Thoughts on GnuPG and automation

Hans of Guardian hans at guardianproject.info
Tue Mar 3 18:26:03 CET 2015


On Mar 3, 2015, at 5:01 PM, Robert J. Hansen wrote:

> Hans, please trim your quoted material.
> 
>> They would need to use a specialized system, and that specialized
>> system might then be a marker of suspicion (for example, lots of
>> governments, including the NSA, already mark all PGP messages as
>> suspicious).
> 
> Unless you've got a desk somewhere deep inside Fort Meade and you're
> sitting in on briefings the rest of us aren't, you don't know this.
> 
> There's a lot of panic and paranoia in the air already without people
> making it worse by treating what they *think* is true as if they *know*
> it's true.
> 
> (I don't know if what he's claiming is true or false... but I *do* know
> that I don't believe his certainty, and I wouldn't believe anyone else
> who claimed to be certain, either!)

This is definitely public information from the Snowden leaks.  There is also quite a bit of information about other governments doing similar things.  Here's one example article:

http://www.forbes.com/sites/andygreenberg/2013/06/20/leaked-nsa-doc-says-it-can-collect-and-keep-your-encrypted-data-as-long-as-it-takes-to-crack-it/

> 
>> trumpeting "ease of use" above all else.  We are seeing systems like 
>> keybase.io that make things really easy, but also expect users to 
>> upload their _private_ key to some alpha web service.
> 
> keybase doesn't expect users to upload the private key.  It works just
> fine if you don't, and in fact you have to go through an extra couple of
> steps to put the private key on the keybase servers.
> 
> For some use cases this is a good practice.  For many more it's a bad
> practice.  But it's way too facile to simply say,
> 
>> That is terrible security practice.

keybase has started to downplay the private key stuff.  When it started, you had to upload your private key to use the service.

Uploading your private key to keybase sets people up for a centralized system with terrible security. It'll be an obvious target, and they are a startup doing webby things, which also has a terrible security track record.  There are so many exploits in ruby, javascript, etc.  The fact that they even considered this an option just shows that they only care about easy, not about secure.

.hc


More information about the Gnupg-users mailing list