Les wrote: > My question here is how safe is the process, and how do you > implement it personally to ensure it is safe? That question requires the answers to other questions. Firstly, who is the attacker you wish to be safe from? The steps you would need to take to be "safe" from an entity like the government of a G7 nation is different than for nosy ISP's, script kiddies, family members, etc. You also need to determine the value of the information you wish to protect. > Moreover, can you estimate the risk being taken with the > information. So, for mailing list posts to a public list, I'm quite at ease. Mostly I sign my messages out of habit and for easy verification should a list ever mung up my messages or another person tried to pretend to be me (leaving aside the obvious question of why anyone would ever want my identity :). > Is it safe for a year, a day or a century, given the resources > available today? Is the process by which the keys are distributed > and used available to anyone, and can they be falsified, and would > falsification reduce the security of the process? With an open, decentralized system like PGP, you can control all of this. You can choose to trust whomever you wish. You can look over the code that is used to generate keys if you want. As far as falsification, someone can generate a key that has my user id (name and email address in my case). But they cannot create a key that matches the keyid and fingerprint of my key. Part of the process of using public key crypto involves verification of that key info before assigning trust and validity to a someone elses key. > Where are the instructions available for implementing the process.For > example, David, your messages give me the warning Valid signature, > cannot verify sender. This would be because you've not verified his key. In PGP, you have validity and trust. Validity is applied to a key, trust is applied to a person. If you wanted to trust David's signatures in important situations, you would need to verify (validate) his key. Let's assume that you know David already, to the extent that you don't need to check his ID to know he really is the David that you want to converse with. You could verify his key by meeting him and exchanging key information with him (user id, size, type, key id, and fingerprint). You then tell PGP that you've verified this info by certifying (signing) his key. His key is now valid as far as PGP is concerned. Trust is something which you can assign. For instance, you could choose to trust David fully (I'd advise against this :). This means that if he were to sign my key and then I sent you my key, PGP would see it as valid -- because it was certified by someone you trust fully. You could also choose to trust someone only marginally. It would take several signatures from marginally trusted people to make a key that you haven't signed valid. This is known as the web of trust and it's how you can end up verifying keys from people you've not met directly. Of course, you get to choose who you trust and how much you trust them. > In the case of double encryption, as in the case of "shared secrecy" > for PGP, how secure is the result? I'm not sure I follow you here. What exactly do you mean by double encryption and "shared secrecy" ? In PGP, messages are encrypted using a symetric cipher like AES. The key that's used for this encryption (the session key) is generated randomly. This key is then encrypted with an asymetric cipher like RSA. This is done for each of the recipients. When the you receive the message, you unlock the session key with your private key, and then the message itself it decrypted. > Also if parallel attacks several tens of thousands wide are > attempted, how secure it the information and for how long? If you have attackers with that sort of resources, you don't want to trust the advice of anyone on a public mailing list. You'd want a high grade security consultant. :) You also want to think about whether the resources it would take to crack a PGP encrypted message would be worth the cost, or if there were better ways to break your secret. In most cases, it's far easier to use a rubber hose attack to beat the information out of you. Another tactic the government is using these days is to install a key logger on the victim's computer (using one of those nifty secret warrants). [1] > If a new view of decryption comes along, what will become of the > algorithm and how will we know when it is broken? The PGP system uses more than one cipher and allows you to choose which you prefer. Should one of them begin to look vulnerable, you can switch to another. MD5 was used as the hash algorithm in the early versions of PGP, but it is very much deprecated now because it is not nearly as secure as it needs to be. SHA1 is following a similar path. As an example, here are the algo preferences on my current key: Cipher: AES256, AES192, AES, CAST5, 3DES Digest: SHA512, SHA256, RIPEMD160, SHA1 Compression: ZLIB, BZIP2, ZIP, Uncompressed (The 3DES and SHA1 are implicit preferences, used by default in PGP if no other common algorithms can be used.) > What if I used something like n-dimensional ffts against a noise > added attack, would the key and data break apart like virus attacked > dna? If you can do that, then you could be a famous geek. :) > But to keep it simple here, is there somewhere a guide that gives step > by step what do do to ensure the following: > 1. you can use pgp signatures in both sending and receiving email. > 2. Instructions for implementing, posting and using your own > signatures. > 3. the means of generating shared secret posts. > 4. what to do if you discover that your signature and encryption is > broken. > 5. some estimate of the safety of the algorithms used. I'd probably start with some of the documentation available at: http://www.gnupg.org/(en)/documentation/ Some of it is getting old now, but I am sure it is still quite useful. [1] http://news.com.com/8301-10784_3-9741357-7.html -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In the province of the mind, what one believes to be true either is true or becomes true. -- John Lilly
Attachment:
pgp7n8W2cdzqF.pgp
Description: PGP signature