Security Warnings for Mailcrypt
As usual, the weakest link in a cryptosystem is how it is
used. As far as we know, PGP and GPG are completely unbreakable,
even with the full resources of the NSA on your case. However,
there are many other ways for your secrets to be found out--let
the user beware.
If you've never read Bruce Schneier's paper, "Why Using
Cryptography is Harder than it Looks", then stop right now and
NT Users: Mailcrypt might leak your passphrase!
We have reports that Mailcrypt/PGP 5.0 works on NT. We've also
had reports that it doesn't work. So far, no volunteers have come
forward to make sure it works correctly on NT.
One report, though, you should be aware of. One person has
tried using Mailcrypt on Windows NT, with poor results. Much
later, he looked in a temp directory and FOUND HIS
DECRYPTED MESSAGES, WITH HIS PASSPHRASE TUCKED
This is certainly no joke. Many workstations carelessly share
their whole filesystems across the network. Many are shared by
multiple users. Temp directories are usually world-readable. This
means that someone might learn your passphrase if you use
Mailcrypt carelessly on an NT workstation.
Here is what you can do about it:
- Volunteer to test Mailcrypt on NT, and fix this problem.
- Try using GPG on NT instead of PGP; there is a good chance
this problem is not present with GPG. BUT TEST THIS CAREFULLY
BEFORE TRUSTING IT!
- Only use Mailcrypt on a workstation over which you posess
sole physical control. Tightly restrict network file-sharing,
and clean your disk often with a secure wiping utility.
Other Security Issues
Other security issues are standard concerns.
- Make sure that nobody can look over your shoulder when
you're typing your passphrase.
- Do not store decrypted messages in publically accessible
- Do securely erase any files you won't need
- Do not run Mailcrypt remotely through a telnet
connection; your passphrase will travel across the
network/Internet in the clear. If you trust ssh, go ahead and
run Mailcrypt over an ssh connection.
- Do not store your keyrings on shared machines
(including mainframes) if you can help it. The secret keys on
your keyring, are encrypted using your passphrase, but why tempt
fate? Furthermore, storing keyrings on mainframes increases the
danger that you will end up transmitting your passphrase across
the Internet using telnet. Hello, NSA!