ietf-openpgp
[Top] [All Lists]

Re: [openpgp] Thunderbird Writing Private Key Pass Phrases to Disk

2020-11-28 03:11:23
Seconding Paul and Magnus here ... this was also the rough consensus 
from several PGP implementors during discussions of Autocrypt.  Specifically
https://autocrypt.org/level1.html#secret-key-protection-at-rest states: 

    The MUA MAY protect the secret key (and other sensitive data it has
    access to) with a password, but it SHOULD NOT require the user to enter
    the password each time they send or receive a mail. Since
    Autocrypt-enabled MUAs sign all encrypted outgoing messages, it could
    happen that the user has to enter the password very often, both for
    reading and sending mail. This introduces too much friction to become
    part of a routine daily workflow.

    Note that password protection of the secret key carries with it a risk
    that the user might forget their password, which might result in
    catastrophic data loss. Unlike IMAP or SMTP credentials (which can be
    reset by the server operator given some sort of out-of-band
    confirmation), there is no recovery workflow possible for the loss of a
    password protecting a secret key. An MUA that chooses to offer password
    protection of the secret key (or other sensitive data) SHOULD support
    usable and secure backup/recovery workflows for the protected material.

best,
holger

On Fri, Nov 27, 2020 at 20:36 -0500, Paul Wouters wrote:
On Nov 27, 2020, at 18:15, openpgp(_at_)couldbe(_dot_)nulluser(_dot_)com 
wrote:

This seems so fundamentally wrong I'm having trouble understanding why the 
developer insists on doing it.

You seem to have different expectations from a mail client than the 
thunderbird people (and me)

PGP passwords should not be stored on disk. (Security Issue)

That was agree on. There should be a one time master password unlock on 
startup and then it should remain n memory (maybe indirectly so the pgp key 
isn’t unencrypted into memory all the time)



               -----------------------------

Keeping PGP Private Key Passwords in memory per session is reasonable but 
saving them for automatic decryption along with account passwords is NOT!

It might be keeping the pin, not the password. At least I think it should do 
that.


There is a big difference in expected privacy and security levels between 
an account password and a PGP Private Key Password!

That I don’t see because I want my email
client to be able to read, index and search all (decrypted) email. 

PGP passwords should not reside on disk anywhere! By rights, they should 
also be explicitly purged from memory upon exiting Thunderbird.

Yes.


Actual results:

Private PGP key automatically accessed without having to enter password 
after first use.

That is required for any usable mail client.


Expected results:

PGP Private Key Password should be solicited for manual entry upon every 
session.

Then you should maybe not use a mail client. If you can trust the mail client 
briefly, you might as well trust it while running.


PGP Private Key Password should reside only in memory per session.

Yes.


PGP Private Key Password should be explicitly wiped from memory upon 
Thunderbird exit.

Yes

PGP passwords should not be stored on disk. (Security Issue)

Pins can be stored behind a master password.


               -----------------------------

Using the master password will give you that. (See bug 1662272).
Of course, if you really care about what's written to disk, you should not 
rely on that, but use full disk encryption.
Status: UNCONFIRMED → RESOLVED
Closed: 1 hour ago
Resolution: --- → INVALID

               -----------------------------

No the master password does NOT "give me that," you are degrading security!

I disagree. Having hundreds of emails encrypted with pgp without being able 
to search them makes the whole email setup useless. So to make it useful, use 
full disk encryption and a master password to unlock the pgp passphrase for 
new incoming emails or outgoing ones. Keep all emails decrypted.


OpenPGP already has a strong security mechanism in the form of a Private 
Key Pass Phrase. Normal use of PGP/GPG/OpenPGP never involves writing that 
private key pass phrase to disk.

Unencrypted I agree. Encrypted by thunderbird is fine to me.

First -- I do not want ALL of my secure email unlocked and exposed 
everytime I run Thunderbird.

You want a feature where to read 100 emails you need to type 100 passphrases 
? I don’t think that is a reasonable email client feature.


Second -- Full disk encryption only provides protection to dead systems. 
The drive is effectively decrypted while in use and it's contents are 
subject to the same live access as any other drive.

Yes, so that you can read, index and search emails. Otherwise you have a 
graphical interface to pgp - which is far from an email client experience.


Third -- The Master password groups everything together at the same level. 
PGP Private keys demand a considerably higher level of security than access 
to Youtube or Reddit.

You seem to mistake thunderbird for Firefox.
I believe the master password is as secure as the pgp passphrase method from 
a cryptographic point of view.

Fourth -- People have more than one Private Key. Recording all the private 
key pass phrases together yet again degrades security.

Thunderbird has different profiles. Don’t those have different master 
passwords?


Ironically this doesn't require custom code development, Thunderbird 
already does the proper thing if there is no known private key. Simply 
remove the extra code that subverts everything by saving the Pass Phrase. 


That’s not what the majority wants for their email client. They want it to 
store, index, read and search ALL emails without having to guess between 100  
individually encrypted emails and needing to type their passphrase 100 times.

I agree the pgp passphrase or pgp private key should not be written to disk 
ever, regardless of full disk encryption. But on your other points I 
disagree. Pgp email is already too unusable. If it was usable, we all would 
be defaulting to use it already. Even we don’t do that - let alone average 
endusers.

Paul 



_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp

<Prev in Thread] Current Thread [Next in Thread>