PGP For Intel Macs
PGP just released a beta version of PGP 9.5 that
has universal binary support. I used to use PGP back in the day on Windows, but
didn't really keep up with it, eventually moving on to GnuPG for my encryption
needs. However, after seeing the note about this new release, I thought I'd give
them another shot. I always loved their nice key management (something GnuPG
doesn't have a great front end for at the
moment.)
I was browsing through their
user's manual while downloading, and came across a paragraph titled "Memory
Static Ion Migration Protection" in the "Special Security Precautions Taken by
PGP Desktop " section. This thing goes on about how an attacker could
theoretically retrieve key or passphrase information from your machines memory -
after it's already been turned off - by reading the static charge left over from
memory that has had the same information stored for long periods. This is some
deep stuff here, and they go on about how they help to protect you against this
remotest of possibilities. Cool
stuff.
So the download finishes, and I
install the thing, import my keys from GnuGP, and go to send an email, and
realize that they've done away with the plugin model for mail, instead relying
on a network proxy that intercepts mail and encrypts and decrypts it
automatically, based on rules you set up. This works similarly to their
Universal Server product. So now Mail.app (and any other mail client) sends mail
to the proxy, where PGP will encrypt it. On the other side of things, incoming
encrypted mail is automagically decrypted and then handed to the email client.
Works OK (though with some pain trying to get everything set
right.)
Then I realized that all the
encrypted and signed email that I'd be receiving, would now be stored in
PLAINTEXT
in my freaking email folders, on a public IMAP server. In addition, there
doesn't even seem to be a way to turn this off or any alternate mechanism aside
from not using the email proxy portion of the product. This breaks about 90% of
the functionality that I use PGP for.
Without storing the encrypted/signed
version of incoming mail, I can no longer guarantee that someone hasn't messed
with it on the server. All that's left is some text pasted at the top of the
mail that says it was signed and verified at some point. No indication of what
that may have been, of course. At that point, someone could just as easily
change the contents to whatever they like, completely bypassing any security
that at one time existed.
This also
goes for sent mail - it's no longer stored in your sent folder encrypted - it's
sitting there in plaintext too. Still worse, there's no indication of what you
did to the email when you sent it. Did I encrypt it? Sign it? Who knows now -
that information is gone now that we're not storing the encrypted/signed copy of
the message.
And still worse, someone
could easily - MUCH TOO EASILY - forge a message that now looks like it's been
verified by the proxy, when it has, in fact, done no such thing.
They do still have a legacy mail
plugin that permits decryption of older emails that you may have received and
didn't pass through the digestive tract of their new product. But get this - on
the message boards someone was complaining that the plugin didn't successfully
decrypt messages from certain people. The response? "Oh, that plugin only works
with some message types. Use the
proxy."
What a
junker.
Yes, they protect you from some
arcane attack that requires an electron microscope and a clean room to make
work, but they'll happily decrypt and store your email in the most unsafe way
possible. What in the world were they thinking? This isn't even limited to the
new Mac product apparently - this is an across the board product line change
that screws everyone.
Posted: Wed - July 19, 2006 at 01:30 PM