Cryptography Expert — PGP Encryption is Fundamentally Broken, Time for PGP to Die
A Senior cryptography expert has claimed multiple issues with PGP email encryption - an open source end-to-end encryption to secure email.

Before continuing, I would like to clarify that covering this topic doesn't mean you should stop using PGP encryption, instead we are bringing to you what Security researcher has argued about its fundamental implications.

PGP or Pretty Good Privacy, a program written in 1991, uses symmetric public key cryptography and hashing that allow both Privacy and Security, as well as Authenticity. Privacy and Security ensure users to exchange messages securely and Authenticity proves the origin of those messages.

But PGP is a complicated multi-step process, which requires users to keep track of the public keys of other users in order to communicate. Despite clumsiness of the PGP implementation, the popular Internet giants such as Google and Yahoo! have looked forward to integrate it into their popular email services.

A respected research professor Matthew Green, who lectures in computer science and cryptography at Johns Hopkins University in Maryland, argued that it's "time for PGP to die", describing the high-quality software as "downright unpleasant".

According to the researcher, PGP key management "sucks." As Green says, "Transparent (or at least translucent) key management is the hallmark of every successful end-to-end secure encryption system."

Also, he says that there is "the need to trust a central authority to distribute keys," and as we know that Google, Yahoo and other major email providers will soon offer PGP encryption for their users, i.e., in other words, they will become the central authority to distribute the keys among their users.

So, one possible consequence of this is that users could be tricked into accepting a false replacement key from a key server or in some other way confuse their key management to the point of corrupting a communication path that used to be safe and allowing a man in the middle into the game. Assume, just in case if these central authorities are given order by law enforcement agencies or government to perform this task, your game is over.

Green also complained that there's no forward secrecy, which means that if my private key is obtained by any intruder, it can be used to decrypt all my previously encrypted files and personal messages as well. But according to the researcher, the criticism is of "terrible mail client implementations."
"Many PGP-enabled mail clients make it ridiculously easy to send confidential messages with encryption turned off, to send unimportant messages with encryption turned on, to accidentally send to the wrong person's key (or the wrong subkey within a given person's key)," he wrote. "They demand you encrypt your key with a passphrase, but routinely bug you to enter that passphrase in order to sign outgoing mail -- exposing your decryption keys in memory even when you're not reading secure email."
It's surprising that we have come a long way since the 1990s, but the usability of PGP has improved just a little. The Federal Government was so alarmed of people communicating securely using PGP email encryption that they started a criminal investigation of Phil Zimmerman, who offered PGP in 1991.

Researcher says that the problem lies in the nature of "PGP public keys" themselves, which are large and contain lots of extraneous information, therefore are really difficult to either print the keys on a business card or manually compare them.
"You can write this off to a quirk of older technology, but even modern elliptic curve implementations still produce surprisingly large keys," Green wrote in his personal blog post. "Since PGP keys aren't designed for humans, you need to move them electronically. But of course humans still need to verify the authenticity of received keys, as accepting an attacker-provided public key can be catastrophic."
"PGP addresses this with a hodgepodge of key servers and public key fingerprints. These components respectively provide (untrustworthy) data transfer and a short token that human beings can manually verify. While in theory this is sound, in practice it adds complexity, which is always the enemy of security."
At the beginning of the month, Yahoo! announced to support end-to-end encryption using a fork of Google's secure end-to-end email extension. The outcome is that both Gmail and Yahoo! Mail are moving towards support PGP for encrypting mail. "As transparent and user-friendly as the new email extensions are, they're fundamentally just reimplementations of OpenPGP - and non-legacy-compatible ones, too," Green states.

According to Green, the solution of the problem is to stop plugging encryption software into today's plaintext email systems, and instead build networks that are designed from the base level to protect messages from eavesdroppers. He suggested TextSecure and DarkMail as potentially interesting projects that are looking forward to this direction.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.