SoylentNews is people
SoylentNews
posted by
martyb
on Sunday November 08 2015, @02:06PM
from the Wbuaal-qbrf-abg-rira-haqrefgnaq-EBG13 dept.
from the Wbuaal-qbrf-abg-rira-haqrefgnaq-EBG13 dept.
This paper presents the results of a laboratory study involving Mailvelope, a modern PGP client that integrates tightly with existing webmail providers. In our study, we brought in pairs of participants and had them attempt to use Mailvelope to communicate with each other. Our results shown that more than a decade and a half after "Why Johnny Can't Encrypt," modern PGP tools are still unusable for the masses. We finish with a discussion of pain points encountered using Mailvelope, and discuss what might be done to address them in future PGP systems.
The PDF of the study can be found here.
This discussion has been archived.
No new comments can be posted.
Why Johnny Still Can't Encrypt: Evaluating the Usability of a Modern PGP Client
|
Log In/Create an Account
| Top
| 69 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
The clothes have no emperor.
-- C. A. R. Hoare, commenting on ADA.
(Score: 3, Informative) by frojack on Sunday November 08 2015, @03:18PM
You know they are barely usable by professionals too
The Enigmail plugin added to Thunderbird will handle the whole setup, and burp the baby for you at the same time.
Show the greenest intern in your shop how to use those two things and she will have your engineers whiped into shape in an afternoon.
Seriously, command line!?!?
No, you are mistaken. I've always had this sig.
(Score: 0, Interesting) by Anonymous Coward on Sunday November 08 2015, @03:24PM
Seriously, command line!?!?
You do understand there are uses of computers that involve not using a mouse don't you? Those also tend to also like having crypto available to them. Do you instinctively hate the command line?
Lets just sign packages for an operating system with a bunch of clicking, sounds good to me!
(Score: 2, Insightful) by Francis on Sunday November 08 2015, @04:19PM
The main problem isn't configuration, the main problem is that the person receiving the email has to be able to open it and keep it secure. I'd be encrypting all my mail, but it doesn't really make any sense because nobody I know encrypts their mail and so I'd largely be stuck not sending it to anybody.
They had the same basic problem with DKIM, SPF and Sender ID, it took so long for those to gain any traction that they've had very little impact. I think even now they're not something that gets much use.
Configuration is something that's easily solved, but just like IPv6, there's not much point in going that route until there's enough other people going that route for it to make sense.
(Score: 2, Disagree) by JoeMerchant on Sunday November 08 2015, @04:32PM
The only practical solution I see for encrypted e-mail is to "put it in the cloud." When you send somebody an encrypted mail, it includes a link to a web-hosted decryption tool. This way, everybody can use it.
Sure, it flies in the face of what secure is supposed to be, but if you trust https:// to carry your credit card numbers, why wouldn't you trust it to handle some descrambled e-mails?
Expecting your e-mail partners to run Thunderbird, or any particular mail client for that matter, is just not realistic - hasn't been realistic for the last 20 years, and isn't likely to become realistic in the next 20.
🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Sunday November 08 2015, @04:43PM
Yeah sure, that way the gov't has only ONE server to raid to get the keys to everyone's email. Do you by change work for a three letter agency?
(Score: 5, Insightful) by frojack on Sunday November 08 2015, @04:53PM
No, that's NOT safe. (Please tell me you were joking!).
Even with https your mail sits on servers unencrypted.
When I send encrypted mail to joe@merchant.org I HAVE TO KNOW joe's public key. (My mail client will run out to the key-servers and fetch it for me, - seamlessly. Then and only then can the message be encrypted using joe's public key, and my private key. Joe can only decrypt the mail by using his private key, and my public key.
Encryption must be done client side, for both sender and recipient. Decryption in the cloud just means your private key is pre-compromised because you uploaded it to the cloud. Don't ever do that. That is less than useless. Its harmful. Don't ever go there.
No, you are mistaken. I've always had this sig.
(Score: 2) by tangomargarine on Sunday November 08 2015, @05:56PM
I'm not sure GP was talking about uploading the private key. Can't both parties post their public key somewhere and the system is still secure as long as the private keys stay private?
If you do the decryption server-side, yes ew.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by frojack on Sunday November 08 2015, @06:51PM
I'm pretty sure the GP has no idea about how it works and wasn't even aware there was a private key.
Public keys are sent to key-servers, which replicate them around the world. 20 minutes after you publish your public key to one key server all the others have it. You can also attach them to the message. Distributing your public key is another thing that the Enigmail client takes care of.
The upshot is the suggestion of loading all mail to a website that can decode it for the recipient is a non-starter. (Politest term I can think of).
If the cloud can decrypt your mail, its hopelessly compromised.
If the Cloud Can't decrypt your mail, there is no reason to have the cloud.
This article was about Mailvelope, which is a browser extension to handle the decryption/encryption tasks. It wasn't a full blown mail package.
It isn't the only such package out there that attempts to add encryption to web mail via browser plugins. Even google released a similar extension for chrome.
In general, in-browser decryption/encryption is considered a bad idea, because browsers are so easily hacked. Still, a lot of people use browsers to read mail, and any opensource browser plugin is probably a good idea: As long as it does work.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Monday November 09 2015, @10:38AM
Not true.
(Score: 2) by frojack on Monday November 09 2015, @07:12PM
If the Cloud Can't decrypt your mail, there is no reason to have the cloud.
Not true.
Well, yes. clearly I meant there is no reason to have "the cloud" involved in email storage and retrieval as proposed by the GP.
And no, the cloud can't hide who email is sent from and to, because that is all revealed to the each smtp mail server in the chain.
Thank you Captain Pedantic.
No, you are mistaken. I've always had this sig.
(Score: 2) by JoeMerchant on Monday November 09 2015, @04:07AM
[QUOTE]I'm not sure GP was talking about uploading the private key.[/QUOTE]
Yeah, that would be more like GMail today... no, I mean keeping private keys private, and if someone wants to run the decryption software native on their own machine (in a RAM based "burner VM", if you're into such things), then rock on, that's an option.
What I'm talking about for compatibility with the world is just this:
Alice wants to send Bob an encrypted e-mail, but Bob is clueless.
Alice sends Bob a "welcome to webcrypt" link which prompts Bob to make a key pair (with a web-app that runs local on his machine to store his private key), and Bob's public key is sent to Alice. Bob is also prompted to select a passphrase which can be used to secure his private key on the web server so Bob can access his private key securely from multiple devices, you know how Bob loves his phone...
Alice now sends Bob the "secure" e-mail, which includes a link for clueless Bob to click on to load the decoder software from the web. Bob inputs his passphrase, and software running on Bob's device decrypts his private key using the passphrase, then decrypts the e-mail Alice sent him using his private key. Bob's phone self-destructs 10 seconds later (only in the movies.)
Bob replies to Alice, and his reply is encrypted on his device using Alice's public key, before transmission to the SMTP server.
Alice, being the paranoid of the bunch, receives Bob's e-mail on an encrypted, RAM based VM that uses biometric plus passphrase to unlock her private key which is used to decrypt Bob's e-mail using a native app in the VM that is verified in-tact via an md5sum she has engraved inside her wedding band (the VM image is kept on a micro USB drive that hangs from her Pandora bracelet).
It can work, but Bob just doesn't care and will whine about having to type in a pass phrase.
🌻🌻 [google.com]
(Score: 2) by tangomargarine on Monday November 09 2015, @04:23AM
Bob's public key is sent to Alice. Bob is also prompted to select a passphrase which can be used to secure his private key on the web server so Bob can access his private key securely from multiple devices, you know how Bob loves his phone...
Alice now sends Bob the "secure" e-mail, which includes a link for clueless Bob to click on to load the decoder software from the web.
I'm skeptical whether the passphrase would be secure, though. Wouldn't it just be stored on the server? In which case the hosting company could presumably trivially decrypt his private key and then the whole game is over as soon as the gubmint requests the users' keys (and of course the companies never say no). Unless if the passphrase was hashed or something...but then if the server can't decrypt the passphrase, it can't use it to retrieve the private key anyway.
Bottom line, if they have your private key, you should assume that they'll give it up the first time somebody demands it.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 0) by Anonymous Coward on Monday November 09 2015, @10:46AM
That would be a crappy implementation.
The passphrase basically acts as a key to encrypt the actual private key.
What storing the private key on a server of course means is that for anyone having access to the data on the server, the strength of the key is effectively reduced to the strength of the passphrase.
(Score: 2) by JoeMerchant on Monday November 09 2015, @01:32PM
The passphrase is as secure as Bob makes it, but you know how Bob is a whiner about long passphrase requirements.
The passphrase is used to scramble Bob's private key before it goes to the server, and unscramble it when it rains back on him from the cloud. Bob's scrambled private key is known to an attacker, but such attacker would have to guess passphrases and try the resulting private keys on sample messages to determine if they have guessed correctly or not. If we can keep Bob secure from dictionary attacks and get his key length up around 12 characters from a 50+ alphabet size, 2x10^20 codes take a while to plough through.
Bottom line, like Apple these days, they won't have the private key.
🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Monday November 09 2015, @04:33PM
People are horrible at choosing passphrases.
They over-estimate the entropy they are using.
Search for "Brainwallet" for examples with money on the line.
(Score: 0) by Anonymous Coward on Sunday November 08 2015, @08:54PM
Not trying to be pedantic here, I'm no GPG expert, so I may have misunderstood something, but isn't it that the message is encrypted using joe's public key and signed using your private key? i.e. your private key plays no role in the encryption part.
(Score: 2) by frojack on Sunday November 08 2015, @04:42PM
The main problem isn't configuration, the main problem is that the person receiving the email has to be able to open it and keep it secure. I'd be encrypting all my mail, but it doesn't really make any sense because nobody I know encrypts their mail and so I'd largely be stuck not sending it to anybody.
You do understand that this is an already solved problem don't you?
Your email client will not encrypt mail sent to people who don't use encryption. Its automatic in every email package I've every used that supports encryption. There is even an opportunistic encryption option that will hit the key-servers for each recipient's email address and fetch their public key.
You can NOT blindly encrypt email for people who's key does not exist, because they do not use encryption. The mail will be sent clear text, and you will (optionally) get a warning before it gets sent that encryption is not possible.
Its time for you to explore encryption further, because its pretty clear you've never even tried it.
No, you are mistaken. I've always had this sig.
(Score: 1) by Francis on Sunday November 08 2015, @05:08PM
That doesn't sound like a solved problem. I assume I'm missing something here.
The only difference I see is that I've spent some time setting something up that nobody I know is using. The main is still unencrypted and still vulnerable to snooping. Whether or not the mail is being stored on my end or on the servers in plain text doesn't much matter as there's an additional copy on the other end that's not encrypted and will be there as long as the files haven't been deleted and the backups are still available.
(Score: 4, Interesting) by frojack on Sunday November 08 2015, @05:42PM
The instant someone publishes their public key to the key-servers your mail to them would be encrypted. You don't have to think about it. They don't have to think about it. It just happens.
Setting it up and turning on opportunistic encryption costs you nothing. For all you know, They are all waiting for you to go first! But because you won't bother, there is no momentum to use encryption.
Note, you can give them the hint by setting it up to PGP "sign" all your outgoing mail.
If you or they ONLY use web mail, nothing will ever happen.
No, you are mistaken. I've always had this sig.
(Score: 1, Touché) by Anonymous Coward on Sunday November 08 2015, @06:05PM
You do realize that anyone can upload a key to a key server? This might work if the key was signed by a mutual friend that you really trust. Otherwise, do you have any idea of who holds the private key?
(Score: 2) by NotSanguine on Monday November 09 2015, @12:44AM
Note, you can give them the hint by setting it up to PGP "sign" all your outgoing mail.
That's quite amusing Frojack. In point of fact, I *do* PGP sign all my outgoing emails, and have done so for years. It hasn't made a lick of difference with anyone, except one person who has a vested interest in secure communications. Even then, that person's partner (an IT person) needed to set it up for them.
The best was when I sent my investment advisor an email who then called me and said -- "I just wanted to make sure this was really from you, since there was all this garbage at the end." Very cute.
Before I jumped ship from Facebook, I figured it would be okay to continue its use if I could store and publish my PGP key in my FB profile and encourage others to do the same. Facebook certainly won't allow that, as it would mean we can encrypt our posts and they can't mine the data.
I realize that from a practical/usage-based perspective, there isn't anything stopping huge numbers of people from using existing resources to encrypt their communications. However, the problem is one of ignorance and a lack of visibility amongst the great unwashed. Until that changes, encrypted email will be the domain of techies, spooks, journalists and dissidents. Because no one else cares. Sad, but true.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by frojack on Monday November 09 2015, @03:23AM
I *do* PGP sign all my outgoing emails, and have done so for years. It hasn't made a lick of difference
So do I. And many of my European customers have decided to do the same, usually after a chat about it.
I only started doing it because some of my customers have to send me code samples and small test data sets.
My customers in the EU, Germany and Italy principally, are much less likely to use Microsoft Outlook, they mostly use Linux
so its Thunderbird, Kmail or Claws. Of those Tbird with Enigma does the closets job of getting you into encryption.
Now, I grant you, your grandma isn't going to use encryption. Neither are your casual friends. But just having that signature
there invites others. And I would have taken that opportunity to ask that investment adviser why he doesn't employ it in
his line of work.
No, you are mistaken. I've always had this sig.
(Score: 2) by hemocyanin on Sunday November 08 2015, @06:19PM
I've set up GPG on my email client and for everyone in my office, but if I didn't set it up, there is no way in hell they would have been able to figure it out. Seriously, introducing the average user to encryption is only slightly easier than introducing it to your cat. But some of that is the fault of the software providers -- for example, the openGPG packages for Mac had an upgrading bug where a user would get an upgrade message, click OK, it would look like something happened, and then the whole thing failed to function afterwards. My business partner was a hair's breadth away from insisting we quit using encryption. I fixed it -- just required downloading the software and reinstalling -- and then it happened again a few weeks later. I managed to keep our business emails encrypted, but there was some huge resistance. Without my stubbornness though, we wouldn't be encrypting anything -- we wouldn't even have set up GPG in the first place.
(Score: 1, Interesting) by Anonymous Coward on Sunday November 08 2015, @04:27PM
Yes, Enigmail's setup wizard does simplify things. It certainly sounds much easier than the software used in the study. Still many gotchas after that. Would your idiot after setting everything up know not to put sensitive information in the subject line? What about verifying the fingerprint of a key?
(Score: 2) by frojack on Sunday November 08 2015, @05:03PM
Would your idiot after setting everything up know not to put sensitive information in the subject line? What about verifying the fingerprint of a key?
There is no technical fix for stupid. None of the headers are encrypted. Not all headers originate with the sender. (There are more advanced encryption tools that that wrap your email in a new email with generic headers - but this is even less common.).
Verification is something the client does. Messages show up in your inbox already verified, and decrypted if the public key of the sender is valid. Its automated. Even fetching the sender's public key is automated.
No, you are mistaken. I've always had this sig.
(Score: 2) by hemocyanin on Sunday November 08 2015, @06:27PM
Here's a major gotcha, and maybe it has changed now as my experience with setting up enigmail is 3-4 years old now, but I recall that after setting it up and building your keys (and also after adding new public or private keys) you have to quit thunderbird and restart. Otherwise it's just failure after failure. I spent several hours trying to understand WTF wasn't working and nowhere did I see a popup that said "completely quit email and restart if you have added a key or this is a fresh install".
The same thing is true with GPGtools for the Mac.