Connect with us

Hi, what are you looking for?


Data Protection

PGP Email Encryption Fundamentally Broken: Cryptography Expert

Pretty Good Privacy (PGP), the popular email privacy and authentication software is fundamentally broken and it’s time for it to “die,” says Matthew Green, a respected cryptographer and research professor at Johns Hopkins University.

Pretty Good Privacy (PGP), the popular email privacy and authentication software is fundamentally broken and it’s time for it to “die,” says Matthew Green, a respected cryptographer and research professor at Johns Hopkins University.

Green, who has been involved in the recent TrueCrypt audit, published a blog post after Yahoo announced its intention to follow on Google’s footsteps and implement end-to-end email encryption.

“As transparent and user-friendly as the new email extensions are, they’re fundamentally just re-implementations of OpenPGP — and non-legacy-compatible ones, too. The problem with this is that, for all the good PGP has done in the past, it’s a model of email encryption that’s fundamentally broken,” the researcher wrote in a blog post. “It’s time for PGP to die.”

First of all, he believes PGP keys, even ones produced by modern elliptic curve implementations, are too large and difficult to handle.

“Since PGP keys aren’t designed for humans, you need to move them electronically. But of course humans still need to verify the authenticity of received keys, as accepting an attacker-provided public key can be catastrophic,” Green said. “PGP addresses this with a hodgepodge of key servers and public key fingerprints. These components respectively provide (untrustworthy) data transfer and a short token that human beings can manually verify. While in theory this is sound, in practice it adds complexity, which is always the enemy of security.”

According to the cryptographer, another issue is with manual PGP key management and the lack of transparency. However, he believes this issue isn’t unfixable, one positive example being the experimental system, which ties keys to the identity of users. Green says modern encryption tools are like islands that are not connected to the mainland, and connecting them represents one of the biggest challenges.

The lack of forward secrecy, old cryptography and “bad” defaults have also been named as problematic by the expert. But the worst part of the PGP ecosystem, according to Green, are mail client implementations.

Advertisement. Scroll to continue reading.

“Many PGP-enabled mail clients make it ridiculously easy to send confidential messages with encryption turned off, to send unimportant messages with encryption turned on, to accidentally send to the wrong person’s key (or the wrong subkey within a given person’s key),” Green said. “They demand you encrypt your key with a passphrase, but routinely bug you to enter that passphrase in order to sign outgoing mail — exposing your decryption keys in memory even when you’re not reading secure email.”

Some agree with Green’s views, but others, like Thomas H. Ptacek, a security researcher with Matasano Security, noted that while there is a lot wrong with PGP, it’s currently the only trustworthy mainstream cryptosystem.

“The flaw is that many systems are old and not up-to-date and thus use poorly implemented or outdated versions of the standards,” Morten Landrock, managing director at Denmark-based security solutions provider Cryptomathic Ltd., told SecurityWeek.

Landrock says that while users should be concerned about such issues, this isn’t exactly front-page news.

Yan Zhu, a former EFF technologist who recently joined Yahoo, published a blog post to describe how she believes centralized PGP key management could be “sane.”

“IMO, if we’re trying to improve email security for as many people as possible, the best solution minimizes the extent to which the authenticity of a conversation depends on user actions,” said Zhu, who is the first member of a new privacy engineering team that will focus on usable end-to-end encryption for Yahoo mail. “Key management should be invisible to the average user, but it should still be auditable by paranoid folks. (Not just Paranoid! folks, haha).”

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...