Incidentally I also use Decoy as one method of PGP public key verification. The "decoy" picture is a screenshot of my public key. The photo hidden behind the decoy is a picture of me, holding up my drivers license and an index card with my username. The picture itself should prove sufficient in 99% of cases but in extreme circumstances I can give out the passcode which provides an additional two layers of verification (the validity of the password itself, and the photographic identity verification)
Of course that could still be spoofed if someone managed to replace all instances of my verification image, and then made a fake drivers license with my name on it and took a picture of that. But if that ever did happen I actually have a final layer of protection which I won't tell anyone about until I can figure out a way to re-tell it without rendering it worthless.
Online PGP Signature: This is an online javascript-based tool which allows you to sign messages using your PGP private key.
Given a private PGP key to a website that isn't even SSL encrypted is the antithesis of good encryption behavior.
Yeah... Ummmm..... There's a lot wrong with this.
Don't get me wrong. I appreciate the need for constant vigilance, but this type of knee-jerk reaction is what prevents the wider scale adoption of good crypto practices.
Edit- for posterity's sake: I accidentally down voted your post when I meant to upvote it. I wasn't just being snide when I said "I appreciate the need for constant vigilance", and it definitely resulted in a good discussion. I updated my vote.
Actually, there is still a small danger to executing this via a non-SSL encrypted web site, even if I trust that you have no malicious intent, your site has not been compromised and the script runs client-side. The danger is a man-in-the-middle attack, in which an attacker intercepts my http request for the script and replaces your script (in the response) with a version that captures my private key and sends it to a server controlled by the attacker.
I realize that most browsers won't let client-side javascript send requests to hosts other than the original host from which the javascript was loaded, but that fact won't solve the issue; the modified version of the script could send the private key to a URL apparently on your host, and the man-in-the middle daemon could intercept the request and send it to the attacker's host.
Such an obvious and easy to exploit vulnerability has existed for 20ish years, undiscovered/unexposed until one person on LW pointed it out?
It's not a vulnerability. I trust gnupg not to leak my private key, not the OpenPGP standard. I also trust gnupg not to delete all the files on my hard disk, etc. There's a difference between trusting software to securely implement a standard and trusting the standard itself.
For an even simpler "vulnerability" in OpenPGP look up section 13.1.1 in RFC4880; encoding a message before signing. Just replace the pseudo-random padding with bits from the private key. Decoding (section 13.1.2) does not make any requirements on the content of PS.
These sound like great tools. Thanks for making them available.
On a meta level I don't mind if members of the community promote their own work here if it's something that other community members will find useful. I'll also note that these seem lik tricky enouph things that they could also have been mentioned in the bragging thread when you finished them.
The "decoy" pictures are indistinguishable from any other picture on your or your recipients' camera rolls, and unless you have the passphrase, then the original image is thoroughly inaccessible.
What does "indistinguishable" mean in that sentence? Do you claim that a skilled attacker can't know that there metadata added?
For grins:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Information security is a pretty big passion of mine; I don't think someone needs to have "something to hide" in order to make use of digital signing, encryption, etc. Another passion of mine is making things easier for other people to do. I've written a couple of tools that I think can be useful for the LW crowd.
Online PGP Signature: This is an online javascript-based tool which allows you to sign messages using your PGP private key. I love the idea of PGP-signed messages (I remember someo...
If you are passionate about computer security, you know the standard advice to NOT use unaudited tools from unknown sources.
"Just look at my code" is not a good answer since people who can usefully look at your code already have a large variety of well-known tools at their disposal. Your target is "normal" people and to them your code is gibberish anyway.
This is not a program I wrote but while we're posting things I have a guide to setting up Automator on a mac to send out an email on login on my blog.
Don't get me wrong. I appreciate the need for constant vigilance, but this type of knee-jerk reaction is what prevents the wider scale adoption of good crypto practices.
Don't set the bar lower; encourage competence. I'll quote this in order to further explain:
The problem is, I had yet to find an easy way to do this that didn't involve downloading command-line based software.
Why not use command line software? This is an important question I have a cached answer to, but I often find my own answer non-satisfactory. We should be living in a tell culture, so I'll tell you that in my experience, there's some sort of dichtomy between CLI and GUI and that gap is usually experienced people on one hand and inexperienced on the other.
I don't have anything to say against the experienced people, but I will say that the inexperienced ones, that seemingly always prefer the GUI also tend to suffer from learned helplessness, and more directly, baby duck syndrome.
That's not to say that they aren't right in a certain way of thought - they want things to be simple - but I often wonder if this is my own optimism about people in general, rather than the inexperienced people's refusal to learn and adapt a factually better way. Many a nerd/geek/enthusianist are baffled and infuriated when their attempts to actually better the world around them is simply bounced off despite their indisputable intent to help those around them. (This is how it feels like, by the way http://www.coding2learn.org/blog/2013/07/29/kids-cant-use-computers/)
But because they're inexperienced, wouldn't that mean that in due time they're going to run into problems? If you have a problem you did not know how to adequately solve, and someone is offering you a solution, would that mean your problem is solved? Not at all, unless you know both your problem good enough that you can say the solution will solve it. The inexperienced people are at the mercy of anyone who is going to give them a solution - and wouldn't you say it's a rationality failure to not correctly solve your problems?
I think that it was in the "shut up and multiply" page on the wiki that says that a whole human life is simply too significant in proximity to a certain fear, or a problem of unknown complexity. Or rather the opposite, fears and problems and other demotivating things that actively delay or even stunt growth are simply too insignificant in front of a whole human life (and that could be your life as well!) that stopping at those should simply not be an option, and is a negative consequence option no matter the situation.
Now, can you tell me why us, the people that actively try to improve our surroundings, the people that care about our environment, the people who are consistently shunned despite our unmistakable, undeniable, and unbelievable effort we put in, are putting in, and will put in, deserve to be completely, unforgivingly, and absolutely pushed aside, once again? Other that being just another plus one to the statistical curve; and secondly, why the implications that people pick up a few books, read a few articles here and there, and perhaps, more bottom line than those previous suggestions, learn some helpfulness, shut up and multiply, and grow up from their baby duck syndrome is such an horrendous thought, and worse, very seldom a suggestion?
And as for a good closing paragraph, I'd like to say that it's my belief that as an adult, you are responsible and indeed must work to self-improve yourself, and in extent, to anything and everyone around you. (Anyone here playing cops and robbers need not apply) I had some more to add but it slipped from my mind. Now, can I please have some answers?
(HAPPY WATCHLIST FOR ME)
If you are trying to trying to make the world a better place and find yourself pushed aside, shunned, bounced off, etc. you are doing it wrong. Stop blaming the people in the world for your inability to change them.
People can be stupid and stubborn. There are two ways around the problem. You can either convince them to stop being stupid and stubborn, in which case you are a salesperson. Or you can develop a solution that works around the problem, in which case you are an engineer. If you do neither and instead complain about how stubborn and stupid peop...
Information security is a pretty big passion of mine; I don't think someone needs to have "something to hide" in order to make use of digital signing, encryption, etc. Another passion of mine is making things easier for other people to do. I've written a couple of tools that I think can be useful for the LW crowd.
Online PGP Signature: This is an online javascript-based tool which allows you to sign messages using your PGP private key. I love the idea of PGP-signed messages (I remember someone under the pseudonym "Professor Quirrell" handing out PGP-verified Quirrell points a few years back). The problem is, I had yet to find an easy way to do this that didn't involve downloading command-line based software. So I wrote this tool that uses open-sourced, javascript-based PGP libraries to let you easily sign messages in your browser.
The whole thing is client-side so your private key is never seen by me, but be smart about security. If you don't trust me, that's fine, just don't use the tool. But also remember that you could have a virus, your computer could be monitored, someone could be watching over your shoulder, etc. so please be smart about your security. But hopefully this can be helpful.
Decoy: an iPhone App: I wrote this after "The Fappening", where I was basically appalled at the terrible security practices that pretty much everyone uses when sending pictures back and forth. Decoy uses a combination of steganography and AES encryption to let you send images back and forth without having to sign up for an account or use some outside service that can be hacked or otherwise compromised.
You take the original picture, then you come up with a passphrase, then you take a "decoy" picture. The original picture is converted to base64 image data, which is then AES-encrypted using your passphrase. The resulting cipher text is then encoded into the pixels of the "decoy" picture, which is what gets saved on your phone and sent out. The "decoy" pictures are indistinguishable from any other picture on your or your recipients' camera rolls, and unless you have the passphrase, then the original image is thoroughly inaccessible.
If your phone is lost, hacked, stolen, or (more benignly) someone happens to be looking through pictures on your phone, all anyone will see are the "decoy" pictures. Without the password, those pictures are worthless. Although the app is primarily branded for, *ahem*, "personal use", there are plenty of other ways to use it. For example, my wife and I use it for things like sending pictures of sensitive physical documents like credit cards, birth certificates, social security cards, etc.
(full disclosure: although Decoy is free, it is ad-supported so I do financially benefit from people using the app. But on the bright side I'm an avowed rationalist and if I make a quajillion dollars with this app I will spend the vast majority of it on LW-friendly causes!)