Re: [openpgp] Thunderbird Writing Private Key Pass Phrases to Disk
Paul Wouters <paul@nohats.ca> Sat, 28 November 2020 01:36 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B65BB3A0A49 for <openpgp@ietfa.amsl.com>; Fri, 27 Nov 2020 17:36:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R9mm8fsIA_Ur for <openpgp@ietfa.amsl.com>; Fri, 27 Nov 2020 17:36:40 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73A793A0A42 for <openpgp@ietf.org>; Fri, 27 Nov 2020 17:36:38 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4CjYxb1mbkzDdh; Sat, 28 Nov 2020 02:36:35 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1606527395; bh=aXEyosWhYaBLGe/xBgIydtSTBtoq7xlks8vzLIdJ5rU=; h=From:Subject:Date:References:Cc:In-Reply-To:To; b=VevOtx57f1aXIKLSjZd13sVsvXbEeyjtybhTtafCGHnb0ekuipvnJBF/XFrpq8XRa NlkGLBkhAeLyczroSgNPstrAvurteP2gUGws4nyfQkXdr2zKF2fAba0Qa39vTJqR5z pUY3IYrTdi7SFht2r52QLtH39K+BFEtWYLaSkPRE=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id 38ydCrrFYk7x; Sat, 28 Nov 2020 02:36:33 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Sat, 28 Nov 2020 02:36:33 +0100 (CET)
Received: from [193.110.157.220] (unknown [193.110.157.220]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by bofh.nohats.ca (Postfix) with ESMTPSA id F3EC56020EC4; Fri, 27 Nov 2020 20:36:31 -0500 (EST)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Paul Wouters <paul@nohats.ca>
Mime-Version: 1.0 (1.0)
Date: Fri, 27 Nov 2020 20:36:29 -0500
Message-Id: <2908F40C-5525-4865-8198-429588798536@nohats.ca>
References: <MTAwMDAzOC5jb3VsZGJl.1606515776@quikprotect>
Cc: openpgp@ietf.org
In-Reply-To: <MTAwMDAzOC5jb3VsZGJl.1606515776@quikprotect>
To: openpgp@couldbe.nulluser.com
X-Mailer: iPhone Mail (18A8395)
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/IbUtsuhtdKd8AmE8bwSygHI4soE>
Subject: Re: [openpgp] Thunderbird Writing Private Key Pass Phrases to Disk
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Nov 2020 01:36:43 -0000
On Nov 27, 2020, at 18:15, openpgp@couldbe.nulluser.com wrote: > > This seems so fundamentally wrong I'm having trouble understanding why the developer insists on doing it. You seem to have different expectations from a mail client than the thunderbird people (and me) > PGP passwords should not be stored on disk. (Security Issue) That was agree on. There should be a one time master password unlock on startup and then it should remain n memory (maybe indirectly so the pgp key isn’t unencrypted into memory all the time) > > ----------------------------- > > Keeping PGP Private Key Passwords in memory per session is reasonable but saving them for automatic decryption along with account passwords is NOT! It might be keeping the pin, not the password. At least I think it should do that. > There is a big difference in expected privacy and security levels between an account password and a PGP Private Key Password! That I don’t see because I want my email client to be able to read, index and search all (decrypted) email. > PGP passwords should not reside on disk anywhere! By rights, they should also be explicitly purged from memory upon exiting Thunderbird. Yes. > Actual results: > > Private PGP key automatically accessed without having to enter password after first use. That is required for any usable mail client. > Expected results: > > PGP Private Key Password should be solicited for manual entry upon every session. Then you should maybe not use a mail client. If you can trust the mail client briefly, you might as well trust it while running. > PGP Private Key Password should reside only in memory per session. Yes. > PGP Private Key Password should be explicitly wiped from memory upon Thunderbird exit. Yes > PGP passwords should not be stored on disk. (Security Issue) Pins can be stored behind a master password. > ----------------------------- > > Using the master password will give you that. (See bug 1662272). > Of course, if you really care about what's written to disk, you should not rely on that, but use full disk encryption. > Status: UNCONFIRMED → RESOLVED > Closed: 1 hour ago > Resolution: --- → INVALID > > ----------------------------- > > No the master password does NOT "give me that," you are degrading security! I disagree. Having hundreds of emails encrypted with pgp without being able to search them makes the whole email setup useless. So to make it useful, use full disk encryption and a master password to unlock the pgp passphrase for new incoming emails or outgoing ones. Keep all emails decrypted. > OpenPGP already has a strong security mechanism in the form of a Private Key Pass Phrase. Normal use of PGP/GPG/OpenPGP never involves writing that private key pass phrase to disk. Unencrypted I agree. Encrypted by thunderbird is fine to me. > First -- I do not want ALL of my secure email unlocked and exposed everytime I run Thunderbird. You want a feature where to read 100 emails you need to type 100 passphrases ? I don’t think that is a reasonable email client feature. > Second -- Full disk encryption only provides protection to dead systems. The drive is effectively decrypted while in use and it's contents are subject to the same live access as any other drive. Yes, so that you can read, index and search emails. Otherwise you have a graphical interface to pgp - which is far from an email client experience. > Third -- The Master password groups everything together at the same level. PGP Private keys demand a considerably higher level of security than access to Youtube or Reddit. You seem to mistake thunderbird for Firefox. I believe the master password is as secure as the pgp passphrase method from a cryptographic point of view. > Fourth -- People have more than one Private Key. Recording all the private key pass phrases together yet again degrades security. Thunderbird has different profiles. Don’t those have different master passwords? > Ironically this doesn't require custom code development, Thunderbird already does the proper thing if there is no known private key. Simply remove the extra code that subverts everything by saving the Pass Phrase. That’s not what the majority wants for their email client. They want it to store, index, read and search ALL emails without having to guess between 100 individually encrypted emails and needing to type their passphrase 100 times. I agree the pgp passphrase or pgp private key should not be written to disk ever, regardless of full disk encryption. But on your other points I disagree. Pgp email is already too unusable. If it was usable, we all would be defaulting to use it already. Even we don’t do that - let alone average endusers. Paul