We may earn a commission if you buy something from any affiliate links on our site. Learn more.

AMIT KATWALA SECURITY 17.05.2018 12:21 PM

We're calling it: PGP is dead

The EFail vulnerability threatened to punch a hole in PGP's security. Ditch
encrypted email and use Signal for your messaging instead

ISTOCK / MACK15

When Edward Snowden wanted to contact filmmaker Laura Poitras to blow the whistle on
activities at the NSA, his first step was to find out her public PGP key.
PGP stands for ‘Pretty Good Privacy,’ and it has been one of the dominant forms of end-to-
end encryption for email communications since the 1990s. Users have a public key and a
private key – senders use the former to encrypt messages, which can only be decoded by
someone who has access to the latter.

Since Snowden, PGP and open-source equivalent GPG (GNU Privacy Guard) have become
increasingly popular forms of encryption for whistleblowers, dissidents, and human rights
activists. Journalists place links to their public keys on their Twitter profiles to give would-
be sources a safe means of contacting them.

But, on May 14, researchers from Munster University of Applied Sciences released details of
what’s been reported as a "serious flaw" in PGP. The exploit, dubbed 'EFail',’ uses a piece of
HTML code to trick certain email clients, including Apple Mail, Outlook 2007 and
Thunderbird, into revealing encrypted messages.

Some argue that the vulnerability has been blown out of proportion. “I’m not sure how
widely it’s going to be exploited,” says Ross Brewer, of cybersecurity firm LogRhythm. “It’s
interesting in theory.” Brewer points out that to use the exploit, hackers would already
need to have access to some of your encrypted emails so that they can inject the relevant
code. It also only afflicts certain email clients, and turning off HTML rendering for all
emails offers an easy fix while they are patched.

Scrutiny of the vulnerability after it was published also says it was overhyped. Encrypted
email provider ProtonMail published a blogpost stating there were "pretty strong caveats"
to the research. Nonetheless, the Electronic Frontier Foundation, a non-profit that
promotes free and fair access to technology, has recommended that users stop using PGP
for encryption for the time being.

But even before this week’s news, questions have been raised about the usability of PGP.
Matthew Green, a cryptographer and professor at John Hopkins University has argued that
“it’s time for PGP to die”. It turns out that for the majority of people, Pretty Good Privacy
may not be good enough.

‘It’s time for PGP to die’

One of the many problems with PGP is its age, says Green. It was first developed in 1991
(“when we didn’t really know anything about crypto”) and then standardised into
OpenPGP from 1997.
The science of cryptography has advanced dramatically since then, but PGP hasn’t, and
any new implementations have to remain compatible with the features of previous tools,
which can leave them vulnerable to similar exploits.

There are other faults, including the difficulty of accessing encrypted emails across
multiple devices, and the issue of forward secrecy, which means that a breach potentially
opens up all your past communication (unless you change your keys regularly). It’s
rumoured that the NSA stockpiles encrypted messages in the hope of gaining access to the
keys at a later date.

But the biggest problem with PGP is how difficult it is for people to use simply. "It’s a real
pain," says Green. "There’s key management – you have to use it in your existing email
client, and then you have to download keys, and then there’s this whole third issue of
making sure they’re the right keys."

This criticism has plagued PGP for most of its existence. A technical research paper by
Alma Whitten and JD Tygar called Why Johnny Can’t Encrypt: a Usability Evaluation of
PGP 5.0 drew attention to the problem as early as 1999.

To encrypt an email manually using PGP requires a decent level of technical knowledge,
and adds several steps to the process of sending each message, to the extent that even Phil
Zimmerman, the creator of PGP, no longer uses it.

Read more: Protect your iPhone with these essential iOS security tips

“All of these things have been really hard for non-experts, and even for experts,” says
Green. Even Edward Snowden has screwed it up. When he first reached out anonymously
to a friend of Poitras, Micah Lee, to ask him for her public PGP key, he forgot to attach his
own public key, meaning that Hill had no secure way to respond to him.

Many of the issues around PGP are aligned with email being a dated form of
communication. To make PGP easier to use, end users can install plug-ins for their email
clients, or use browser-based solutions to encrypt and decode their messages, but this is
where vulnerabilities can creep in.

In the case of EFail, the issue is not with the PGP protocol itself, but with the way it has
been implemented, says Josh Boehm, founder and CEO of encrypted communications
service cyph.com, which offers private voice and video chat in a web browser.

“There’s no standard way of implementing it, so a number of people have just done it
wrong,” he says. “That then becomes the weakest link in the chain. It doesn’t matter how
strong the chain of PGP is, if they can get you to unlock it and send that information to
them it’s essentially worthless.”

The rise of encrypted messengers

We could all benefit from end-to-end encryption of our emails, but because it’s so difficult
to use, PGP has largely remained the reserve of tech-savvy whistle-blowers and
cryptography experts. Green says a recent search puts the number of non-expired public
PGP keys at around 50,000. “That’s the total usage of PGP,” he says. “The vast majority of
people don’t use it.”

By contrast, in 2016, there were almost 50 million global downloads of the encrypted
messaging app Telegram. On Twitter, links to PGP keys in the bios of journalists are being
replaced by the phone numbers they use for Signal, the encrypted messaging service
endorsed by leading security experts around the world. Then there’s Apple’s iMessage, and
of course WhatsApp - which, in turning on end-to-end encryption for more than a billion
by default has arguably done the most to take encryption to the masses.

“Not only are there improvements to the encryption itself, you don’t have to do anything
technical to get set-up, and you don’t really have to be worried in most cases about your
data being exfiltrated,” says Boehm.

Green says these apps, with their modern cryptography techniques and seamless user
experience, are “the solution” to problems of PGP. “You have all the key management
problems hidden from you. They’re managed by the system.”

Of course, there are potential problems with allowing private companies to hold the keys
to all of your sensitive conversations. But, these projects are generally less vulnerable than
PGP because they are independent, says Green.

“When something goes wrong with WhatsApp, WhatsApp fixes it,” he says. “When
something goes wrong in the amorphous PGP community, no one puts their hand up to fix
it. Individually people think about the security of their own tool. They don’t think about
the whole system.”

Green would like to see a world where we encrypt all of our communications, including
email. In 2014, Google launched a project with Yahoo to bring end-to-end encryption to
their email services. The two companies account for a significant proportion of the world’s
email traffic, and it would have been a big step towards Green’s vision, if Google hadn’t
cancelled the project.
This week’s news has demonstrated why PGP is not the answer, but encrypted messengers
show the way forward. “It’s not going to get better tomorrow, but you can make encryption
the default if you make the services good enough,” says Green. Until then, better head to
the App Store.

Amit Katwala is a senior writer at WIRED with a focus on longform features, science, and culture. He graduated
from the University of Oxford with a degree in experimental psychology, and is the author of two books: The
Athletic Brain, about the rise of neuroscience in sport, and a WIRED... Read more

SENIOR WRITER

TOPICS HACKING SECURITY

MORE FROM WIRED UK

SECURITY

How Whistleblowers Navigate a Security Minefield

Exposing wrongdoing is risky on the best of days. Whistleblower Aid cofounder John Tye explains the extensive
steps needed to keep people safe.
BY MATT BURGESS
 SECURITY

A US Propaganda Operation Hit Russia and China With Memes

Plus: An Iranian hacking tool steals inboxes, LastPass gets hacked, and a deepfake scammer targets the crypto
world.
BY MATT BURGESS

SECURITY
Hackers Target Los Angeles School District With Ransomware

Plus: Albania cuts ties with Iran, claims of a TikTok data breach that didn’t happen, and much more.
BY MATT BURGESS

BUSINESS

The Twitter Whistleblower Plays Right Into Elon Musk’s Hands

Damning accusations from Twitter’s former chief of security could have widespread consequences for Musk’s
takeover.
BY CHRIS STOKEL-WALKER
 SECURITY

Apple Fixed a Serious iOS Security Flaw—Have You Updated Yet?

Plus: Chrome patches another zero-day flaw, Microsoft closes up 100 vulnerabilities, Android gets a significant
patch, and more.
BY KATE O'FLAHERTY

SECURITY

Apple’s Killing the Password. Here’s Everything You Need to Know

With iOS 16 and macOS Ventura, Apple is introducing passkeys—a more convenient and secure alternative to
passwords.
BY MATT BURGESS
 CULTURE

The Sad Clown Joke That Became a Beloved Meme

Riffs on a wisecrack about the great Pagliacci have been around for decades. Their proliferation on Twitter says
something about the human condition.
BY AMELIA TAIT

BUSINESS

Twitter Gets an Edit Button

You’ll have 30 minutes to alter your tweets—but only if you subscribe to Twitter Blue.
BY CHRIS STOKEL-WALKER