Re: [liberationtech] Cryptography Leak in Enigmail / GnuPG
Il 4/28/14, 9:25 AM, Fabio Pietrosanti (naif) ha scritto: Il 11/24/13, 2:19 PM, Fabio Pietrosanti (naif) ha scritto: I just wanted to notice that the mostly used encryption software like GnuPG and Enigmail, have some privacy leak that in the XKEYSCORE's ages could represent a major risk. a) Enigmail, Thunderbird's PGP plugin, does send X-Enigmail-Version: header on ALL email sent, also the unencrypted one. b) GnuPG, following the -BEGIN PGP MESSAGE-, does add version information such as Version: GnuPG/MacGPG2 v2.0.19 (Darwin) . An update on this issue following intermediate reports of April '14 (following initial report of October '13). FIXED: - OSX GPGTool (yesterday) http://support.gpgtools.org/discussions/everything/13667-privacy-leak-in-version-and-comment-header - GnuPG https://bugs.g10code.com/gnupg/issue1572 - EnigMailhttp://sourceforge.net/p/enigmail/bugs/216/ YET TO BE FIXED: - Outlook Privacy Plugin https://code.google.com/p/outlook-privacy-plugin/issues/detail?id=124 - GPG4Win: Privacy Leak in Version: and Comment: header http://wald.intevation.org/tracker/index.php?func=detailaid=6470group_id=11atid=126 -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Cryptography Leak in Enigmail / GnuPG
Is this really a cryptographic leak? This seems more like metadata to me. Your subject line makes it sound as if the cryptographic software itself is leaking information about the plain-text. If your concern is providing details that an attacker can use to crack your encryption, then this is security through obscurity, which has pros and cons: http://serverfault.com/a/81697 But it sounds like you are more concerned about leaking information such as the user's OS, and other details that can be used to build up a fingerprint of metadata that identifies you. I'm sure once you start using PGP of any kind, you get a special designation in these surveillance systems. It could actually raise the cost of surveillance by marking *ALL* of your outgoing messages with these PGP-related headers, as that increases the processing burden. In fact, perhaps everyone should include a PGP-encrypted blob whenever they email anyone, in order to increase the volume of messages and cyphertext that the surveillance apparatus has to process. Can you state precisely the threat model that you are concerned about? Cheers, ~Tomer - Original Message - From: Fabio Pietrosanti (naif) li...@infosecurity.ch To: liberationtech@lists.stanford.edu Sent: Monday, June 2, 2014 6:59:43 AM Subject: Re: [liberationtech] Cryptography Leak in Enigmail / GnuPG Il 4/28/14, 9:25 AM, Fabio Pietrosanti (naif) ha scritto: Il 11/24/13, 2:19 PM, Fabio Pietrosanti (naif) ha scritto: I just wanted to notice that the mostly used encryption software like GnuPG and Enigmail, have some privacy leak that in the XKEYSCORE's ages could represent a major risk. a) Enigmail, Thunderbird's PGP plugin, does send X-Enigmail-Version: header on ALL email sent, also the unencrypted one. b) GnuPG, following the -BEGIN PGP MESSAGE-, does add version information such as Version: GnuPG/MacGPG2 v2.0.19 (Darwin) . An update on this issue following intermediate reports of April '14 (following initial report of October '13). FIXED: - OSX GPGTool (yesterday) http://support.gpgtools.org/discussions/everything/13667-privacy-leak-in-version-and-comment-header - GnuPG https://bugs.g10code.com/gnupg/issue1572 - EnigMail http://sourceforge.net/p/enigmail/bugs/216/ YET TO BE FIXED: - Outlook Privacy Plugin https://code.google.com/p/outlook-privacy-plugin/issues/detail?id=124 - GPG4Win: Privacy Leak in Version: and Comment: header http://wald.intevation.org/tracker/index.php?func=detailaid=6470group_id=11atid=126 -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Cryptography Leak in Enigmail / GnuPG
As far as I was aware all of these could be turned off as an option in the interface. On Tuesday, June 3, 2014, Tomer Altman taltm...@stanford.edu wrote: Is this really a cryptographic leak? This seems more like metadata to me. Your subject line makes it sound as if the cryptographic software itself is leaking information about the plain-text. If your concern is providing details that an attacker can use to crack your encryption, then this is security through obscurity, which has pros and cons: http://serverfault.com/a/81697 But it sounds like you are more concerned about leaking information such as the user's OS, and other details that can be used to build up a fingerprint of metadata that identifies you. I'm sure once you start using PGP of any kind, you get a special designation in these surveillance systems. It could actually raise the cost of surveillance by marking *ALL* of your outgoing messages with these PGP-related headers, as that increases the processing burden. In fact, perhaps everyone should include a PGP-encrypted blob whenever they email anyone, in order to increase the volume of messages and cyphertext that the surveillance apparatus has to process. Can you state precisely the threat model that you are concerned about? Cheers, ~Tomer - Original Message - From: Fabio Pietrosanti (naif) li...@infosecurity.ch javascript:; To: liberationtech@lists.stanford.edu javascript:; Sent: Monday, June 2, 2014 6:59:43 AM Subject: Re: [liberationtech] Cryptography Leak in Enigmail / GnuPG Il 4/28/14, 9:25 AM, Fabio Pietrosanti (naif) ha scritto: Il 11/24/13, 2:19 PM, Fabio Pietrosanti (naif) ha scritto: I just wanted to notice that the mostly used encryption software like GnuPG and Enigmail, have some privacy leak that in the XKEYSCORE's ages could represent a major risk. a) Enigmail, Thunderbird's PGP plugin, does send X-Enigmail-Version: header on ALL email sent, also the unencrypted one. b) GnuPG, following the -BEGIN PGP MESSAGE-, does add version information such as Version: GnuPG/MacGPG2 v2.0.19 (Darwin) . An update on this issue following intermediate reports of April '14 (following initial report of October '13). FIXED: - OSX GPGTool (yesterday) http://support.gpgtools.org/discussions/everything/13667-privacy-leak-in-version-and-comment-header - GnuPG https://bugs.g10code.com/gnupg/issue1572 - EnigMail http://sourceforge.net/p/enigmail/bugs/216/ YET TO BE FIXED: - Outlook Privacy Plugin https://code.google.com/p/outlook-privacy-plugin/issues/detail?id=124 - GPG4Win: Privacy Leak in Version: and Comment: header http://wald.intevation.org/tracker/index.php?func=detailaid=6470group_id=11atid=126 -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu javascript:;. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu javascript:;. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Cryptography Leak in Enigmail / GnuPG
Il 6/2/14, 6:43 PM, Tomer Altman ha scritto: Can you state precisely the threat model that you are concerned about? You are right, the subject is not directly related to cryptography but to security . The threat model is better described in the ticket that has been opened to various PGP email client's plugin such as http://support.gpgtools.org/discussions/everything/13667-privacy-leak-in-version-and-comment-header . With the fixes that has been done in GnuPG, Enigmail and GPGTool, such software should provide safe default against this issue. It has been also reported that Symantec Encryption Desktop (formerly PGP Desktop) add multiple fingerprint to header leading to information leak. An issue ticket has been opened also for such commercial product. The commercial PGP software add the following headers, at least not adding the exact version number: Received: from XXX by -Y (PGP Universal service); Sun, XX XXX 20XX 11:11:11 +0100 X-PGP-Universal: processed; by XX-X on Sun, XX XXX 20XX 11:11:11 +0100 -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Cryptography Leak in Enigmail / GnuPG
Thank you for your reply, Fabio. I read the example scenario in that link you provided. To play devil's advocate, what stops the adversary from testing all available PGP-related vulnerabilities against their targets of interest? In other words, just how much more expensive have you made targeted operations? Or how much more expensive have you made bulk surveillance? It's not clear that this makes it drastically more difficult / costly. Thanks, ~Tomer - Original Message - From: Fabio Pietrosanti (naif) li...@infosecurity.ch To: liberationtech@lists.stanford.edu Sent: Monday, June 2, 2014 2:06:16 PM Subject: Re: [liberationtech] Cryptography Leak in Enigmail / GnuPG Il 6/2/14, 6:43 PM, Tomer Altman ha scritto: Can you state precisely the threat model that you are concerned about? You are right, the subject is not directly related to cryptography but to security . The threat model is better described in the ticket that has been opened to various PGP email client's plugin such as http://support.gpgtools.org/discussions/everything/13667-privacy-leak-in-version-and-comment-header . With the fixes that has been done in GnuPG, Enigmail and GPGTool, such software should provide safe default against this issue. It has been also reported that Symantec Encryption Desktop (formerly PGP Desktop) add multiple fingerprint to header leading to information leak. An issue ticket has been opened also for such commercial product. The commercial PGP software add the following headers, at least not adding the exact version number: Received: from XXX by -Y (PGP Universal service); Sun, XX XXX 20XX 11:11:11 +0100 X-PGP-Universal: processed; by XX-X on Sun, XX XXX 20XX 11:11:11 +0100 -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Cryptography Leak in Enigmail / GnuPG
Il 11/24/13, 2:19 PM, Fabio Pietrosanti (naif) ha scritto: I just wanted to notice that the mostly used encryption software like GnuPG and Enigmail, have some privacy leak that in the XKEYSCORE's ages could represent a major risk. a) Enigmail, Thunderbird's PGP plugin, does send X-Enigmail-Version: header on ALL email sent, also the unencrypted one. b) GnuPG, following the -BEGIN PGP MESSAGE-, does add version information such as Version: GnuPG/MacGPG2 v2.0.19 (Darwin) . An update on this issue following reports of October '13 : FIXED: - GnuPG https://bugs.g10code.com/gnupg/issue1572 - EnigMail (yesterday) http://sourceforge.net/p/enigmail/bugs/216/ NOT FIXED: - GPGTool http://support.gpgtools.org/discussions/everything/13667-privacy-leak-in-version-and-comment-header - Outlook Privacy Plugin https://code.google.com/p/outlook-privacy-plugin/issues/detail?id=124 - GPG4Win: Privacy Leak in Version: and Comment: header http://wald.intevation.org/tracker/index.php?func=detailaid=6470group_id=11atid=126 -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Cryptography Leak in Enigmail / GnuPG
And, whether it's a Thunderbird bug or an Enigmail bug, Gmail emails have a tendency to be sent (typically unencrypted) during draft autosave. So that's fun. Thunderbird makes me think of Mutt's slogan from 1995 - All email clients are terrible. This one is just less terrible. ~Griffin On 2014-04-28 03:25, Fabio Pietrosanti (naif) wrote: Il 11/24/13, 2:19 PM, Fabio Pietrosanti (naif) ha scritto: I just wanted to notice that the mostly used encryption software like GnuPG and Enigmail, have some privacy leak that in the XKEYSCORE's ages could represent a major risk. a) Enigmail, Thunderbird's PGP plugin, does send X-Enigmail-Version: header on ALL email sent, also the unencrypted one. b) GnuPG, following the -BEGIN PGP MESSAGE-, does add version information such as Version: GnuPG/MacGPG2 v2.0.19 (Darwin) . An update on this issue following reports of October '13 -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Cryptography Leak in Enigmail / GnuPG
On 11/24/2013 05:39 PM, Jacob Appelbaum wrote: When a user uses TorBirdy with Enigmail and Thunderbird, we disable those information leaks. We also have a mode (disabled by default due to user complaints) to remove the keyid of the recipient from the PGP encrypted message itself. Important to note here is that by default, Enigmail adds the sender to the recipient list -- which is useful if you want to reread sent mail, but it also means that any encrypted mail contains not only the recipient key ID (which at least some users know), but also the sender key ID. Adding to the pain, if you receive a PGP message without keyID and have multiple private keys, GPG/Enigmail will dumbly rotate through the keys, without taking the actual email addresses (sender/recipient pair) from the mail header into account. This can only be solved on Enigmail-level, since only Enigmail knows about email headers. Thank you Fabio for filing the tickets! Maybe some good will come out of that. -- Moritz Bartl https://www.torservers.net/ -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.