Quote from: astor on December 31, 2012, 06:41 amQuote from: Nightcrawler on December 31, 2012, 06:16 amOne side effect is leaking a little information (i.e. your OS) to a potential adversary, but the risk from this is vanishingly small. Not necessarily. This guy downloaded all the public keys in the Post PGP Keys thread up to that point:http://dkn255hz262ypmii.onion/index.php?topic=174.msg666607#msg6666071356 keys total. So, I downloaded all the keys and filtered them by version.Here are the results (I removed a few that were posted incorrectly):Code: [Select]grep -A1 BEGIN sr-2012-12-18-collection.asc | grep -v "^\-" | sort | uniq -c | sort -nr  606 Version: GnuPG v2.0.17 (MingW32)  106   83 Version: GnuPG v2.0.19 (MingW32)  67 Version: GnuPG v2.0.17 (GNU/Linux)  65 Version: GnuPG/MacGPG2 v2.0.18 (Darwin)  61 Version: GnuPG/MacGPG2 v2.0.17 (Darwin)  60 Version: GnuPG v1.4.11 (GNU/Linux)  60 Version: GnuPG v1.4.10 (GNU/Linux)  41 Version: GnuPG v1.4.12 (MingW32)  33 Version: GnuPG v1.4.11 (MingW32)  30 Version: GnuPG v2.0.19 (GNU/Linux)  17 Version: GnuPG v2.0.14 (GNU/Linux)  15 Version: BCPG v1.47  14 Version: BCPG v1.39   8 Version: GnuPG v1.4.12 (GNU/Linux)   6 Version: GnuPG/MacGPG2 v2.0.19 (Darwin)   5 Version: BCPG C# v1.6.1.0   4 Version: GnuPG v2.0.18 (GNU/Linux)   4 Version: GnuPG v1.4.2 (MingW32)   3 Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>   3 Version: PGP Desktop 10.1.1 (Build 10)   3 Version: GnuPG v1.4.9 (MingW32)   3  Version: BCPG v1.47   2 Version: PGP Desktop 9.0.2 (Build 2424) - not licensed for commercial use: www.pgp.com   2 Version: GnuPG v2.0.16 (MingW32)   2 Version: GnuPG v2.0.14 (MingW32)   2 Version: GnuPG v1.4.9 (Darwin)   2  Version: GnuPG v1.4.2 (MingW32) - WinPT 1.4.2   2  Version: GnuPG v1.4.12 (MingW32)   2 Version: GnuPG v1.4.12 (Darwin)   2 Version: GnuPG v1.4.11 (MingW32) - WinPT 1.4.3   2  Version: GnuPG v1.4.11 (MingW32)   2 Version: GnuPG/MacGPG2 v2.0.16 (Darwin)   1 Version: SKS 1.1.1   1 Version: PGP Universal 2.9.1 (Build 347)   1 Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies.   1 Version: PGP Desktop 9.9.0 (Build 397) - not licensed for commercial use: www.pgp.com   1 Version: PGP Desktop 10.2.1 - not licensed for commercial use: www.pgp.com   1 Version: PGP Desktop 10.2.0 (Build 1950)   1 Version: PGP Desktop 10.2.0 (Build 1672)   1 Version: PGP Desktop 10.1.2 (Build 9)   1 Version: PGP Desktop 10.1.1 (Build 10) - not licensed for commercial use: www.pgp.com   1 Version: PGP Desktop 10.0.3 (Build 1)   1 Version: PGP Desktop 10.0.1 (Build 4020)   1 Version: iPGMail (1.33)   1 Version: iPGMail (1.29)   1 Version: Hush 3.0   1 Version: GnuPG v2.0.19 (Darwin)   1 Version: GnuPG v2.0.19   1  Version: GnuPG v2.0.17 (MingW32)   1 Version: GnuPG v2.0.13 (SunOS)   1 Version: GnuPG v2.0.13 (GNU/Linux)   1 Version: GnuPG v1.4.5 (GNU/Linux)   1    Version: GnuPG v1.4.3 (MingW32)   1  Version: GnuPG v1.4.2 (MingW32)   1 Version: GnuPG v1.4.12-SpecialBuild (MingW32) - WinPT 1.5.3   1 Version: GnuPG v1.4.12 (MingW32) - WinPT 1.5.3   1 Version: GnuPG v1.4.12 (MingW32) - WinPT 1.5.2   1 Version: GnuPG v1.4.12 (Darwin)   1 Version: GnuPG v1.4.12 (Cygwin)   1 Version: GnuPG v1.4.11 (OpenBSD)   1 Version: GnuPG v1.2.6 (GNU/Linux)   1 Version: FileAssurity OpenPGP 2.0.2   1    Version: BCPG v1.47   1        Version: BCPG v1.47   1 Version: BCPG v1.45   1  Version: BCPG C# v1.6.1.0   1 Version: 6.5.8ckt b9 http://www.mccune.cc/PGP.htm   1 Version: 6.5.8ckt b9 http://cyberkt.tripod.com/   1 Version: 10.1.2.50   1 GnuPG v2.0.17 (MingW32)   1 Comment: GnuPT-Portable 2.1.5.0   1 Comment: Download: http://portable.gnupt.de    Nice. Wish I'd thought of doing that. Great use of Grep-fu. :-) Quote from: astor on December 31, 2012, 06:41 amWindows is the largest anonymity set with over 50% combined share, and luckily the empty version is second most popular, though fewer than 10% of people use it.However, about 40 people had unique versions, and a bunch more had versions with less than 1% representation (14 keys) in that sample. That creates a potential correlation attack. If you're sending messages to an undercover LEO and later they raid your house, finding a unique version string in your PGP program is pretty good evidence that they have the right person.And yeah, I know some of those unique versions are created by offsets, but if that's what your PGP program does, that's forensic evidence.In light of this data, your best option is actually to fake the most popular version string, since even the no-version option puts you in a rather small anonymity set. But the point is that we are needlessly being divided into, in this case, about 80 smaller anonymity sets.What surprised me, in the list above, is that there's actually people here using Cygwin and OpenBSD! While I appreciate your point about the potential correlation attack, if you happen to be corresponding with an undercover cop, you've got a LOT more to worry about than a simple correlation attack. Frankly, the people who have the most to worry about in this list are those with the BCPG PGP versions. I'd wager half to three-quarters of them have 512-bit Elgamal encryption keys. Also the congenital idiot with the Hush 3.0 key really needs his head examined -- Hush stores this guy's secret key and can capture their passphrase at the drop of a hat -- they have ZERO security. NC