Silk Road forums

Discussion => Security => Topic started by: Capital1 on December 30, 2012, 11:54 pm

Title: Encrypted message not showing PGP version
Post by: Capital1 on December 30, 2012, 11:54 pm
Recently someone pointed out to me that my encrypted messages were not displaying the version of pgp I use.  I can't seem to figure out how to change this, does anyone know how?

Thanks
Title: Re: Encrypted message not showing PGP version
Post by: Nightcrawler on December 31, 2012, 06:16 am
Recently someone pointed out to me that my encrypted messages were not displaying the version of pgp I use.  I can't seem to figure out how to change this, does anyone know how?

Thanks

Why would you want to change this?  All the Version: string does is reveal which OS and which version of PGP/GPG you're using. This string is informational only -- in general, it has no bearing on whether or not you can encrypt/decrypt any particular message. Sometimes it is useful to know which version of PGP/GPG and which OS a user is running -- e.g. if a user's key bears the following version string: Version: GnuPG v2.0.17 (MingW32) then this is a giveaway that they are running Windows, and they likely are using GPG4WIN (and possibly Kleopatra) to boot.

Likewise, if a user's key has the following Version: GnuPG/MacGPG2 v2.0.18 (Darwin) we know they're using Mac OS X.

This information is nice to have, if the user is running into problems, so a proper recommendation can be made to help remedy the situation. One side effect is leaking a little information (i.e. your OS) to a potential adversary, but the risk from this is vanishingly small.

NC
Title: Re: Encrypted message not showing PGP version
Post by: astor on December 31, 2012, 06:41 am
One side effect is leaking a little information (i.e. your OS) to a potential adversary, but the risk from this is vanishingly small.

Not necessarily. This guy downloaded all the public keys in the Post PGP Keys thread up to that point:

http://dkn255hz262ypmii.onion/index.php?topic=174.msg666607#msg666607

1356 keys total. So, I downloaded all the keys and filtered them by version.

Here are the results (I removed a few that were posted incorrectly):

Code: [Select]
grep -A1 BEGIN sr-2012-12-18-collection.asc | grep -v "^\-" | sort | uniq -c | sort -nr
    606 Version: GnuPG v2.0.17 (MingW32)
    106
     83 Version: GnuPG v2.0.19 (MingW32)
     67 Version: GnuPG v2.0.17 (GNU/Linux)
     65 Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
     61 Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
     60 Version: GnuPG v1.4.11 (GNU/Linux)
     60 Version: GnuPG v1.4.10 (GNU/Linux)
     41 Version: GnuPG v1.4.12 (MingW32)
     33 Version: GnuPG v1.4.11 (MingW32)
     30 Version: GnuPG v2.0.19 (GNU/Linux)
     17 Version: GnuPG v2.0.14 (GNU/Linux)
     15 Version: BCPG v1.47
     14 Version: BCPG v1.39
      8 Version: GnuPG v1.4.12 (GNU/Linux)
      6 Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
      5 Version: BCPG C# v1.6.1.0
      4 Version: GnuPG v2.0.18 (GNU/Linux)
      4 Version: GnuPG v1.4.2 (MingW32)
      3 Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
      3 Version: PGP Desktop 10.1.1 (Build 10)
      3 Version: GnuPG v1.4.9 (MingW32)
      3     Version: BCPG v1.47
      2 Version: PGP Desktop 9.0.2 (Build 2424) - not licensed for commercial use: www.pgp.com
      2 Version: GnuPG v2.0.16 (MingW32)
      2 Version: GnuPG v2.0.14 (MingW32)
      2 Version: GnuPG v1.4.9 (Darwin)
      2     Version: GnuPG v1.4.2 (MingW32) - WinPT 1.4.2
      2     Version: GnuPG v1.4.12 (MingW32)
      2 Version: GnuPG v1.4.12 (Darwin)
      2 Version: GnuPG v1.4.11 (MingW32) - WinPT 1.4.3
      2     Version: GnuPG v1.4.11 (MingW32)
      2 Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
      1 Version: SKS 1.1.1
      1 Version: PGP Universal 2.9.1 (Build 347)
      1 Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies.
      1 Version: PGP Desktop 9.9.0 (Build 397) - not licensed for commercial use: www.pgp.com
      1 Version: PGP Desktop 10.2.1 - not licensed for commercial use: www.pgp.com
      1 Version: PGP Desktop 10.2.0 (Build 1950)
      1 Version: PGP Desktop 10.2.0 (Build 1672)
      1 Version: PGP Desktop 10.1.2 (Build 9)
      1 Version: PGP Desktop 10.1.1 (Build 10) - not licensed for commercial use: www.pgp.com
      1 Version: PGP Desktop 10.0.3 (Build 1)
      1 Version: PGP Desktop 10.0.1 (Build 4020)
      1 Version: iPGMail (1.33)
      1 Version: iPGMail (1.29)
      1 Version: Hush 3.0
      1 Version: GnuPG v2.0.19 (Darwin)
      1 Version: GnuPG v2.0.19
      1     Version: GnuPG v2.0.17 (MingW32)
      1 Version: GnuPG v2.0.13 (SunOS)
      1 Version: GnuPG v2.0.13 (GNU/Linux)
      1 Version: GnuPG v1.4.5 (GNU/Linux)
      1         Version: GnuPG v1.4.3 (MingW32)
      1     Version: GnuPG v1.4.2 (MingW32)
      1 Version: GnuPG v1.4.12-SpecialBuild (MingW32) - WinPT 1.5.3
      1 Version: GnuPG v1.4.12 (MingW32) - WinPT 1.5.3
      1 Version: GnuPG v1.4.12 (MingW32) - WinPT 1.5.2
      1  Version: GnuPG v1.4.12 (Darwin)
      1 Version: GnuPG v1.4.12 (Cygwin)
      1 Version: GnuPG v1.4.11 (OpenBSD)
      1 Version: GnuPG v1.2.6 (GNU/Linux)
      1 Version: FileAssurity OpenPGP 2.0.2
      1         Version: BCPG v1.47
      1                 Version: BCPG v1.47
      1 Version: BCPG v1.45
      1     Version: BCPG C# v1.6.1.0
      1 Version: 6.5.8ckt  b9  http://www.mccune.cc/PGP.htm
      1 Version: 6.5.8ckt b9  http://cyberkt.tripod.com/
      1 Version: 10.1.2.50
      1 GnuPG v2.0.17 (MingW32)
      1 Comment: GnuPT-Portable 2.1.5.0
      1 Comment: Download: http://portable.gnupt.de


Windows is the largest anonymity set with over 50% combined share, and luckily the empty version is second most popular, though fewer than 10% of people use it.

However, about 40 people had unique versions, and a bunch more had versions with less than 1% representation (14 keys) in that sample. That creates a potential correlation attack. If you're sending messages to an undercover LEO and later they raid your house, finding a unique version string in your PGP program is pretty good evidence that they have the right person.

And yeah, I know some of those unique versions are created by offsets, but if that's what your PGP program does, that's forensic evidence.

In light of this data, your best option is actually to fake the most popular version string, since even the no-version option puts you in a rather small anonymity set. But the point is that we are needlessly being divided into, in this case, about 80 smaller anonymity sets.
Title: Re: Encrypted message not showing PGP version
Post by: Nightcrawler on December 31, 2012, 10:02 pm
One side effect is leaking a little information (i.e. your OS) to a potential adversary, but the risk from this is vanishingly small.

Not necessarily. This guy downloaded all the public keys in the Post PGP Keys thread up to that point:

http://dkn255hz262ypmii.onion/index.php?topic=174.msg666607#msg666607

1356 keys total. So, I downloaded all the keys and filtered them by version.

Here are the results (I removed a few that were posted incorrectly):

Code: [Select]
grep -A1 BEGIN sr-2012-12-18-collection.asc | grep -v "^\-" | sort | uniq -c | sort -nr
    606 Version: GnuPG v2.0.17 (MingW32)
    106
     83 Version: GnuPG v2.0.19 (MingW32)
     67 Version: GnuPG v2.0.17 (GNU/Linux)
     65 Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
     61 Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
     60 Version: GnuPG v1.4.11 (GNU/Linux)
     60 Version: GnuPG v1.4.10 (GNU/Linux)
     41 Version: GnuPG v1.4.12 (MingW32)
     33 Version: GnuPG v1.4.11 (MingW32)
     30 Version: GnuPG v2.0.19 (GNU/Linux)
     17 Version: GnuPG v2.0.14 (GNU/Linux)
     15 Version: BCPG v1.47
     14 Version: BCPG v1.39
      8 Version: GnuPG v1.4.12 (GNU/Linux)
      6 Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
      5 Version: BCPG C# v1.6.1.0
      4 Version: GnuPG v2.0.18 (GNU/Linux)
      4 Version: GnuPG v1.4.2 (MingW32)
      3 Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
      3 Version: PGP Desktop 10.1.1 (Build 10)
      3 Version: GnuPG v1.4.9 (MingW32)
      3     Version: BCPG v1.47
      2 Version: PGP Desktop 9.0.2 (Build 2424) - not licensed for commercial use: www.pgp.com
      2 Version: GnuPG v2.0.16 (MingW32)
      2 Version: GnuPG v2.0.14 (MingW32)
      2 Version: GnuPG v1.4.9 (Darwin)
      2     Version: GnuPG v1.4.2 (MingW32) - WinPT 1.4.2
      2     Version: GnuPG v1.4.12 (MingW32)
      2 Version: GnuPG v1.4.12 (Darwin)
      2 Version: GnuPG v1.4.11 (MingW32) - WinPT 1.4.3
      2     Version: GnuPG v1.4.11 (MingW32)
      2 Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
      1 Version: SKS 1.1.1
      1 Version: PGP Universal 2.9.1 (Build 347)
      1 Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies.
      1 Version: PGP Desktop 9.9.0 (Build 397) - not licensed for commercial use: www.pgp.com
      1 Version: PGP Desktop 10.2.1 - not licensed for commercial use: www.pgp.com
      1 Version: PGP Desktop 10.2.0 (Build 1950)
      1 Version: PGP Desktop 10.2.0 (Build 1672)
      1 Version: PGP Desktop 10.1.2 (Build 9)
      1 Version: PGP Desktop 10.1.1 (Build 10) - not licensed for commercial use: www.pgp.com
      1 Version: PGP Desktop 10.0.3 (Build 1)
      1 Version: PGP Desktop 10.0.1 (Build 4020)
      1 Version: iPGMail (1.33)
      1 Version: iPGMail (1.29)
      1 Version: Hush 3.0
      1 Version: GnuPG v2.0.19 (Darwin)
      1 Version: GnuPG v2.0.19
      1     Version: GnuPG v2.0.17 (MingW32)
      1 Version: GnuPG v2.0.13 (SunOS)
      1 Version: GnuPG v2.0.13 (GNU/Linux)
      1 Version: GnuPG v1.4.5 (GNU/Linux)
      1         Version: GnuPG v1.4.3 (MingW32)
      1     Version: GnuPG v1.4.2 (MingW32)
      1 Version: GnuPG v1.4.12-SpecialBuild (MingW32) - WinPT 1.5.3
      1 Version: GnuPG v1.4.12 (MingW32) - WinPT 1.5.3
      1 Version: GnuPG v1.4.12 (MingW32) - WinPT 1.5.2
      1  Version: GnuPG v1.4.12 (Darwin)
      1 Version: GnuPG v1.4.12 (Cygwin)
      1 Version: GnuPG v1.4.11 (OpenBSD)
      1 Version: GnuPG v1.2.6 (GNU/Linux)
      1 Version: FileAssurity OpenPGP 2.0.2
      1         Version: BCPG v1.47
      1                 Version: BCPG v1.47
      1 Version: BCPG v1.45
      1     Version: BCPG C# v1.6.1.0
      1 Version: 6.5.8ckt  b9  http://www.mccune.cc/PGP.htm
      1 Version: 6.5.8ckt b9  http://cyberkt.tripod.com/
      1 Version: 10.1.2.50
      1 GnuPG v2.0.17 (MingW32)
      1 Comment: GnuPT-Portable 2.1.5.0
      1 Comment: Download: http://portable.gnupt.de
     
Nice. Wish I'd thought of doing that. Great use of Grep-fu. :-)

Windows is the largest anonymity set with over 50% combined share, and luckily the empty version is second most popular, though fewer than 10% of people use it.

However, about 40 people had unique versions, and a bunch more had versions with less than 1% representation (14 keys) in that sample. That creates a potential correlation attack. If you're sending messages to an undercover LEO and later they raid your house, finding a unique version string in your PGP program is pretty good evidence that they have the right person.

And yeah, I know some of those unique versions are created by offsets, but if that's what your PGP program does, that's forensic evidence.

In light of this data, your best option is actually to fake the most popular version string, since even the no-version option puts you in a rather small anonymity set. But the point is that we are needlessly being divided into, in this case, about 80 smaller anonymity sets.

What surprised me, in the list above, is that there's actually people here using Cygwin and OpenBSD!

While I appreciate your point about the potential correlation attack, if you happen to be corresponding with an undercover cop, you've got a LOT more to worry about than a simple correlation attack.

Frankly, the people who have the most to worry about in this list are those with the BCPG PGP versions. I'd wager half to three-quarters of them have 512-bit Elgamal encryption keys. Also the congenital idiot with the Hush 3.0 key really needs his head examined -- Hush stores this guy's secret key and can capture their passphrase at the drop of a hat -- they have ZERO security.

NC
Title: Re: Encrypted message not showing PGP version
Post by: astor on January 01, 2013, 04:40 pm
While I appreciate your point about the potential correlation attack, if you happen to be corresponding with an undercover cop, you've got a LOT more to worry about than a simple correlation attack.

True, and one thing I thought of after posting that is that if LE is looking at your computer and PGP program, they will probably find your PGP key. Matching the key ID will be much better evidence than the program version. Still, as I said, it's entirely avoidable. Publishing the version makes sense in the normal use case for PGP, which is distributed software development. Those people are not anonymous and have no reason to hide their PGP program. In that case, I understand the argument that posting the version can allow others to alert you if you are using vulnerable software. You have that benefit at no cost. In our case, the cost is a smaller anonymity set, sometimes down to a unique identifier.

Think of it this way, most people would not dare to post their first name (even without the last name) publicly. Somehow that's a scary proposition, even though there are millions of Johns and Daniels in the world. But they have no problem posting a PGP version with no more than 1/1350 market share, which is like publicly posting that your first name is Kolten, Jensen or Yurem.

http://babyfit.sparkpeople.com/baby_names_top1000.asp?page=2&gender=0

Not a good idea, in my opinion.

Frankly, the people who have the most to worry about in this list are those with the BCPG PGP versions. I'd wager half to three-quarters of them have 512-bit Elgamal encryption keys. Also the congenital idiot with the Hush 3.0 key really needs his head examined

I literally laughed out loud :)