in favour of something which is much harder to abuse. Nothing is ever going to make such abuse impossible, but we can do better than we're doing at the moment.

At least digitally sign... (4.87 / 8) (#40)
by DJBongHit on Wed May 08, 2002 at 04:04:21 PM EST

... because SMTP sucks. Observe:

bash$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 lavalamp. ESMTP Sendmail 8.12.1/8.12.1; Wed, 8 May 2002 14:49:34 -0500 (EST)
HELO mailserver
250 mailserver. Hello bob@localhost [127.0.0.1], pleased to meet you
MAIL FROM: rusty@kuro5hin.org
250 2.1.0 rusty@kuro5hin.org... Sender ok
RCPT TO: president@whitehouse.gov
250 2.1.5 president@whitehouse.gov... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
Subject: die

I will kill you.
.

250 2.0.0 g48Hshf8005465 Message accepted for delivery


Did rusty really just send the president a death threat? Or was it somebody spoofing rusty's email account? Obviously in cases like this, the secret service will track the IP rather than the email address, but the point still stands for more mundane cases - how do you know that an email that appears to be from somebody you know or trust is really from that person, and is not just a forgery? SMTP doesn't even ask for authentication; it just accepts whatever email address you put in the MAIL FROM: command.

This is why I digitally sign every email I send... if you receive a message claiming to be from me which is not digitally signed with my key, it's not from me. And if it IS digitally signed with my key, you know that a) I did in fact send that message, and b) it is 100% identical to the message I typed and sent; no one has tampered with it in any way.

Encryption is just a useful side-benefit of PGP/GnuPG in my opinion. Digital signatures are the important bit. And if the person I'm sending email to doesn't have OpenPGP-compatible mail software, then, well, they'll just see a bit of garbage at the end of my messages, with a URL to www.gnupg.org, which may interest them enough to check it out. If not, eh, I don't care.

~DJBongHit

--
GNU GPL: Free as in herpes.

Poorly configured mailserver (4.00 / 1) (#47)
by yonderboy on Wed May 08, 2002 at 04:19:30 PM EST

Since I spend most of my day tracking spammers and abusive email, I've learned to pay more attention to the mail headers than any other part of the message. There are many reasons to do this, but these are the most important:
  • You can tell if someone is really spoofing mail by the Received: tags. Your example would easily give you away since your originating server wouldn't be from whitehouse.gov. It's true that spammers fake these headers, but they're easy to spot by following the chain of from, by, and for.
  • Even telnetting to a mailserver port will give your originating IP away. With this the FBI can knock on your door and present you with a warrant. Don't worry about your ISP saving your bacon; they won't.
  • A well-configured mailserver will not allow From: spoofing. If yours does, please fix it and make a system administrator happy.


[ Parent ]
I know (4.00 / 1) (#52)
by DJBongHit on Wed May 08, 2002 at 04:36:19 PM EST

Everything you've said is true, but how many mail users are going to know how to examine email headers? Like I said, the whitehouse example would obviously be transparent to the secret service, but what if somebody spoofed an email from your boss telling you that you didn't have to come into work tomorrow? Would you really bother checking the headers, or would you say, "oh, cool" and then go head out to the bar for a few drinks?

A well-configured mailserver will not allow From: spoofing. If yours does, please fix it and make a system administrator happy.

That depends on the purpose of the mailserver. My mailserver, for example, accepts any connections from localhost and allows you to use any From: address. This is because it's a private mailserver, and if you have a local shell account, you're allowed to use it. Also, I have many email addresses that I send from and receive to on a regular basis (djbonghit@smokedot.org, *@smokedot.org, *@forkbomb.net, and my other personal email addresses). I also use this mail server for sending mail which appears to be from my yahoo.com accounts.

It is, however, configured so that if the connection is not from localhost, the From: must be a valid account on the server and must use SMTP AUTH to send.

It's not as easy to spoof an email to a technically-knowledgable person; however, it is dead-simple to spoof an email to somebody who isn't so knowledgable, and a simple GUI saying "this email has a signature which matches djbonghit@smokedot.org's key" would be quite useful for this sort of person.

~DJBongHit

--
GNU GPL: Free as in herpes.

[ Parent ]
Witness Klez... (none / 0) (#65)
by ScottBrady on Wed May 08, 2002 at 05:08:19 PM EST

how many mail users are going to know how to examine email headers?
Judging from the number of phone calls/emails I've received from friends informing me I'm infected with Klez, I'd say not too many.

Knowing that I'm an ubergeek, they always call me with a surly, "gotcha" attitude. It's so much fun explaining to them why they're wrong--sometimes I want to cry, but usually I laugh like any self-respecting BOFH would.

--
Scott Brady
"We didn't lie to you... the truth just changed."
YHBT. YHL. HAND.
[ Parent ]

Warning: Possible Ignorance Ahead (4.50 / 2) (#61)
by ewhac on Wed May 08, 2002 at 05:00:56 PM EST

Isn't it true that with PGP/GnuPG you can only sign the payload of the message, not the header? If so, all the signature tells you is who wrote the message, not who sent it.

This would be important in the following scenario: Alice is rising through corporate ranks, much to the annoyance of Jack Ass. Jack decides to destroy Alice's career. He asks her for some confidential company information, which she sends to Jack digitally signed. Jack then forwards the signed payload to the CEO of their main competitor, possibly even spoofing the headers. The CEO checks the payload signature, sees it was written by Alice, and mistakenly assumes she sent it, too. Competitor then contacts Alice's boss about the breach, and Alice gets fired.

Encrypt-and-sign should fix this, but are there facilities for signing the headers, too?

Schwab
---
Editor, A1-AAA AmeriCaptions. Priest, Internet Oracle.
[ Parent ]

You are correct (5.00 / 2) (#66)
by DJBongHit on Wed May 08, 2002 at 05:17:23 PM EST

Isn't it true that with PGP/GnuPG you can only sign the payload of the message, not the header? If so, all the signature tells you is who wrote the message, not who sent it.

This is correct. However, in the situation you brought up, it would be irresponsible for Alice to send confidential corporate information unencrypted. She should send it signed with her key and encrypted with Jack's key - the CEO of the aforementioned competitor would not be able to read it unless Jack decrypted it and re-encrypted it with the CEO's key, at which point Alice's signature would be lost (AFAIK, the signature is applied to the encrypted content, not to the plaintext).

~DJBongHit

--
GNU GPL: Free as in herpes.

[ Parent ]
headers don't matter for authenticity checks (2.50 / 2) (#82)
by rohrbach on Wed May 08, 2002 at 07:19:18 PM EST

your personal ID is the key. it has one or more UIDs attached and is self signed. if you happen to maintain a web of trust, your identity is manifested by others saying that you are you.

time and date of signature and your uid are included when signing, so the headers are not that important anymore.

--
Give a tool to a fool, and it might become a weapon.
[ Parent ]

put to info in text (none / 0) (#155)
by kurthr on Sat May 11, 2002 at 07:10:38 PM EST

Ewhac-

I usually put the person's name I'm sending something to in my own "header" to the message. If that doesn't match I would probably have denyablility to my boss, and Jack(_!_) would be implicating himself by forwarding the message.

It's certainly not perfect, but makes the problem much less likely or usefull to your enemy. As our politicians have proved... deniability is most of the way to innocence.

-Kurth

[ Parent ]

..thats right!!! (2.00 / 1) (#125)
by johwsun on Thu May 09, 2002 at 08:32:58 AM EST

..as long as I dont sign my messages, no message comes from me! So I can easily tell you that you are stupid, and this message does not come from me either! hehehehehe.

Look , signing your messages is nothing. Even if you are going to cast a death threat to anyone, you can easily deny it. who knows that your public key is YOUR public key? who knows that you havent lost it, or that hacker invade into your PC and stole it, or you sold it, or anything....?

Encryption IS useless right now. Encryption today is just another mathematical problem and nothing more, usefull only for military or terrorist or porn reasons.

Encryption will become usefull for people only if digital money or (especially) computer voting will be implemented.

[ Parent ]

Wrong (3.00 / 1) (#137)
by DJBongHit on Thu May 09, 2002 at 03:14:51 PM EST

..as long as I dont sign my messages, no message comes from me! So I can easily tell you that you are stupid, and this message does not come from me either! hehehehehe.
Not quite, dude. If you don't sign your messages, then if somebody were to forge a message to appear as though it came from you, you wouldn't be able to prove that it didn't. Digital signatures are the modern-day equivalent of personal seals on letters, only a whole lot harder to forge. Obviously, if I were to send somebody a death threat, I wouldn't sign it with my digital signature. But what if I were to send an email to my stock broker telling him to sell? I'd be pretty god damn pissed if somebody forged an email from me which cost me tons of money by doing something like that. A digital signature is assurance that, yes, I did in fact send this message, and did intend for it to appear exactly the way it does. Like I said, if you receive a message from me without a digital signature, disregard it, or at the very least, take it with a mountain of salt.

who knows that your public key is YOUR public key?
I do, and I will testify to that.

who knows that you havent lost it, or that hacker invade into your PC and stole it, or you sold it, or anything....?
If anybody wants to go through that much trouble to break into my server which holds my private key, props to them. I'm fairly certain it's locked up in a safe place.

In any case, my private key would be useless to anybody without my passphrase, which is not going to be brute-forced (it's more than 40 characters long, with a mix of punctuation, upper-case and lower-case letters, and numbers. Just try it).

Encryption IS useless right now. Encryption today is just another mathematical problem and nothing more, usefull only for military or terrorist or porn reasons.
Er. Or for buying shit online, or banking online, or emailing confidential corporate data, or when you need to log in as root to your company's email server from home at 3:00 AM, or any time you transmit sensitive data online.

Encryption will become usefull for people only if digital money or (especially) computer voting will be implemented.
Digital money?

~DJBongHit

--
GNU GPL: Free as in herpes.

[ Parent ]
Johnny does not have a stock broker. (none / 0) (#144)
by johwsun on Fri May 10, 2002 at 02:20:54 AM EST

Johnny does not have an openbsd server.
Johnny does not buy things online, because digital money is not yet secure or understandable for him.
Johnny does not email confidential corporate data.
Johnny does not need to log in as root in his company's email server from home at 3:00 AM.
Johnny does not have sensitive data to transmit.

Someday, Johnny will need to use digital money, because this is more safe that the current money, and he will not be afraid of the thiefs by using it.

Especially someday, Johnny will use encryption for computer voting, in order to express his wisdom.


[ Parent ]

My name isn't Johnny (none / 0) (#151)
by DJBongHit on Fri May 10, 2002 at 03:00:26 PM EST

You said, and I quote, "encryption IS useless today." Well, it may be useless for this fictional "Johnny," but there are certainly uses for it.

~DJBongHit

--
GNU GPL: Free as in herpes.

[ Parent ]
define use-less... (none / 0) (#157)
by johwsun on Mon May 13, 2002 at 02:15:09 AM EST

..useless is something that nobody uses? In my definition, useless is something that the less are using.

[ Parent ]
Uh. (none / 0) (#158)
by DJBongHit on Mon May 13, 2002 at 02:54:46 AM EST

What? Useless means something has no use. Which encryption clearly does.

~DJBongHit

--
GNU GPL: Free as in herpes.

[ Parent ]
useless is something that has no use...? (5.00 / 1) (#159)
by johwsun on Mon May 13, 2002 at 02:59:34 AM EST

..then how do you call something that has less use? english again! You cant communicate with that language! ;-)

[ Parent ]
Exactly: Signing more important than encryption (5.00 / 1) (#139)
by otterskip on Thu May 09, 2002 at 04:30:56 PM EST

Although I don't go as far as to sign every e-mail I send out, I sign everything I send to someone who I think would be able to verify the signature. I don't bother signing e-mails to my Mom, but if the e-mail is to someone in my computer science department I make sure to.

Signing is an excellent bootstrap to encrypted e-mail, all the time. Even if you don't have PGP/GPG/whatever installed you can still read my message just as I wrote it (and you can easily ignore the OpenPGP attachment), but if you do have the necessary software you can verify that it was, in fact, from me. By signing my e-mail and encouraging my CS friends to do the same we can prepare for the day when we'll regularly encrypt all e-mail.

I don't think "Why Johnny Can't Encrypt" is the right topic to study right now. The real question is why geeks and assorted UNIXy people, who are fully capable of installing and setting up GPG (it's not that hard) aren't signing or encrypting their e-mail. I don't think all computer users will ever (or even should) encrypt their e-mail. As was pointed out, poor use of the security model (especially the web of trust) by people who don't really understand what they're doing can harm the security for the rest of us. Encryption defaulting to "on" in Outlook would be a bad idea because it probably wouldn't be used in a very secure manner (which depends on correct key management). Instead, I'm trying to raise awareness of public-key cyptography among people who might be willing to make the choice to use it correctly, and signing e-mails is a subtle advertisement for and incentive to use PGP and its ilk.

_pEt3

[ Parent ]

Another discussion on this (5.00 / 1) (#42)
by sjmurdoch on Wed May 08, 2002 at 04:12:14 PM EST

There was another discussion on this subject in sesquiped's diary entry. There were quite a few comments that readers of this story may find interesting.
--
Steven Murdoch.
web: My Home Page
Somewhat Meta: encryption between mailservers (4.80 / 5) (#45)
by Alfie on Wed May 08, 2002 at 04:18:23 PM EST

I am surprised no one has worked encryption into the mailservers yet. Let's take two servers: alice and bob. Let's say alice has e-mail for one of bob's users. First alice will retrieve bob's public key--most likely by contacting bob directly. This key was generated with a random password which bob keeps in memory. The key will probably be replaced every so often. Then alice encrypts the e-mail, sends it to bob, which promptly decrypts the e-mail and delivers it to the end-user.

There are several benefits. Firstly, end-users never have to worry about losing their public key or password since e-mail is only encrypted for the short period of time it takes to transfer between servers. Secondly, the encryption is completely transparent to the end-user and does not interfere with any other encryption the end-user might wish to use. Thirdly, obviously the end-user won't be sending his or her data in plaintext over public channels. :)

There are a few caveats. One of which is that this scheme is useless for authenticating identities and is vulnerable to man-in-the-middle attacks. (However, so are the current unencrypted mailservers.) Another caveat is that the e-mail will be stored unencrypted on the end-users hard drive.



And yet further (5.00 / 1) (#51)
by thebrix on Wed May 08, 2002 at 04:34:02 PM EST

This isn't new - Esther Dyson is the first person I'm aware of who proposed complete end-to-end encryption (everything passing through the Internet is encrypted by default, I assume transparently via some mechanism still to be invented), although I'm sure others must've suggested it before she did.

(Jakob Nielsen review of Release 2.0, the book which contained the proposal).

[ Parent ]

Already done. (4.00 / 2) (#53)
by Cerebus on Wed May 08, 2002 at 04:36:25 PM EST

SMTP TLS (Simple Mail Transport Protocol Transport Layer Security).  Basically SMTP+SSL, but with SSL negotiation encapsulated in the SMTP channel rather than vice-versa.

Most mail daemons are capable of speaking it.  But most aren't configured to use it.
-- Cerebus
[ Parent ]

Any howto links? (none / 0) (#56)
by haflinger on Wed May 08, 2002 at 04:44:24 PM EST

Particularly for Sendmail and qmail, that'd be nice, thanks. :)

Did people from the future send George Carlin back in time to save rusty and K5? - leviramsey
[ Parent ]
SMTP Security (none / 0) (#59)
by thrig on Wed May 08, 2002 at 04:58:01 PM EST

And for authenticating users, you can use SMTP AUTH.

True, most mail servers do not speak TLS— only a few systems enable TLS by default (OpenBSD comes to mind), and most admins will not take the time/money to deal with proper certificate setup.

All of my mail servers talk TLS; I use SMTP AUTH and STARTTLS to allow users to relay mail through our systems from anywhere (annoying ISPs who muck with SMTP aside, but I also run smtps for that purpose.



[ Parent ]
What's good about this (3.00 / 1) (#64)
by Spendocrat on Wed May 08, 2002 at 05:07:09 PM EST

Is that it would automatically incorporate compression, which would be beneficial (just like mod_gzip for Apache).

[ Parent ]
That Doesn't Work (4.66 / 3) (#69)
by CleverNickname on Wed May 08, 2002 at 05:19:12 PM EST

As soon as bob's public key is sent over the network you've lost security.

1.) How can alice be sure she's receiving bob's public key?

2.) How can alice be sure she's sending the data to bob?

3.) How does bob know that he's receiving a message from alice?

To ensure that the above three things can't occur, you need either 1.) a secure channel between alice and bob or 2.) a trusted authentication server that both alice and bob trust.

I'm not saying that this is worse than what's out there, but it shouldn't provide a false sense of security.


[ Parent ]

Web of trust (4.66 / 3) (#76)
by DJBongHit on Wed May 08, 2002 at 06:18:21 PM EST

How can alice be sure she's receiving bob's public key?
This is what the web of trust is for. Alice can only be sure she's receiving Bob's public key if it's either signed with a key she already trusts, or if she speaks to Bob over a trusted medium (such as the telephone or in person) and Bob gives her his key fingerprint. If it matches, Alice can then sign Bob's key with her own.

~DJBongHit

--
GNU GPL: Free as in herpes.

[ Parent ]
Good Points (none / 0) (#77)
by Alfie on Wed May 08, 2002 at 07:00:04 PM EST

Even so, such a system would make things more difficult for eavesdroppers. Plus, IANAL, but I think there is a significant legal difference between looking at plaintext packets which just happen to go through one's server and intentionally falsely identifying oneself as bob's server in order to perform a man-in-the-middle attack. Such an attack might be considered circumvention of a security device; it certainly shows active intent to circumvent privacy, as opposed to passively listening to cleartext communications over public channels.



[ Parent ]
Puzzle box. (5.00 / 2) (#79)
by gordonjcp on Wed May 08, 2002 at 07:05:01 PM EST

Alice wants to send a new key to Bob. So, what Alice does is creates *many* keys, labels them, and encrypts them with a reasonably *weak* algorithm.
Bob receives this package of keys, chooses one, and sets out to crack the encryption on the key. This takes a while. Once the key is decrypted, Bob sends Alice a message with the label for the key ("Key number 27!"). This can be plaintext. The chances of Eve cracking the correct key is small, and it would take too long to crack them all.
Once Alice knows which key Bob cracked (Bob now has the public key) Alice can begin using the private key to encrypt messages.

Give a man a fish, and he'll eat for a day. Teach a man to fish, and he'll bore you rigid with fishing stories for the rest of your life.


[ Parent ]
Orders of magnitude (4.00 / 1) (#81)
by vectro on Wed May 08, 2002 at 07:15:13 PM EST

The problem is that you can't assume the attacker and Bob happen to have the same amount of compute power available. Since it's entirely possible for the attacker to have 1000s of times the power available, the scheme breaks.

“The problem with that definition is just that it's bullshit.” -- localroger
[ Parent ]
Okay... (none / 0) (#83)
by gordonjcp on Wed May 08, 2002 at 07:30:53 PM EST

Granted, this allows that everyone has roughly the same computer power. Plus, since it's far quicker to encrypt the key/label pairs (ought to have mentioned that the key encrypting the pair is random and thrown away after each one) than it is to crack them, you can easily make a couple of thousand pairs and redress the balance.

Give a man a fish, and he'll eat for a day. Teach a man to fish, and he'll bore you rigid with fishing stories for the rest of your life.


[ Parent ]
Still problems (none / 0) (#95)
by vectro on Wed May 08, 2002 at 10:56:38 PM EST

There are still considerations that make your scheme impractical.

First, 2000 keys at even 1024 bits each is 256K (before encryption, which might make it bigger). That's a considerable amount of data for a key exchange, but not prohibitive.

Second, generating 256KB of entropy is non-trivial. Even radioactive-decay RNG cards are only going to provide a few bytes a minute.

Third, your keyspace isn't that big - only lg n, where n is the number of keys. This can also be reduced by employing additional compute power. For 2000 keys, that's equivalent to a keysize of only about 11 bits.

Finally, if an attacker can log all traffic, then it would be possible to break the initial keys later on, and use that to reconstruct the rest of the traffic after-the-fact.

“The problem with that definition is just that it's bullshit.” -- localroger
[ Parent ]

This isn't my scheme... (none / 0) (#110)
by gordonjcp on Thu May 09, 2002 at 03:05:22 AM EST

... this is something of a simplification of what is already done. I agree it has drawbacks, but does give a reasonable degree of security.
This isn't something you'd do on each message - this is used to give a measure of security to the first communication. I suppose you're never going to get around the problem of someone recording packets for decryption later though.

Give a man a fish, and he'll eat for a day. Teach a man to fish, and he'll bore you rigid with fishing stories for the rest of your life.


[ Parent ]
Simplification? (none / 0) (#113)
by vectro on Thu May 09, 2002 at 03:53:59 AM EST

I am aware of _no_ protocol that uses anything like the scheme you've proposed. If you could provide references, I'd appreciate it.

“The problem with that definition is just that it's bullshit.” -- localroger
[ Parent ]
I'll see if I can find some... (none / 0) (#115)
by gordonjcp on Thu May 09, 2002 at 04:34:05 AM EST

... but I honestly don't know. I'm no crypto expert, although I do sign mail pretty much consistently.

Give a man a fish, and he'll eat for a day. Teach a man to fish, and he'll bore you rigid with fishing stories for the rest of your life.


[ Parent ]
You're kidding, right? (none / 0) (#126)
by rcs on Thu May 09, 2002 at 08:54:31 AM EST

The first application of this was in Merkle's puzzles, which foreshadowed public key encryption by a few years.

This sort of flooding with messages thing is common in blinding protocols.

Blinding protocols are one of the core building blocks of cryptographic techniques.

I wish I could find the reference to the scheme referenced earlier in the thread, but it's a common one. If my statement means anything to you.

--
I've always felt that there was something sensual about a beautiful mathematical idea.
~Gregory Chaitin
[ Parent ]

It's called PKI (none / 0) (#96)
by stuartf on Wed May 08, 2002 at 11:25:34 PM EST

2.) a trusted authentication server that both alice and bob trust

It's called PKI, using a trusted third party such as Verisign or ENtrust to confirm your identity.

[ Parent ]

Some companies already do this... (4.00 / 1) (#71)
by stuartf on Wed May 08, 2002 at 05:26:48 PM EST

Using S/MIME. PGP doesn't seem to be built towards gateway based encryption Marshal Software do Mail Marshal Secure which does this.

[ Parent ]
I swear to god (4.00 / 1) (#74)
by porkchop_d_clown on Wed May 08, 2002 at 05:57:14 PM EST

I proposed this very thing to a company that wrote e-mail servers in the early 90s (this was pre-web, business was still using various proprietary protocols).

Could not convince them to do it. They tried to patent it, though.


--
I feel like I've lived my live in screensaver mode....


[ Parent ]
This sounds like... (4.00 / 1) (#85)
by arcterex on Wed May 08, 2002 at 07:41:25 PM EST

This sounds a lot like opportunistic encryption, built into the newer versions of FreeS/WAN (and probably other VPN type systems, though I don't know of any off the top of my head).  

Basically the theory is that you have a bunch of systems with OE running on the internet.  If one detects another system running OE, it starts a key exchange and negotiates a secure tunnel through the insecure network (in this case, the internet).  A very cool idea in theory, but there are problems, the lack of secure DNS being one (if you connected to foo.com with OE before, how can you be sure you're connecting to them now) (or something like that, I don't remember the exact reason).

[ Parent ]

maybe Johnny is a lazy bastard (1.50 / 8) (#55)
by lvogel on Wed May 08, 2002 at 04:43:54 PM EST

#define TOO_LAZY 1
using namespace LUSER;
#include <me>
#include <other_encryption_nonusers>
...
-- ----------------------
"When you're on the internet, nobody knows you're a dog!"

-a dog
Why I'm Not a Crypto Weenie (Yet) (4.25 / 4) (#70)
by ewhac on Wed May 08, 2002 at 05:22:18 PM EST

I just used GnuPG for the first time this week, though I've had it installed for over a year. The thing(s) that keeps me from using crypto on a regular basis is a lack of understanding of what the tradeoffs are, and what's "good enough" for my needs.

As I understand it, crypto isn't just an extra gadget on the mail client, it's a way of life. Key management is a big pain in the neck, not because it's necessarily hard, but because of the meticulous care one must take to ensure against one's keys being compromised. To "do it right," I get the impression one should store one's keyring on a floppy disk (and nowhere else) and keep that floppy on one's person at all times.

Add to that the fact I don't know how many keys to build for myself, or what types/sizes they should be. Do I need just one, placed on public keyservers everywhere, or should I create several of varying lengths for varying levels of perceived security needs? Should I put them all on public keyservers, or should I keep a couple in reserve for special needs?

The definitive reference cited to me is Applied Cryptography, a ponderous tome. "Read it and you'll understand," they say. Well, okay, but is there a mini-HOWTO that will keep my knickers out of the fire until I get around to plowing through the whole thing?

Schwab
---
Editor, A1-AAA AmeriCaptions. Priest, Internet Oracle.

PGP documentation (5.00 / 1) (#73)
by vadim on Wed May 08, 2002 at 05:34:56 PM EST

I think Philip Zimmerman explained it really well. Also take a look at his website,

But shortly, key size just determines security. I use 4096 bit keys. Any recently new computer can handle that without problems. 768 bit is considered insecure. 2048 should be fine. What about key types, IDEA is patented, that's the only problem with it for now. Oh, and keyservers synchronize between them, so you only need to send your key to one of them.
--
<@chani> I *cannot* remember names. but I did memorize 214 digits of pi once.
[ Parent ]

FAQ list (5.00 / 1) (#89)
by xah on Wed May 08, 2002 at 08:49:09 PM EST

Here is a good FAQ list. It's informative, though the specifics are out of date.

If you want to read a book that ordinary mortals can get through, read Schneier's Secrets and Lies.

[ Parent ]

Applied Cryptography (5.00 / 1) (#116)
by vrai on Thu May 09, 2002 at 04:35:34 AM EST

In my not-so-honest-opinion this is the second most important book in the field of Computer Science (after the Knuth saga).

I realise it is bit tricky to plow through but I would strongly recommend reading it (Singh's 'The Code Book' is also excellent for a historical perspective). I only read it initially because I'd heard the NSA had tried to ban it in the US. However once I'd started I was hooked and read it cover to cover (the only technical book I'd done that before with was 'Programming Python'). It won't help you use GnuPG but it will give you an excellent grounding in encryption techniques. Plus its got yummy reference code!

[ Parent ]

Keeping your secret key(s) safe (none / 0) (#118)
by hashashin on Thu May 09, 2002 at 05:31:56 AM EST

To "do it right," I get the impression one should store one's keyring on a floppy disk (and nowhere else) and keep that floppy on one's person at all times.

I agree, to be properly paranoid you should carry that (write-protected) floppy with you all the time, but of course that's not too practical--floppies aren't very reliable, for one thing. I've considered burning them to a 8cm CD, but still there's no way I would carry that around with me day and night.

Now, biometrics allow you to carry your keys with you at all times, but as some have pointed out, sometimes you need to revoke a key, and how can you revoke your thumbprint or your iris? We already have massive problems with misappropriation of Social Security numbers, since you can't change yours even if you know someone is using it for fraud.

But what if you could put the keys on a ring, watchband or necklace? Like the little iButton things Sun used to trot out at conferences, except maybe a little sleeker. I'm picturing something like a plain silver band with a contact point on it, that you can touch to a little USB reader.

The other thing that bothers me, though, is what happens when you lose that single copy of your private key and now suddenly you can't read any of your saved mail from the last N years? Maybe you have an escrowed "recovery" key socked away in a safe deposit box? Hope you remember the passphrase.

[ Parent ]

My use of PGP (3.50 / 2) (#72)
by fortytwo on Wed May 08, 2002 at 05:33:31 PM EST

I GnuPG-sign most of my emails and USENET posts, however I don't know anybody else who uses it, so I can't exactly encrypt :)

Most of them? (3.50 / 2) (#97)
by acceleriter on Wed May 08, 2002 at 11:26:24 PM EST

If you don't sign all of them, how will you deny one made by someone else in your name?

[ Parent ]
don't need to (none / 0) (#129)
by kubalaa on Thu May 09, 2002 at 09:52:33 AM EST

Any reasonable court will recognize how easy email is to forge and not treat unsigned email as evidence. His only problem would be signing something he might later want to deny.

[ Parent ]
Why Johnny can't encrypt ? (2.50 / 2) (#78)
by mami on Wed May 08, 2002 at 07:00:16 PM EST

Most probably for the same reason why Johnny can't read. He was not taught properly. May be he was embarrassed because he asked a "dumb" question to a Guru, who just didn't want to answer in "layman's" or "Johnny's" terms. Once burned he doesn't come back unless he absolutely has to.

I see two big problems (4.25 / 4) (#80)
by moeffju on Wed May 08, 2002 at 07:11:48 PM EST

The first is:
  • Awareness. You need to teach Johnny why he would want to encrypt his mails, files, whatever. Once he gets that, the next step is:
  • Ease of use. It's like seatbelts. Sure, you know it is safer to use one, but it's a hassle to put it on everytime. Compared to using PGP/GnuPG, however, it's fucken easy. I have yet to see a free and usable interface for PGP/GnuPG. One that I install and that leads me through key generation, then installs plugins for my mailers etc etc.
Until that happens, Johnny will send postcards.

(Note: I have used PGP back in the DOS times. I know to make keys, and I have used it. It's too much hassle for me now, and I don't want comments telling me how stupid I am for not caring enough about my privacy. Come to realize it is gone already.)

Seahorse (3.00 / 3) (#84)
by aberryman on Wed May 08, 2002 at 07:41:16 PM EST

Seahorse is a pretty decent GnuPG frontend for gnome - it will handle imports, creation, exports, and the best thing is you can just type your message in, select a key, and encrypt it.  It's quite useable.

http://seahorse.sourceforge.net/

[ Parent ]

Habit (none / 0) (#114)
by vrai on Thu May 09, 2002 at 04:26:15 AM EST

Ease of use. It's like seatbelts. Sure, you know it is safer to use one, but it's a hassle to put it on everytime.

It depends on what you're used to. Older people complain about the hassle of seatbelts because for most of their lives they never had to. Seatbelts have been required for (literally) as long as I can remember. Hence I only notice using them when they're faulty/non-existant.

Over time this will apply to encrypting messages as well. If everyone started encrypting their messages tommorow, initial people would grumble about the time it take. However eventually people would accept it as part of the whole email experience and not really realise they're doing it.

[ Parent ]

Who cares? (3.00 / 3) (#87)
by keymonkey on Wed May 08, 2002 at 08:29:08 PM EST

Everyone has made good points, but one has been left out. The reason I don't encrypt my email is simple, I don't say anything important, sensitive, or confidential over email. If some pasty geek wants to sniff my email packets, to find out what kind of love notes I send my wife, or what bar I'll be at that night, all the power too him. Financial transactions, B2B communications, and other transfers, I agree, should be protected and are by SSL. Everything else is useless. The day I start to worry that the government might be tracking my pub crawls I'll encrypt, until then who cares?!

tradeoffs (5.00 / 7) (#88)
by xah on Wed May 08, 2002 at 08:37:39 PM EST

In cryptography, there are three goals: security, simplicity, and efficiency. You may choose two.

One-time pad is secure as long as the key is kept secure. Key generation is difficult. Transferring the key is difficult when the plaintext is large. If the key is stolen in transit, the security is all for nothing. Thus, one-time pad has some problems with both efficiency and security.

Then, in the 1970s came the ingenious invention of public key cryptography. This made it feasible to send encrypted text over public networks like the Internet. It is not simple, but it is both efficient and secure. Once it's understood, public key cryptography works fast. While the encryption isn't as secure as one-time pad, when one considers the hypothetical amount of computing time needed to attack the encryption, it is good enough.

The big downside of public key cryptography is that the sender and the recipient must keep their "secret keys" private and secure. They can generate them in isolation, but cannot allow them to be accessed by outsiders. Importantly, to avoid this pitfall the user of public key cryptography must understand the basics of public key cryptography. Once understood, key management is efficient. Yet key management is not simple. In the area of key management, the ordinary user must take security very seriously, a job that the ordinary user of computers does not ordinarily do or understand. This is the crux of the problem.

SSL uses public key cryptography. The secret keys are kept by a trusted third-party. As long as the third-party is worthy of trust, it works. The experience of most Internet users with trusted third-parties has been seeing a corporate name, and trusting them on that basis. Then, after they use SSL a few times, they learn from experience that trusted third-parties exist. In some situations, though, there are no trusted third parties.

PGP was brilliant. It put public key crypto tools in the hands of ordinary folks. The use of PGP has literally saved lives. It has a few drawbacks, however. The most notable is that the interface was initially limited to the command line, and even the later GUI interface was slightly clunky. Given time, money, talent, and will, the interface can be made better. Nevertheless, the basic problems of understanding and execution at the level of the ordinary user will remain.

There are various kludges that avoid the need to educate and train users. These involve a competent third person, a "system administrator" who handles key management behind the scenes. For example, a webmail host may use public key cryptography to provide secure e-mail to its users. Obviously, though, this scheme relies on trusting a third person, just like SSL, and sometimes you just can't trust any third party.

You can simplify the PGP interface and things will get slightly better. The main problem continues, however: How to educate and train ordinary users on the concept of public key crypto, and also on the software product. The paper linked to by K5 talks about the need for usability.

There is a difference between simplicity and simplification. Simplicity is fine. Simplication though would blind the user to the internal mechanics of the cryptosystem. Any decrease in complexity = an increase in the system's vulnerability. Designers should find out what threats the user can best take care of themselves. Then they should design the software to take care of all other (known) threats, exposing only certain threats to the user. Finally, the user needs to be educated to handle these vulnerabilities himself.

The user must learn the basics of the technology, and apply that knowledge daily. Some people want a cryptosystem where they don't have to think. Such a system won't be secure. The learning curve for public key crypto is steep, but there is no way around it. The user has to climb it or abandon public key crypto altogether. The user must be patient enough to manage keys competently every time, or a vulnerability will be introduced.

Even if a good design is found, though, one big problem remains. If there is not a threat that people can conceptualize, they will not act to minimize that threat. People put private letters in sealed envelopes because everyone can visualize that an unwanted person, be he a government agent or a random acquaintance, could otherwise read their mail (easily). People don't even consider that their e-mail is being intercepted every day. People think that Internet privacy issues concern only cookies and credit card numbers.

Therefore, the problem is not only educating and training ordinary users, it's also convincing them that a problem exists.

It is conceivable that we will someday dispense with all this and invent a crypto system that is very secure, very simple, and very efficient. Such a system will rely necessarily on a technology distinct from public key cryptography, however. No such technoloogy is known to exist.

Finally, where I can download this PGP 10? :-)

Hushmail (none / 0) (#98)
by wurp on Thu May 09, 2002 at 12:16:07 AM EST

Why hasn't anyone mentioned Hushmail?  It is very simple to use, freely available, and pretty damn secure.

It is a webmail service like hotmail or yahoo mail.  You can get a free account or a "premium" pay account.  I personally use a pay account for the extra space and because I want to support the service.

When you sign up, you download a Java applet that you use to generate your public/private key pair.  You squiggle the mouse around to generate entropy for the random number generator.  After creating the pair, you give a passphrase.  This passphrase is used to symmetrically encrypt your private key, then the public and encrypted private key are uploaded.  Your private key will never be present anywhere except temporarily on a locally running mail client applet.  Specifically, the Hushmail servers will never have your unencrypted private key.

The system inter-operates with systems that support OpenPGP, so anyone with a Hushmail account or a mail client that supports OpenPGP can send you encrypted mail.  The mail is encrypted with your public key before it gets sent.  When you log in, you get another applet from which you read your mail.  Your encrypted private key is sent to that applet, and you enter your passphrase and the key is decrypted locally.  This means that from the time the email is encrypted at the sender's mail client until the time you read it, the mail is inaccessible, even to the people who run the Hushmail service.  The applet code is open source, so you can inspect it for yourself.  Of course, if you give away your passphrase, then all security is lost.  However, even if they (Hong Kong based, I think) company is subpoenaed for your encrypted mail, they can't give it up.  They don't have the unencrypted private key.

You can also (of course) send and receive unencrypted mail for communicating with people who don't have OpenPGP.  You can sign such emails, and they can verify your signature at a webpage at the hushmail site simply by cutting & pasting the email.

The only points of vulnerability that I can think of are:
a) somehow they send you a bad applet that sends them or someone else your unencrypted private key.  Since you connect to the site over SSL, it would be as hard for a third party to send you a bad applet as it would be to break the standard credit card submission pages.  Of course, it's possible that the Hushmail people send someone a bad applet, but that is very unlikely since they would be throwing away their entire business model if they got caught.

b) you are careless with your password.

c) someone replaces your local JVM with one that recognizes the hushmail applet and saves off your private key after you give the passphrase.  Unless you're under investigation by some government body, I think we're just getting paranoid at this point.

Check it out at https://www.hushmail.com
---
Buy my stuff
[ Parent ]

now has Mozilla support (none / 0) (#101)
by xah on Thu May 09, 2002 at 12:23:05 AM EST

Hushmail is good. One other security vulnerability is that Hush company could theoretically be taken over by someone who doesn't like you. That's kind of James Bond, though.

Hushmail recently enabled support for Mozilla 1.0 RC1 and Sun Java 1.4. That's very good.

[ Parent ]

Hushmail (none / 0) (#99)
by wurp on Thu May 09, 2002 at 12:17:16 AM EST

Why hasn't anyone mentioned Hushmail?  It is very simple to use, freely available, and pretty damn secure.

It is a webmail service like hotmail or yahoo mail.  You can get a free account or a "premium" pay account.  I personally use a pay account for the extra space and because I want to support the service.

When you sign up, you download a Java applet that you use to generate your public/private key pair.  You squiggle the mouse around to generate entropy for the random number generator.  After creating the pair, you give a passphrase.  This passphrase is used to symmetrically encrypt your private key, then the public and encrypted private key are uploaded.  Your private key will never be present anywhere except temporarily on a locally running mail client applet.  Specifically, the Hushmail servers will never have your unencrypted private key.

The system inter-operates with systems that support OpenPGP, so anyone with a Hushmail account or a mail client that supports OpenPGP can send you encrypted mail.  The mail is encrypted with your public key before it gets sent.  When you log in, you get another applet from which you read your mail.  Your encrypted private key is sent to that applet, and you enter your passphrase and the key is decrypted locally.  This means that from the time the email is encrypted at the sender's mail client until the time you read it, the mail is inaccessible, even to the people who run the Hushmail service.  The applet code is open source, so you can inspect it for yourself.  Of course, if you give away your passphrase, then all security is lost.  However, even if they (Hong Kong based, I think) company is subpoenaed for your encrypted mail, they can't give it up.  They don't have the unencrypted private key.

You can also (of course) send and receive unencrypted mail for communicating with people who don't have OpenPGP.  You can sign such emails, and they can verify your signature at a webpage at the hushmail site simply by cutting & pasting the email.

The only points of vulnerability that I can think of are:
a) somehow they send you a bad applet that sends them or someone else your unencrypted private key.  Since you connect to the site over SSL, it would be as hard for a third party to send you a bad applet as it would be to break the standard credit card submission pages.  Of course, it's possible that the Hushmail people send someone a bad applet, but that is very unlikely since they would be throwing away their entire business model if they got caught.

b) you are careless with your password.

c) someone replaces your local JVM with one that recognizes the hushmail applet and saves off your private key after you give the passphrase.  Unless you're under investigation by some government body, I think we're just getting paranoid at this point.

Check it out at https://www.hushmail.com
---
Buy my stuff
[ Parent ]

I've used it, but... (none / 0) (#103)
by jugglhed on Thu May 09, 2002 at 12:28:44 AM EST

as has been mentioned elsewhere, it's not useful unless you get the people you're communicating with to use it, too. I had a couple of folks using it, but eventually we all said to hell with it.

[ Parent ]
Now supports OpenPGP (5.00 / 1) (#105)
by wurp on Thu May 09, 2002 at 01:06:03 AM EST

Hushmail will now inter-operate with mail clients that support OpenPGP, as I pointed out in my article. There are a couple of standard features missing from their mail service, though. Primarily multi-user contacts in the contact list and mail filters. Obviously only unencrypted mail could be filtered, but that would be all I would want.
---
Buy my stuff
[ Parent ]
Now see here (4.50 / 2) (#90)
by johnny on Wed May 08, 2002 at 09:15:11 PM EST

Just because I don't encyrpt, it doesn't follow that I can't encrypt. I'll grant you that in actual fact as a practical matter I don't encrypt, but that doesn't mean I can't. If I wanted to, of course, I could just go next door to see my friend & landlord and he could have me encrypting until the cows came home. Which reminds me, my rent is late!

Anyway, I fall into that demographic that iGrrrl & others have described: believe in privacy, don't do much about it (but I do surf without cookies, and I don't use cell phones and I don't use credit cards).

Why don't I use encryption, then? To quote our old friend Reb Tevye, "I will tell you: I don't know."

And lastly here's a tidbit that's somewhat off topic: I have a bunch of yahoo and hotmail accounts, and sometimes just for grins I send notes from one to the other with contents like this: "Let's kill George Bush. And let's do microbial warfare to Dick Cheney and Bill Clinton. I despise the Jihad. Let us anthrax the President until he is dead and let's assassinate the public safety."

I started this practice after one of our own K5 brethren was tracked down by the Secret Service on account of some of his posts here (which were quite benign, if you ask me.) So I decided to see if I could get a rise out of the Secret Service for mail sent from me, to me, and seen by none other.

Dear Wife Betty, looking over my shoulder one day & seeing one of these things, said, "what the hell is that?" I told her. She said to Youngest Daughter, "Your father is trying to get arrested again."

"No," I said. "It's illegal to threaten the President. But it's not illegal to talk to yourself."

Since then I think my wife and daughter have taken up the practice. I haven't caught an inquiry yet. But on the other hand, I live on Martha's Vinyard, and in a hundred hours fishing over the last decade I haven't yet caught a bluefish (it's nearly impossible to not catch a bluefish on Martha's Vineyard.)

Meta: OK yes I admit it, this is the kind of slashdotty post that generally gets modded to about 2.3 by our elite K5 post criteria. And if anybody else wrote this note I would agree that it's self-indulgent and noisome and meriting of a 2 or therebouts.

But hey, I am after all the eponymous johnny of the subject, and I rather think I deserve some slack. (Actually, the mere fact that Don Davis is my landlord should get me at least a 4 irregardless.)

yr frn,
jrs
Get your free download of prizewinning novels Acts of the Apostles and Cheap Complex Devices.

Bad Encryption is Worse than No Encryption (4.20 / 5) (#92)
by bodrius on Wed May 08, 2002 at 10:22:31 PM EST

The main reason I don't encrypt my email these days has been said already: I can't get other people to follow through.

But I would like to point out another, somehow related, reason I don't encrypt my personal communications:

Bad Encryption Practices Are Worse Than No Encryption.

As a college freshman I became moderately interested in cryptology/cryptography, so I set up my PGP key and harrassed my friends and family into using it for personal communications. I had always been a bit paranoid, after all. I also started reading on the subject, mostly from the historical angle which is what I was most interested in at that point.

Sure, it was a hassle to use, but that never stopped me before, and the tools got better with time.

The problem was that even when I got others to use the system, they wouldn't use the system properly.

What use is it to communicate securely through encrypted email if they send you redundant unencrypted messages "just in case"? Or if they change their public keys constantly because they deleted their private keys, or forgot their passwords, or just plain forgot they had one?

One thing that was constantly noted in most of the books I read about the subject was that encryption was usually defeated not by a mathematical weakness (even when it was weak), but because someone compromised information that was trusted not to be compromised through inconsistent practices.

Granted, the typical Joe is not battling a war or exchanging top-secret information, but the typical Joe wants to be able to send his address, phone and personal information to trusted individuals, exchange financial information with his family, etc.

What is the point of doing this securely if this information will be compromised by other people anyway? Since Joe is not battling a war, he has an option most governments don't: give up and use plaintext.

So not only do encryption tools need to be as transparent to the user to make it really easy to encrypt their email, they would have to safeguard the user from doing really stupid things with the system either. They would have to be omnipresent, and make it relatively hard for typical users to send unencrypted email in the first place even if they wanted to, for example, at least whenever a web of trust is implied.  
Freedom is the freedom to say 2+2=4, everything else follows...

Bad human factors (4.00 / 1) (#100)
by Majromax on Thu May 09, 2002 at 12:22:44 AM EST

One thing that was constantly noted in most of the books I read about the subject was that encryption was usually defeated not by a mathematical weakness (even when it was weak), but because someone compromised information that was trusted not to be compromised through inconsistent practices.
This is actually an interesting point. For a couple of my Computer Science classes, I have/had a professor who does Computer Forensics for a living. One day, after a story about searching for somethingorother on hard drives and how pitifully people try hiding things (a hidden partition, anyone? Caught the second they started imaging the drive for their records.), I asked him about how he deals with encrypted filesystems.

He ended up saying that it was quite difficult, but they usually get a break in that the suspect picks either a bad password or one they've used elsewhere, in a crackable medium.

The moral of this story is that I should come up with a good password before I try anything illegal. :)

[ Parent ]

Not mobile (4.25 / 4) (#94)
by aozilla on Wed May 08, 2002 at 10:52:48 PM EST

The second biggest reason I don't use PGP is that none of the people who send me email use it. The biggest reason is that I check my mail from too many different locations. Currently I check my mail using HTTPS when I'm not checking it at home with IMAP/SSL or pine/ssh. In order to effectively use PGP at school I would have to write a javascript version of PGP (and keep my password protected private key on the server), which I'd like to do eventually, but haven't yet. Another thing I'd like to do is have my SMTP program automatically PGP encrypt all email I receive which isn't already encrypted. This way even though the email is vulnerable during transit it's not vulnerable if someone hacks into my system, unless they also figure out the password on my private key (which has to be stored somewhere that I can access it from school, where I can't install software).

PGP ain't hard... (4.00 / 2) (#102)
by MalTheElder on Thu May 09, 2002 at 12:26:39 AM EST

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

K5'ers,

I've been using PGP since the old DOS days.  Sure it takes some attention to master enough of the command line options to make it functional, but that really isn't necessary anymore.  I haven't touched the command line to sign or en/decrypt an email since installing the PGP/GNUPG plugin for the Mozilla release candidate.  My bad---I do have to type in my passphrase.  I refuse to give that one to any apps' password manager :-)

The real issue here is the idea that everyone should be able to use every computer tool without knowing anything.  That's a fools' notion; M$ and many others have been pushing that brain-dead button-pusher attitude for 2 decades now.  We don't push that attitude for most other common tools---why computers and software tools?

And that, folks, is the real barrier to using encryption, and why Jonny won't use it.  They have been conditioned to believe these things are too hard for their little pea-brains.  WRONG!  Ignorance and fear != stupidity, OK?  OK.

For the record, I would much prefer to encrypt all my emails; as many other responders noted, most of their friends won't do it.  I try to actively, though (I hope) subtly, encourage them to adopt it.  One way is by PGP-signing all my emails.  For the first time in about a month I'm resorting to the command line to digi-sign *this* missive.  I can live with that.

Happy Thursday,
  Thumper

- ----------------------------------------------------------------
"Those who would give up essential Liberty, to purchase
 a little temporary Safety, deserve neither Liberty nor Safety."
      --- Benjamin Franklin

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQA/AwUBPNn6BkTrZEdmM7XjEQJtfwCggDwF2/6ui0a2PP3msH7quJW1EkAAoI5X
g6Wfc4JBblbIV/iGSExn/LQ1
=h1xp
-----END PGP SIGNATURE-----


I concur... (4.00 / 1) (#112)
by gordonjcp on Thu May 09, 2002 at 03:41:16 AM EST

The real issue here is the idea that everyone should be able to use every computer tool without knowing anything. That's a fools' notion; M$ and many others have been pushing that brain-dead button-pusher attitude for 2 decades now. We don't push that attitude for most other common tools---why computers and software tools?
You don't expect to be able to drive without some kind of driving lesson. It's a bad idea to attempt DIY without at least knowing a little about the tools you're using, or you risk drilling through your wrist. Anyway, if my mother can use crypto, after only having a computer for months, surely it can't be *that* hard?

Give a man a fish, and he'll eat for a day. Teach a man to fish, and he'll bore you rigid with fishing stories for the rest of your life.


[ Parent ]
It's not (5.00 / 1) (#123)
by juahonen on Thu May 09, 2002 at 08:30:30 AM EST

People just have the fool notion cryptography is something difficult experts-only stuff. And people demanding easier cryptographic solutions are doing nothing to dismiss that notion, in fact they are strengthening it by letting people know they think cryptography is really difficult, too.

The computer high-tech industry is build on the dream computer automation is transparent automation, that computers are able to do everything by themselves. This drives the urge of demanding simpler and more easy-to-use software and computer technology. This desire is not always suited for the purpose of the software or hardware tools.



[ Parent ]
I disagree (4.00 / 1) (#124)
by p3d0 on Thu May 09, 2002 at 08:32:08 AM EST

M$ and many others have been pushing that brain-dead button-pusher attitude for 2 decades now. We don't push that attitude for most other common tools---why computers and software tools?
I can think of lots of common tools for which we push exactly that attitude, and for which it has succeeded. Cars, televisions, elevators, bank macines, CD players, telephones, dishwashers, microwave ovens--all can be used without the faintest idea of how they work. Are computers so different?
--
Patrick Doyle
My comments do not reflect the opinions of my employer.
[ Parent ]
I disagree with that.... (none / 0) (#145)
by gordonjcp on Fri May 10, 2002 at 06:28:41 AM EST

The argument is not that people should know how computers work inside, but should know how to work them. It's not a case of knowing all the intimate details of the system, but how to operate it for best results.
For example, roughly how long would you nuke a slice of pizza for? 10 seconds? 30 seconds? 2 minutes? 25? Clearly, the key is being able to expect a certain result from a certain action.
You mention cars, which can indeed be used without the faintest idea of how they work. However, you do need to know how to work them. If this was not the case, then why can't people who learned to drive in cars with automatic gearboxes drive cars with manual gearboxes? The principle is simple ("Clutch in, select 1st, clutch up slowly while gently opening throttle, and releasing handbrake") but it takes some time to learn. Once you've done it a few times, it's second nature. Arguably, it's a good idea to know how cars work if you're going to drive them. If you know how they work, you can judge the effects of your actions more easily (ie. "Why is it a bad idea to race the thing up to 6500rpm and drop the clutch?").

Give a man a fish, and he'll eat for a day. Teach a man to fish, and he'll bore you rigid with fishing stories for the rest of your life.


[ Parent ]
PGP... (2.00 / 2) (#104)
by bjlhct on Thu May 09, 2002 at 12:42:57 AM EST

Well, I use gpg, not PGP anymore...you know who joined the NSA?

And remember, whowhatsit CAN break it if they really want to. They just can't break them all.

I think there's a chicken-and-egg problem here because it takes both parties. What it would really take for it to be used is a check box in the prefs. I figure we aughta have mail clients ask each other if they do X encryption when they send in the first message to an address. Then you have that check that encrypts it if they'll both do it. Hrm.

*
[kur0(or)5hin http://www.kuro5hin.org/intelligence] - drowning your sorrows in intellectualism

Mail clients don't talk to eachother (none / 0) (#109)
by 0xA on Thu May 09, 2002 at 03:02:10 AM EST

I figure we aughta have mail clients ask each other if they do X encryption when they send in the first message to an address.

What you're taking about here isn't mail.

Your client -> your server -> my server -> my client

If that was going to work you'd need to send an encryption discovery message to me, my client would reply the nex time I checked my mail, then you could send the message. Nasty.

On the other hand, an P2P or Instant Messenger product that would discover a common cypher and then send an encrypted message would be pretty cool. I'll have to give that one some thought.

[ Parent ]

Encrypted IM (none / 0) (#138)
by DJBongHit on Thu May 09, 2002 at 03:19:26 PM EST

On the other hand, an P2P or Instant Messenger product that would discover a common cypher and then send an encrypted message would be pretty cool. I'll have to give that one some thought.
Can't remember which one it is off the top of my head, and too lazy to Google for it, but I know that at least one (relatively) popular IM client has an encryption plugin of some sort... it maybe even uses GnuPG or something.

~DJBongHit

--
GNU GPL: Free as in herpes.

[ Parent ]
Trillian (none / 0) (#141)
by Cameleon on Thu May 09, 2002 at 07:02:26 PM EST

Trillian, an IM client for MSN, ICQ, AIM, Yahoo and IRC, supports encrypted IM ('secureIM') on the ICQ and AIM protocols. I think it uses Blowfish for encryption.

[ Parent ]
Jabber (none / 0) (#142)
by svampa on Thu May 09, 2002 at 07:20:30 PM EST

Jabber is an open IM protocol (and more). Jabber has GPL clients and servers implementations and may connect to ICQ, MSN, Yahoo, IRC etc.

It supports SSL and and there is at least a group working in PGP.



[ Parent ]
Crypo IM and P2P (none / 0) (#149)
by chayes on Fri May 10, 2002 at 11:04:11 AM EST

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

BLAIM is a plugin for gaim that uses blowfish.  Unfortunately, there is so much controversy surrounding crypto that conglomerates won't incorporate it into their software.  And, of course, when other people try to, they give them hell too.

On a side note, thinking of P2P software, freenet already exists, and myself a few friends were discussing using it's capabilities for a cryptomail type system.  If anyone has any ideas, feel free.

Cap
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (OpenBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjzb3hYACgkQ56DJO/OIsQ7AqACeJFJ5N/Ud8OwErjymbtZEnBfS
lP0Ani+WU+IZZTh28YS6YWBs7fhpMnw0
=p0z3
-----END PGP SIGNATURE-----

All your anecdote has poited out was that CDs and CD-players are violent, which has long been known to be true. The games themselves, however, are but passive riders on these cruel creatures, and are not violent. --gnovos
[ Parent ]

Mail headers? (none / 0) (#162)
by Doubting Thomas on Tue May 14, 2002 at 11:55:49 PM EST

I've seen many people put their public key or a link to it in their sig file. If mail clients put this information into the mail headers, it would make it trivial for enabled clients to initiate a secure conversation with less human intervention.

[ Parent ]
Expanded Address Books (none / 0) (#164)
by Steve C on Tue May 28, 2002 at 11:49:37 AM EST

What if mail clients automatically picked up PGP keys from the bottom of mails sent to them, and stored it in their address book?

The mail client could automatically encypt messages to that person without the sending user having to intervene. And since that person's sending out their key, you know they're up for some hot encrypting action.

It's automatic, it's 'infectious' (in that once it's happening, it prompts more people to get it),  and it has no feeling of geekiness to put the less tech-loving users off.

[ Parent ]

Encryption is useless for me... (3.00 / 2) (#108)
by johwsun on Thu May 09, 2002 at 02:16:54 AM EST

..encryption will become usefull for me only if someone will use it either for digital money or (especially) for computer voting.

I have nothing to hide, I have nothing to keep, so I dont use encryption.

Signing (none / 0) (#128)
by hardburn on Thu May 09, 2002 at 09:46:20 AM EST

If you don't care about your privacy, then you can at least use it to sign your e-mails. I think this aspect of modern crypto will become more important since spammers have recently taken up forging headers and sending their junk in your name. If you cryptographically sign all your mail, you can tell everyone "I didn't sign it, I didn't send it".


----
while($story = K5::Story->new()) { $story->vote(-1) if($story->section() == $POLITICS); }


[ Parent ]
"I didn't sign it, I didn't send it". (none / 0) (#143)
by johwsun on Fri May 10, 2002 at 02:06:23 AM EST

..thats right dude! I have never sign an e-mail, I have never send ANY e-mail in my whole life. Actually I dont know what a computer is, and I use my monitor's glass as a mouse pad! "I didn't sign it, I didn't send it". Thats EXACTLY the reason I dont sign my messages... ;-)

[ Parent ]
Hotmail (4.00 / 1) (#120)
by blah-Hipo on Thu May 09, 2002 at 05:51:39 AM EST

does anyone know of anyway to integrate the encrpyting/decrypting of messages with hotmail? Other than using hotmail through outlook/outlook express? Any info would be greatly appreciated! -Neal

cut-and-paste (none / 0) (#127)
by kubalaa on Thu May 09, 2002 at 09:37:37 AM EST

AFAIK the PGP client makes it quite easy to encrypt and decrypt from the clipboard. Not ideal, but if you can get used to using your web browser as a text editor, you can get used to this. Maybe it's possible to create a request-rewriting proxy that does this seamlessly, but if you're in a position to use such a proxy you probably aren't using hotmail. Or a third idea would be to reverse-engineer the cookie magic that goes into talking to hotmail and create your own client-side interface...

[ Parent ]
You're giving me encryption guilt. (4.00 / 2) (#121)
by elenchos on Thu May 09, 2002 at 06:26:14 AM EST

I don't have anything to hide and I don't care a whole lot. So I really don't want to fuss with encryption, especially if it means risking my little notes to my friends and associates not getting read. But all these noble and important people hard at work shaping the destiny of Man are being made to look guilty of something just because I don't encrypt.

And I was losing sleep because sometimes I don't recycle. Thanks.

Adequacy.org

Johnny needs to not ever need to know. (4.66 / 3) (#122)
by S1ack3rThanThou on Thu May 09, 2002 at 07:07:26 AM EST

The only way you'll ever get a decent amount of security amongst the less technically savvy of the world is to make it happen without them knowing about it.

As has been bandied about regarding M$ and 'secure by default'; the only way to get people to use encryption is to make their email clients do it on their own, as a default option. Most people never go near the options/preferences section of their software for fear of breaking things. If encryption was "the norm" people would use it just because that's how you send email.

Of course this would require that certain companies would want their customers to use encryption on their email...

"Remember what the dormouse said, feed your head..."

Not security, privacy. (none / 0) (#147)
by Peaker on Fri May 10, 2002 at 09:48:56 AM EST

You're taking about privacy, not security.

And it seems that you are trying to force this privacy on people. If they don't give a damn, why do you?

[ Parent ]

A response to many: (4.80 / 5) (#130)
by GeorgeH on Thu May 09, 2002 at 10:43:06 AM EST

When I talk about encryption with people, I get a response that I see echoed here: "I don't have anything to hide!"

If you are not using encryption because you don't have anything to hide, please post your mailspool as a response to this message.

I would but... (none / 0) (#146)
by Peaker on Fri May 10, 2002 at 09:47:04 AM EST

that would take extra effort.

I don't have anything to hide is not the same as "I want everyone to read my mail", but the same as "I don't give a damn". So why would anyone not giving a damn take the effort of publicizing his mail?

[ Parent ]

Yet another response (none / 0) (#148)
by chayes on Fri May 10, 2002 at 09:52:45 AM EST

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Well, I'm new to Kuro5hin as far as posting goes, so don't hold it against me too much!

I've been looking over the responses here, and I agree whole heartedly with George here.  If you really haven't anything to hide, then please post your mail spool here.  

I suppose you're thinking, this man is a fool, I'm not going to willingly hand my mail over to just anyone, but in all reality you are.  Carnivore is one thing, and system administrators are another.  I am one, so I suppose I would know.  You think you've got privacy, that noone care about your little email to Suzy down the street or whatnot, but you're wrong.  If I'm doing account maintainence and I notice something that I get a kick out of, trust me, it doesn't stop at my eyes.  

ISP mail servers are notorious for being insecure, Road Runner runs their mail servers on M$ Exchange, RR being one of the more common ISP's in North America.  So, even if their admins aren't looking at your mail, and big brother isn't looking at your mail, what's to stop an individual who's comprimised their system from finding out things like your latest telephone number ("reverse listing on 555-5555 please"), about your inheritence money you just got, or any other personal details you might mention in a little not to a friend or relative.

We can of course take things into a different light all together, what if at the moment, no one is looking at your email, and they have no means to do so.  Now seems like a good time to be able to transfer personal records electronically, college transcripts, SAT scores, criminal records, bank statements, and other various accounting needs.  It seems very likely at this point that someone is going to start taking interest in your email account, and wouldn't it be nice to be able to protect that data?  There are of course other benefits to PGP, such as a standardised digital signature format.  People can always verify that it is you sending them the information because they can check your signature.  They can verify fingerprints, and if they know how to get in touch with you, they can do it in person or over the telephone in order to make it even more unlikely that it has been forged.

Now the onlu question that remains is how to get people to use it.  Well, the first step of course, is to start signing your emails with your PGP key.  The more people you send email to, the better.  Maybe only 1 in 100 will be an enquiring mind that doest know what PGP is, but that one person will look it up, if they respect you and are reasonable, they may even start using it and telling their friends.  Making PGP user friendly isn't hard, it's already been integrated into pine, command line is as simple as:

$ gpg --clearsign draft
entering a passphrase and:
$ cat draft.asc

Copy and paste, you can even use it in Hotmail!

GUI's are more common than ever, and I've seen some very decent ones for PGP.  At any rate, this has turned into a bit of a rant, and I'll stop.

Cap
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (OpenBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjzbzNwACgkQ56DJO/OIsQ7FHwCgmIghcVnMhB/T+oZug2TFVnR/
HmsAn3F5v84+d6Pcn8zjYm4LvsppvRkc
=fsUX
-----END PGP SIGNATURE-----
All your anecdote has poited out was that CDs and CD-players are violent, which has long been known to be true. The games themselves, however, are but passive riders on these cruel creatures, and are not violent. --gnovos
[ Parent ]

I don't want to hide so much (none / 0) (#156)
by svampa on Sun May 12, 2002 at 09:12:57 PM EST

The common response is not "I don't have anything to hide" but "I don't have so much interest in hiding my mail to bother with keys rings etc"



[ Parent ]
that post a message link was really hidden, anyway (3.50 / 2) (#131)
by jonc on Thu May 09, 2002 at 10:46:50 AM EST

Most people care about privacy on the web but for them it means someone stealing there credit card infomation, and in which case they are using a form of security, SLL, and they do it without ever having to anything special. Maybe not uber secure, but probably good enough for most of the time. I think users care about all types of privacy on the web, but don't know what to do about it, i imagine half of them think their norton antivirus is taking care of it. "it makes my machine safe", they say, just before they drift into blissfull good nights sleep.

I'm a "Hardcore geek", but i don't give a rats ass about securing my email, because one: i don't have anything to hide, and two: I don't want to go through the bullshit. I don't see why non geeks would do more.

and What would encypting my email solve? Right now i say nothing interesting over my email, so making my email secure would make my boring emails private, i mean it's neat, and it's neat and geeky, but i don't really care that much, and why should i? On the off chance that someone somewhere might see something interesting on my email, seems pretty unlikely, it seems to me likes it's 99% work for %1 chance of prevention.

-Jon

Because... (3.85 / 7) (#132)
by joto on Thu May 09, 2002 at 11:16:42 AM EST

  1. Nobody else uses it.
  2. It is a hassle to set up (not just for me, but also for the recipient).
  3. I can't use it on my hotmail/yahoo/whatever account.
  4. I would have to trust the owner of the machine in order to enter my secret key there, that works good for home machines, but not good for when the machine is owned and maintained by my employer, and certainly not when I am travelling.
  5. Multiple secret keys is even more of a hassle.
  6. I don't need secrecy that much, and if I do, there are often other alternatives then encrypted email.
  7. My bank already offers a perfectly ok web-interface with one-time (or at least time-based, what do I know) encryption keys.
  8. For personal communication, I generally prefer to talk face to face, which is both more secure, and conveys emotion better.

That doesn't mean that it wouldn't be a good thing to have. But simply adding a pgp-key to my outgoing email wouldn't buy me much more than confused recipients who wonder what that stuff at the bottom of my email were (it could just as well be a geek code for them).

If somebody went out of their way to make the next generation email-system, incorporating the best of smtp and instant messaging, which had transparent (but optional) encryption, verification of sender as well as recipient, tracking of read and unread messages, made sure it was backward-compatible with standard email, and interoperable with sms, stored my email on a central internet accessible server so I could access it anywhere in the world (but used one-time encryption keys, so I didn't have to trust the owner of the computer when reading it), and made sure it would have at least a web-interface, and a native client for Windows and Linux, that were all both user-friendly and free (as in without cost, and without spyware, but not necessarily as in GPL) so I could convince my friends to use it, and there were companies offering to host your email-account both for free and/or for reasonable fees, then I would certainly consider switching.

(Bottom line: the benefits of encryption (when it comes to email) today, are so small that they don't even compete with the minimal amount of hassle to make it work.)

Hushmail (none / 0) (#163)
by Ryan Singer on Tue May 21, 2002 at 04:12:32 PM EST

as easy to sign up for and use as Yahoo! or Hotmail, and it uses almost transparent PGP-based encryption, over a SSH connection to the webbrowser. It also automagically fetches the public keys of other hushmail users you are mailing to, to make the encryption as invisable to you as possible. Phil Zimmerman consults Hush Inc on use of encryption, and the entirety of hushamil uses Open-PGP.-Ryan

[ Parent ]
Why Johnny can't vote (3.00 / 1) (#140)
by ambivalence on Thu May 09, 2002 at 06:58:34 PM EST

Me thinks these barriers can also be found in the area of voting. Worldwide, the number of people voting for their local or national representative have declined (where voting is not mandatory). I do not think the fenomena that people just don't interest themselves for thing they cannot understand or feel do not concern them is particular to the field of computing or coding in specific. We won't make people encode their document or vote more by making it more simple, but by making them see the need for it ( maybe by using internet voting we can't get people interested in voting, but coding does become interesting there ).


Violence is the last refuge of incompentence
Johnny wants to vote desperately! (none / 0) (#161)
by johwsun on Tue May 14, 2002 at 02:34:51 AM EST

YOU dont give him the right to vote. I remind you that democracy is voting for decisions, not for persons.

Johnny really wants to vote! Believe me! I challenge you to create a voting system and you will see Johnny voting like a mad cow!

[ Parent ]

One more for the books (5.00 / 1) (#150)
by chayes on Fri May 10, 2002 at 02:43:08 PM EST

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

My dearest K5'ers.  I'm new to posting, but I've lurked around here off and on.  Been a slow day at work, so I've g
one and made a few posts.  Because there are so many things in other posts that I want to address, I'm just going t
o give up and start a new thread.

Where do we go with this problem?  I've spent most of the day supporting the use of private key crypto, and honestl
y I'm pretty tired of it.  As you can see, I use gpg, on a very regular basis none the less.  Should you, as a resp
onsible network user, employ encryption?  Yes.  Why should you employ it in every activity?  Because we're trying t
o create popular demand.  Without that, we cannot expect a product to do well enough to have significant breakthoug
hs.  As we all know, capitolism drives technology, and without product demand, very little gets done.

Do I really care if other people can view your emails and private information?  Not really, quite frankly you deser
ve what you get.  If you're informed and choose to do nothing about it, then I hope you get what's coming.  Do I ca
re about johnny, who has no idea what crypto is and how to use it?  Yes, I want him to understand privacy products
are available, that he is by no means protected by his ISP, and that it is up to him to decide what to do about it.
  If johnny decides to also be an irresponsible network user, then so be it.  He deserves what he gets too.  

The only real thing that upsets me about all of this, is the fact that the people who say "I don't have anything to
 hide", "what have you got to hide?", and other such things, are also the same people that are willing to sign away
 their privacy rights.  In a republic, this causes a serious problem, because when the majority of people are uninf
ormed and complacent, it allows for tyranny.  So, if you're not going to cherish your own privacy, then at least re
spect the fact that others do and try not to sign theirs away in your laziness.

Some suggestions for improvement:

As mentioned in an earlier post, FreeNet is a very good basis for a completely crypto based mailing system.  The "m
ail" client searches for files encrypted with your key, retrives them, and decrypts them.  This of course is NOT a
completely automated procedure.  The user is going to need to type their password in every time they open their mai
l client.  This would of course involve temporary password cacheing which the user could turn off.  As well, though
 I would not suggest it, the software developer *could* add a little "Save Passphrase" check box.  Key exchange is
an issue which myself and my friends have not completely solved.  The best option we've come up with is a public di
rectory server, where freenet users can look up individuals who post their keys there.  If an individual wishes to
reamian anonymous, he can always choose to exchange his key on an individual basis.  

The other advantage to using this system is that the mail system is not dependant on one network, or one data cente
r, but is distributed and fairly redundant.  Aside from the key exchange, which could be made relatively simple, th
is process is completely transparent to the user, adding that ever longed for benefit of not having to explain a th
ing to them.

The only problem that we have thus far forseen with this setup message delivery times.  The individual can set a ma
x hops that the client searches to, and if their message hasn't propagated that far along the network, they won't g
et their message right away, however because of the way freenet functions, it will eventually get to them.

On possible sollution to this dilema is individuals who wish to put up a message publishing server.  The idea behin
d this being that the client can have an area where you can place default hosts to publish your emails to, which wo
uld propagate between each other, and anyone who publishes to them, as well as having the added benefit of having y
our message posted in more than one spot, giving even more redundancy

Well, I would continue, but I doubt anyone here wants to read a book written by me on a slow day at work.

Cheers,

Cap
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (OpenBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjzcEIUACgkQ56DJO/OIsQ4zogCfVsYxa8ZVyODKFuktFaV1VrNw
G5UAoIHNPx93gPR731H3iRrU1GIF+9Wf
=fWB4
-----END PGP SIGNATURE-----
.

All your anecdote has poited out was that CDs and CD-players are violent, which has long been known to be true. The games themselves, however, are but passive riders on these cruel creatures, and are not violent. --gnovos

"Why Johnny Can't Encrypt" | 166 comments (155 topical, 11 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!