Digital signatures

Todd Zullinger tmz at pobox.com
Fri Jul 13 05:58:41 UTC 2007 

Les wrote:
> My question here is how safe is the process, and how do you
> implement it personally to ensure it is safe?

That question requires the answers to other questions.  Firstly, who
is the attacker you wish to be safe from?  The steps you would need to
take to be "safe" from an entity like the government of a G7 nation is
different than for nosy ISP's, script kiddies, family members, etc.

You also need to determine the value of the information you wish to
protect.

> Moreover, can you estimate the risk being taken with the
> information.

So, for mailing list posts to a public list, I'm quite at ease.
Mostly I sign my messages out of habit and for easy verification
should a list ever mung up my messages or another person tried to
pretend to be me (leaving aside the obvious question of why anyone
would ever want my identity :).

> Is it safe for a year, a day or a century, given the resources
> available today?  Is the process by which the keys are distributed
> and used available to anyone, and can they be falsified, and would
> falsification reduce the security of the process?

With an open, decentralized system like PGP, you can control all of
this.  You can choose to trust whomever you wish.  You can look over
the code that is used to generate keys if you want.

As far as falsification, someone can generate a key that has my user
id (name and email address in my case).  But they cannot create a key
that matches the keyid and fingerprint of my key.  Part of the process
of using public key crypto involves verification of that key info
before assigning trust and validity to a someone elses key.

> Where are the instructions available for implementing the process.For
> example, David, your messages give me the warning Valid signature,
> cannot verify sender.

This would be because you've not verified his key.  In PGP, you have
validity and trust.  Validity is applied to a key, trust is applied to
a person.  If you wanted to trust David's signatures in important
situations, you would need to verify (validate) his key.

Let's assume that you know David already, to the extent that you don't
need to check his ID to know he really is the David that you want to
converse with.  You could verify his key by meeting him and exchanging
key information with him (user id, size, type, key id, and
fingerprint).

You then tell PGP that you've verified this info by certifying
(signing) his key.  His key is now valid as far as PGP is concerned.

Trust is something which you can assign.  For instance, you could
choose to trust David fully (I'd advise against this :).  This means
that if he were to sign my key and then I sent you my key, PGP would
see it as valid -- because it was certified by someone you trust
fully.

You could also choose to trust someone only marginally.  It would
take several signatures from marginally trusted people to make a key
that you haven't signed valid.  This is known as the web of trust and
it's how you can end up verifying keys from people you've not met
directly.

Of course, you get to choose who you trust and how much you trust
them.

> In the case of double encryption, as in the case of "shared secrecy"
> for PGP, how secure is the result?

I'm not sure I follow you here.  What exactly do you mean by double
encryption and "shared secrecy" ?

In PGP, messages are encrypted using a symetric cipher like AES.  The
key that's used for this encryption (the session key) is generated
randomly.  This key is then encrypted with an asymetric cipher like
RSA.  This is done for each of the recipients.  When the you receive
the message, you unlock the session key with your private key, and
then the message itself it decrypted.

> Also if parallel attacks several tens of thousands wide are
> attempted, how secure it the information and for how long?

If you have attackers with that sort of resources, you don't want to
trust the advice of anyone on a public mailing list.  You'd want a
high grade security consultant. :)

You also want to think about whether the resources it would take to
crack a PGP encrypted message would be worth the cost, or if there
were better ways to break your secret.  In most cases, it's far easier
to use a rubber hose attack to beat the information out of you.
Another tactic the government is using these days is to install a key
logger on the victim's computer (using one of those nifty secret
warrants). [1]

> If a new view of decryption comes along, what will become of the
> algorithm and how will we know when it is broken?

The PGP system uses more than one cipher and allows you to choose
which you prefer.  Should one of them begin to look vulnerable, you
can switch to another.  MD5 was used as the hash algorithm in the
early versions of PGP, but it is very much deprecated now because it
is not nearly as secure as it needs to be.  SHA1 is following a
similar path.

As an example, here are the algo preferences on my current key:

Cipher: AES256, AES192, AES, CAST5, 3DES
Digest: SHA512, SHA256, RIPEMD160, SHA1
Compression: ZLIB, BZIP2, ZIP, Uncompressed

(The 3DES and SHA1 are implicit preferences, used by default in PGP if
no other common algorithms can be used.)

> What if I used something like n-dimensional ffts against a noise
> added attack, would the key and data break apart like virus attacked
> dna?

If you can do that, then you could be a famous geek. :)

> But to keep it simple here, is there somewhere a guide that gives step
> by step what do do to ensure the following:
> 	1. you can use pgp signatures in both sending and receiving email.
> 	2.  Instructions for implementing, posting and using your own
> signatures.
> 	3.  the means of generating shared secret posts.
> 	4.  what to do if you discover that your signature and encryption is
> broken.
> 	5.  some estimate of the safety of the algorithms used.

I'd probably start with some of the documentation available at:

http://www.gnupg.org/(en)/documentation/

Some of it is getting old now, but I am sure it is still quite useful.

[1] http://news.com.com/8301-10784_3-9741357-7.html

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In the province of the mind, what one believes to be true either is
true or becomes true.
    -- John Lilly

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20070713/e028b211/attachment-0001.sig>

More information about the fedora-list mailing list