Risk Assessment

Richard Lynch lynch at cognitivearts.com
Thu Oct 22 22:06:16 CEST 1998

First and foremost thanks to everybody for their assistance to a completely
ignorant gpg user, ESPECIALLY Werner who went out of his way to help me
with all sorts of stupid Unix/Windoze/NT/c/configure/make questions.

I ended up rebooting under Windows 95 rather than continue down the path of
trying to compile under CygWin32 on NT for myself.  Actually, while I
couldn't get it to generate keys under Win NT, it does the decryption fine.
I'm a happy camper.

I've finally succeeded in transmitting a gpg-encrypted message and
decrypting it.  I'd like to automate the process for my "e-commerce"
[sorry] system.

Along the way, I've realized that there is simply no viable way to get the
level of security that most of you expect, and I'm definitely fudging some
corners here on security.  However, I'd appreciate a risk-assessment from
folks who understand this stuff, now that I have a better idea of what I'm
doing, particularly the wrong things... I know they're wrong, I just don't
know how wrong they are. :-)

The goal is to transmit online orders for CDs to my online clients without
actually spending any of their money, since they don't have any.  They're
mostly starving musicians you never heard of... Yet.  If they get famous
we'll farm out the web-site orders to somebody with more $ecurity.  Not
this week.

So how risky is it, and how could it be hacked, when I:

Did everything via telnet, since my ISP is 1000 miles away.

Generated keys using insecure memory, since I can't chown the binary to root.

Exported all the keys and then the secret keys (--export-secret-keys isn't
listed in -h, btw).

Elected not to use a passphrase, since it would be in a web-site script,
which is publicly visible anyway.  Yeah, I *could* create a third script in
a secure area to call that would spit the password out to the encryptor...
if I knew exactly how to do that...

Sneaker-netting the public and secret keyrings to my client's Windoze box
and importing there, with insecure memory, and no real random device.

Will be encrypting the data with insecure memory from a PHP web-script.
Or not upgrading as often as I should.
The ISP gave me compiler access, but I still can't chown the binary to
root, nor seriously expect them to do so every few days...  Would there be
a way that your average paranoid ISP would be able to let me chown a
specific file to root?...

E-mailing the encrypted order to the client.

The decrypting is all being done by a user on a windows box, who
understands infinitely less of this stuff than I do, if you can believe
that. :-)

I'd appreciate any feedback on these points.

I suspect I'm still not using the whole secret/public keys properly...  I
generated all the public and secret keyrings on the Unix box (via telnet)
and then exported them to the Windoze box...  In retrospect, perhaps it
would have been better to generate the client's secret keyring on the
Windoze box and export only the public ones from each to the other.  But
I'd be trading the telnet/RAM-sniffing risk for the crappy RNG (hey, that
stands for Random Number Generator, doesn't it?!) on Windoze.  My hatred of
Windoze made me assume that it was still better to do it all on Unix.

Oh yeah, all those +s and -s that went by during the random generation...
Can any meaning be assigned to their occurrences?  I mean, can y'all watch
them go by and say, "Uh oh, better do it again, not random enough."?

I can redo the key generation, since I'm not trying to automate that.

Why do I get the feeling that there's a lot of folks out there that are
just taking credit card orders on a "secure" server, and then transmitting
them in clear-text via e-mail to their storefront POS credit-card
machines?...  There *have* to be people other than me who are
unable/unwilling to pay CyberCash rates...


-- "TANSTAAFL" Rich lynch at cognitivearts.com      webmaster@  and www. all of:
R&B/jazz/blues/rock - jademaze.com         music industry org - chatmusic.com
acoustic/funk/world-beat - astrakelly.com      sculptures - olivierledoux.com
my own company - l-i-e.com               uncommon ground - uncommonground.com

More information about the Gnupg-devel mailing list