PGP Horror Stories

The algorithms that underpin PGP are thought to be secure, the implementation is thought to be secure, the weakness is in the use or rather misuse of the public keys. A weakness that is true of all public key systems, not just PGP.

Unless you receive the key in-person from its claimed owner, or the key has a valid signature from someone you know and trust and you have a valid copy of their key you can never be certain of the key's validity.

A key downloaded from a public key server is not secure, a key obtained from a Web page is not secure, a key sent via e-mail is not secure. In all cases the key may have been switched, the key may have been tampered with. To be sure of a key it has to be obtained via a tamper-proof channel.

Always sign your key. This prevents key tampering. Always have at least one other person sign your key. This helps others validate your key through the Web of Trust.

A corollary to the need to always sign a key, is that if you are asked to sign a key, never sign a key unless you are absolutely certain of the identity of the owner, and that the key does indeed belong to its claimed owner.

These are the simple facts of life to ensure secure communications with PGP. Facts that many users seem to ignore. This is understandable with novice users who are often overwhelmed by the complexity of PGP. It is not understandable, indeed it it is wholly unacceptable when the same mistakes are made by people whose business is computer security.

The stories I've listed are security professionals and people who claim to be experts in the use of PGP.

In all cases I have given prior warning of the security flaws. In only one case did I receive a reply, and an interesting dialogue ensued. In no cases have the security holes that I identified been plugged.

The Anti-virus Company

A virus scanner is shipped using PGP signatures to protect the product. Users are warned that the signatures and keys shipped with the product may not be valid and that a signature for the whole package and keys should be obtained from a secure source. A secure source is not defined. It is suggested that users obtain the key from a public key server.

The company founder and well respected virus researcher has a key. That key does not have a single signature.

The Security Company

Company Web is displayed in e-mail signature, as is the fact that PGP is used. It is suggested that the PGP key is obtained via e-mail or from a public key server.

My comments at slip shod security obviously did not go down too well. I was told that if I didn't like it to go get the key from a public key server, same as everyone else.

It was also claimed that there were more secure ways of sending a message than encrypted e-mail. When this was challenged, the response was to claim that PGP would shortly be broken, the only evidence to support that claim was to quote historical precedence.

This is one security company that I will not be recommending to anyone.

A Maintainer of a PGP page

The PGP key is available from the Web page, also available via finger on the e-mail address. Maintainer happy to provide key via e-mail.

The key self-signed, but no third party signatures.

I was able to obtain confirmation of the key, then the key itself by a more secure route, but the key owner made the point that he could not see the point of the elaborate procedure that I had devised when he could have simply e-mailed me the key.

A Maintainer of a PGP page

The maintainer made a very big point of always signing his e-mail, even has a FAQ on it. To be fair he did have good grounds as malicious e-mail had been sent out in his name.

The key had not been signed. In other words there was not a lot of point in signing any documents when the most important thing to sign, the key, had not been signed.

A Privacy Campaigner

Probably one of the best known and highly respected campaigners for privacy and cyber rights. Key not signed.

Hacker Group

Both feared and respected. Key(s) not signed. Several different keys, not signed by each other. Which, if any, is the genuine key?

A Developer of Windows front end for PGP

Package is protected by PGP signature. Key is available separately, via e-mail. I tried via e-mail, but got no key.

Two different keys are available via Web page. But redirected to another site. What may be a later key, with a different UserID, is not signed by the earlier key.

Which if any is the genuine key? Is Web spoofing taking place? My enquiries, via encrypted e-mail, remain unanswered.

The PGP Signed Web Pages

A salutary tale of how easy it is to create a false sense of security.

At least one person, maybe others follow his example, signs all his Web pages. There is no need to sign all pages but there does appear to be good grounds for signing a page containing critical information, PGP key information for example. The user downloads the page and can then check the accuracy of the information contained therein.

Unfortunately although this superficially sounds a good idea the proponent is simply deluding himself and creating a gooey feeling of well-being.

A hacker replaces the Web page. He changes the URL to point to a different key and changes any other key information that is on the page. Of course he signs the page with the false key.

An alternative hack is Web spoofing. All transactions take place in an alternative universe.

This tale is a reworking of the same sad old story of downloading an unknown key and being prepared to trust it.

The PGP Expert

This tale does not involve the misuse of keys, rather the misuse of the system.

I sent an encrypted e-mail to someone I did not know, other than by reputation, to enlist their help in a project. It was important that the details were kept secure - that is why I used encryption.

Their comments to me involved quoting extracts from my original proposal and sending it plaintext via a third party.

Apart from what I can only describe as crass stupidity, this shows gross insensitivity and a lack of good manners.

If you receive an encrypted e-mail, assume that it has been encrypted for a reason, and keep it secure. If you are sending an e-mail to someone, you may be using hard encryption, but nothing can protect you from the carelessness, foolishness and gross stupidity of the recipient.

An Author of a Book on PGP

Author of a book on PGP. Key not signed.

Home ~ PGP ~ What is PGP ~ Why use PGP ~ Web of Trust ~ Quick Reference ~ My Key
(c) Keith Parkins 1997 -- September 1997 rev 7