Download presentation
Presentation is loading. Please wait.
Published byNicholas Douglas Modified over 8 years ago
1
PGP Stephen Smith – December 11, 2013
2
Outline - Pretty Good Privacy History How It Works How To Use It Questions I Get Taken Away In Handcuffs
3
History of PGP
4
Separated At Birth?
5
History of PGP Uploaded to Peacenet Message board for activists Encryption viewed as “munitions” NSA banned >40-bit ciphers from export Zimmerman charged as arms dealer Charges dropped after several years
6
History of PGP How they got around it Sold books containing entire source code Cut binding off, scan with OCR, presto! Export of books protected under 1 st Amendment Crypto now free speech too Bernstein v. United States Junger v. Daley
7
History of PGP PGP Corporation founded in 2001 Sold to Symantec in 2010 Open source version also available GnuPG (GNU Privacy Guard)
8
How Does It Work?
9
Step One: Text Compression Smaller size Faster transmission Improved resistance to frequency analysis Incomplete message = harder to break
10
Step Two: Encryption Session key is randomly generated “Random” = very strict meaning in cryptography Session key used to encrypt message Cipher used = AES
11
AES Advanced Encryption Standard Rijndael Joan Daemen and Vincent Rijmen Block cipher As opposed to stream cipher Chunks data up, shuffles it in predictable fashion …predictable to anyone with the key, that is
12
AES Attacked via side channels Weaknesses in implementation, not math Math-only attacks getting progressively better
13
Step 3: Authentication Session key encrypted with sender’s public key Cipher used = RSA
14
RSA Ron Rivest, Adi Shamir, Leonard Adleman Developed 3 years earlier at GCHQ British NSA Not declassified until 1997 Explaining it would be a bit mathy for ten minutes It’s not THAT hard, just a little complex Involves prime numbers and modular arithmetic You already know one, you’ll know the other in a minute
15
RSA Attacked by prime factoring Getting better every year Shor’s algorithm + quantum computer Next step = Elliptic Curve Cryptography (ECC) ECDSA = Elliptic Curve Digital Signature Algorithm Ars Technica posted a good summary last week
16
Step 4: Hash Production Message in, hashtext out Hashtext encrypted with sender’s private key Ensures message can’t be modified and rehashed Cipher used = SHA
17
SHA Secure Hashing Algorithm (SHA-3) Keccak Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche Hash function Modular arithmetic One-way function
18
SHA Attacked by collisions Predictable output Identical output for different input The birthday paradox
19
Step 4.5: Why Three Ciphers? Message encrypted with AES session key AES is way faster than RSA Session key encrypted with RSA public key RSA has public/private keypairs Message hashed with SHA SHA ensures consistent output Coordinating all this is why PGP is awesome.
20
Step 5: Message Sent & Received Both aspects of secure email are now present Encryption Authentication Message is sent, entire process is reversed Session key decrypted by receiver’s private key Message decrypted with session key Original hash decrypted with sender’s public key Received message hashed and compared Text decompressed
21
Summary Message is encrypted and signed Message is transmitted Message is checked for integrity and decrypted
22
How To Use It Outlook PGP For Outlook Thunderbird Enigmail Gmail, Hotmail, etc. Say hi to the NSA for me!
23
Questions?
24
Sources Cited Singh, S. (2000). The code book: The science of secrecy from ancient egypt to quantum cryptography. New York City: Anchor. Ferguson, N., Schneier, B., & Tadayoshi, K (2010). Cryptography engineering: Design principles and practical applications. New York City: Wiley. PGP International. (1999). How pgp works. Retrieved from http://www.pgpi.org/doc/pgpintro/
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.