Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Pretty Good Privacy
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===Security quality=== To the best of publicly available information, there is no known method which will allow a person or group to break PGP encryption by cryptographic or computational means. Indeed, in 1995, [[cryptographer]] [[Bruce Schneier]] characterized an early version as being "the closest you're likely to get to military-grade encryption."<ref>{{cite book| last =Schneier| first =Bruce| author-link =Bruce Schneier| title =Applied Cryptography| publisher =[[John Wiley & Sons|Wiley]]| date =October 9, 1995| location =[[New York City|New York]]| page =587| isbn= 0-471-11709-9}}</ref> Early versions of PGP have been found to have theoretical vulnerabilities and so current versions are recommended.<ref>{{Cite magazine|last=Messmer|first=Ellen|date=August 28, 2000|title=Security flaw found in Network Associates' PGP|url=https://books.google.com/books?id=JxkEAAAAMBAJ&pg=PA81|magazine=[[Network World]]|location=Southbourough, Massachusetts|publisher=IDG|volume=17|issue=35|page=81|via=Google Books|access-date=May 2, 2017|archive-date=October 5, 2024|archive-url=https://web.archive.org/web/20241005182347/https://books.google.com/books?id=JxkEAAAAMBAJ&pg=PA81#v=onepage&q&f=false|url-status=live}}</ref> In addition to protecting [[data in transit]] over a network, PGP encryption can also be used to protect data in long-term data storage such as disk files. These long-term storage options are also known as data at rest, i.e. data stored, not in transit. The cryptographic security of PGP encryption depends on the assumption that the algorithms used are unbreakable by direct [[cryptanalysis]] with current equipment and techniques. In the original version, the [[RSA (algorithm)|RSA]] algorithm was used to encrypt session keys. RSA's security depends upon the [[one-way function]] nature of mathematical [[integer factorization|integer factoring]].<ref>{{cite book |last=Nichols |first=Randall |title=ICSA Guide to Cryptography |publisher=[[McGraw-Hill|McGraw Hill]] |year=1999 |page=267 |isbn= 0-07-913759-8}}</ref> Similarly, the symmetric key algorithm used in PGP version 2 was [[International Data Encryption Algorithm|IDEA]], which might at some point in the future be found to have previously undetected cryptanalytic flaws. Specific instances of current PGP or IDEA insecurities (if they exist) are not publicly known. As current versions of PGP have added additional encryption algorithms, their cryptographic vulnerability varies with the algorithm used. However, none of the algorithms in current use are publicly known to have cryptanalytic weaknesses. New versions of PGP are released periodically and vulnerabilities fixed by developers as they come to light. Any agency wanting to read PGP messages would probably use easier means than standard cryptanalysis, e.g. [[rubber-hose cryptanalysis]] or [[black-bag cryptanalysis]] (e.g. installing some form of [[trojan horse (computing)|trojan horse]] or [[keystroke logging]] software/hardware on the target computer to capture encrypted [[Keyring (cryptography)|keyrings]] and their passwords). The [[FBI]] has already used this attack against PGP<ref>{{cite web |url=https://www.epic.org/crypto/scarfo.html |title=United States v. Scarfo (Key-Logger Case) |publisher=Epic.org |access-date=2010-02-08 |archive-date=October 8, 2021 |archive-url=https://web.archive.org/web/20211008114412/https://www.epic.org/crypto/scarfo.html |url-status=live }}</ref><ref>{{cite web|last=McCullagh |first=Declan |url=https://www.cnet.com/news/feds-use-keylogger-to-thwart-pgp-hushmail/ |archive-url=https://web.archive.org/web/20170324015726/https://www.cnet.com/news/feds-use-keylogger-to-thwart-pgp-hushmail/ |url-status=dead |archive-date=March 24, 2017 |title=Feds use keylogger to thwart PGP, Hushmail | Tech news blog β CNET News.com |publisher=News.com |date=July 10, 2007 |access-date=2010-02-08}}</ref> in its investigations. However, any such vulnerabilities apply not just to PGP but to any conventional encryption software. In 2003, an incident involving seized [[Psion (computers)|Psion]] [[Personal digital assistant|PDA]]s belonging to members of the [[Red Brigades|Red Brigade]] indicated that neither the [[Italian police]] nor the FBI were able to decrypt PGP-encrypted files stored on them.<ref>{{cite web|last1=Grigg|first1=Ian|title=PGP Encryption Proves Powerful|url=https://www.metzdowd.com/pipermail/cryptography/2003-May/004808.html|date=2003|access-date=February 15, 2022|archive-date=October 5, 2024|archive-url=https://web.archive.org/web/20241005182349/https://www.metzdowd.com/pipermail/cryptography/2003-May/004808.html|url-status=live}}</ref>{{Unreliable source?|date=June 2018}} A second incident in December 2006, (see ''[[In re Boucher]]''), involving [[United States Customs Service|US customs agents]] who seized a [[laptop PC]] that allegedly contained [[child pornography]], indicates that US government agencies find it "nearly impossible" to access PGP-encrypted files. Additionally, a magistrate judge ruling on the case in November 2007 has stated that forcing the suspect to reveal his PGP passphrase would violate his [[Fifth Amendment to the United States Constitution|Fifth Amendment]] rights i.e. a suspect's constitutional right not to incriminate himself.<ref>{{cite web |last=McCullagh |first=Declan |url=https://www.news.com/8301-13578_3-9834495-38.html?tag=nefd.blgs |title=Judge: Man can't be forced to divulge encryption passphrase | The Iconoclast - politics, law, and technology - CNET News.com |publisher=News.com |date=December 14, 2007 |access-date=2010-02-08 |archive-date=October 5, 2024 |archive-url=https://web.archive.org/web/20241005182348/https://www.cnet.com/?tag=nefd.blgs |url-status=live }}</ref><ref>{{cite web |last=McCullagh |first=Declan |url=https://www.news.com/8301-13578_3-9854034-38.html |title=Feds appeal loss in PGP compelled-passphrase case | The Iconoclast - politics, law, and technology - CNET News.com |publisher=News.com |date=January 18, 2008 |access-date=2010-02-08 |archive-date=October 10, 2008 |archive-url=https://web.archive.org/web/20081010232248/http://www.news.com/8301-13578_3-9854034-38.html |url-status=live }}</ref> The Fifth Amendment issue was opened again as the government appealed the case, after which a federal district judge ordered the defendant to provide the key.<ref>{{cite web|url=https://www.cnet.com/news/judge-orders-defendant-to-decrypt-pgp-protected-laptop/|title=Judge orders defendant to decrypt PGP-protected laptop|last=McCullagh|first=Declan|date=February 26, 2009|publisher=CNET news|access-date=2009-04-22|archive-date=January 9, 2022|archive-url=https://web.archive.org/web/20220109033718/https://www.cnet.com/news/judge-orders-defendant-to-decrypt-pgp-protected-laptop/|url-status=live}}</ref> Evidence suggests that {{asof|2007|lc=yes}}, [[British police]] investigators are unable to break PGP,<ref>{{Cite news |url=https://www.theregister.co.uk/2007/11/14/ripa_encryption_key_notice |title=Animal rights activist hit with RIPA key decrypt demand |work=The Register |author=John Leyden |date=November 14, 2007 |access-date=August 10, 2017 |archive-date=August 10, 2017 |archive-url=https://web.archive.org/web/20170810133521/https://www.theregister.co.uk/2007/11/14/ripa_encryption_key_notice |url-status=live }}</ref> so instead have resorted to using [[Regulation of Investigatory Powers Act 2000|RIPA]] legislation to demand the passwords/keys. In November 2009 a British citizen was convicted under RIPA legislation and jailed for nine months for refusing to provide police investigators with encryption keys to PGP-encrypted files.<ref>{{Cite news |url=https://www.theregister.co.uk/2009/11/24/ripa_jfl/page2.html |title=UK jails schizophrenic for refusal to decrypt files |work=The Register |author=Chris Williams |date=November 24, 2009 |page=2 |access-date=August 10, 2017 |archive-date=October 5, 2024 |archive-url=https://web.archive.org/web/20241005182453/https://www.theregister.com/2009/11/24/ripa_jfl?page=2 |url-status=live }}</ref> PGP as a [[cryptosystem]] has been criticized for complexity of the standard, implementation and very low usability of the user interface<ref>{{Cite web|url=https://arstechnica.com/information-technology/2016/12/op-ed-im-giving-up-on-pgp/|title=Op-ed: I'm throwing in the towel on PGP, and I work in security|last=Staff|first=Ars|date=2016-12-10|website=Ars Technica|language=en-us|access-date=2019-07-17|archive-date=July 17, 2019|archive-url=https://web.archive.org/web/20190717111526/https://arstechnica.com/information-technology/2016/12/op-ed-im-giving-up-on-pgp/|url-status=live}}</ref> including by recognized figures in cryptography research.<ref>{{Cite web|url=https://blog.cryptographyengineering.com/2014/08/13/whats-matter-with-pgp/|title=What's the matter with PGP?|date=2014-08-13|website=A Few Thoughts on Cryptographic Engineering|language=en|access-date=2019-07-17|archive-date=October 5, 2024|archive-url=https://web.archive.org/web/20241005182349/https://blog.cryptographyengineering.com/2014/08/13/whats-matter-with-pgp/|url-status=live}}</ref><ref name="2015_marlinspike" /> It uses an ineffective serialization format for storage of both keys and encrypted data, which resulted in signature-spamming attacks on public keys of prominent developers of [[GNU Privacy Guard]]. Backwards compatibility of the OpenPGP standard results in usage of relatively weak default choices of cryptographic primitives ([[CAST5]] cipher, [[Cipher feedback|CFB]] mode, S2K password hashing).<ref>{{Cite web|url=https://latacora.micro.blog/2019/07/16/the-pgp-problem.html|title=Latacora - The PGP Problem|website=latacora.micro.blog|date=July 16, 2019|access-date=2019-07-17|archive-date=October 5, 2024|archive-url=https://web.archive.org/web/20241005182455/https://www.latacora.com/blog/2019/07/16/the-pgp-problem/|url-status=live}}</ref> The standard has been also criticized for leaking metadata, usage of long-term keys and lack of [[forward secrecy]]. Popular end-user implementations have suffered from various signature-striping, cipher downgrade and metadata leakage vulnerabilities which have been attributed to the complexity of the standard.<ref>{{Cite web|url=https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-poddebniak.pdf|title=Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels|access-date=July 17, 2019|archive-date=June 26, 2019|archive-url=https://web.archive.org/web/20190626111129/https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-poddebniak.pdf|url-status=live}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)