Security Warnings for Mailcrypt

As usual, the weakest link in a cryptosystem is how it is used. As far as we know, PGP and GPG are completely unbreakable, even with the full resources of the NSA on your case. However, there are many other ways for your secrets to be found out--let the user beware.

If you've never read Bruce Schneier's paper, "Why Using Cryptography is Harder than it Looks", then stop right now and do so.

NT Users: Mailcrypt might leak your passphrase!

We have reports that Mailcrypt/PGP 5.0 works on NT. We've also had reports that it doesn't work. So far, no volunteers have come forward to make sure it works correctly on NT.

One report, though, you should be aware of. One person has tried using Mailcrypt on Windows NT, with poor results. Much later, he looked in a temp directory and FOUND HIS DECRYPTED MESSAGES, WITH HIS PASSPHRASE TUCKED INSIDE.

This is certainly no joke. Many workstations carelessly share their whole filesystems across the network. Many are shared by multiple users. Temp directories are usually world-readable. This means that someone might learn your passphrase if you use Mailcrypt carelessly on an NT workstation.

Here is what you can do about it:

1. Volunteer to test Mailcrypt on NT, and fix this problem.
2. Try using GPG on NT instead of PGP; there is a good chance this problem is not present with GPG. BUT TEST THIS CAREFULLY BEFORE TRUSTING IT!
3. Only use Mailcrypt on a workstation over which you posess sole physical control. Tightly restrict network file-sharing, and clean your disk often with a secure wiping utility.

Other Security Issues

Other security issues are standard concerns.

• Make sure that nobody can look over your shoulder when you're typing your passphrase.
• Do not store decrypted messages in publically accessible places.
• Do securely erase any files you won't need again.
• Do not run Mailcrypt remotely through a telnet connection; your passphrase will travel across the network/Internet in the clear. If you trust ssh, go ahead and run Mailcrypt over an ssh connection.
• Do not store your keyrings on shared machines (including mainframes) if you can help it. The secret keys on your keyring, are encrypted using your passphrase, but why tempt fate? Furthermore, storing keyrings on mainframes increases the danger that you will end up transmitting your passphrase across the Internet using telnet. Hello, NSA!