Feb 23 2017
First and foremost I have to pay respect to PGP, it was an important weapon in the first cryptowar. It has helped many whistleblowers and dissidents. It is software with quite interesting history, if all the cryptograms could tell… PGP is also deeply misunderstood, it is a highly successful political tool. It was essential in getting crypto out to the people. In my view PGP is not dead, it’s just old and misunderstood and needs to be retired in honor.
However the world has changed from the internet happy times of the ’90s, from a passive adversary to many active ones – with cheap commercially available malware as turn-key-solutions, intrusive apps, malware, NSLs, gag orders, etc.
Archive & Compromise
Today it is cheap for a random spy agency to archive all encrypted messages for later decryption – if necessary. A few years ago in the spy files of Wikileaks there wasFinfly ISP (PDF) – a proxy that infected binaries during download at the ISP. Since then the hacking team leak got us an in-depth look at who is buying this kind of mass spy gear. While Data Retention is repealed in the EU by the court in Strasbourg, many countries still practice this, in addition to taps by domestic intelligence agencies which can easily filter out PGP messages. Deploying some malware on persons of interests to recover their secret keys and the password is a cheap operation that can be executed even after minimal training.
What discussion about PGP’s obsoleteness lacks, is something that is very much required in cryptographic discourse: the adversary model, a set of actions the adversary can perform. Those cryptographic adversary models however, might be a bit to deep mathematics for many end-users, for them I came up with the quite populist 4c model, there’s only four generic adversaries classes:
• Country-level actors
Is PGP a reasonable tool to protect against other citizens? Probably yes, unless your kid or wife’s PI installs a remote access trojan (aka is an active adversary). Is it good against criminals? Probably, but only because it’s not economical for criminals to extract value from your cryptograms. Does it protect against corporations? Probably as long as they stay within the law and don’t siphon down everything they find anyway (i.e. smartphone apps). Does it protect against country level actors? Most probably not.
Consider your average investigative journalist or whistleblower, with windows or a mac, that they haven’t updated because then their kids favorite game doesn’t run anymore or they simply don’t want windows 10. An encrypted message archiving adversary is able to read your mails using a simple active malware attack, copying your secret key and logging your password for it. After this is captured, the malware can and should remove itself.
In “first” world countries like France where there’s now a “state of emergency” or the UK with their snoopers charter or the dutch who just passed another dystopian dragnet surveillance bill, this directly affects climate activists as much as labor unions or journalists. The case is probably even worse in Turkey or any of the Eastern Bloc states. This makes forward secrecy a mandatory requirement, as this implies that the malware has to be constantly active and thus also enhances chances of detection and mitigation, and also requires much better trained personal to operate.