[lifeisstillgood]

My understanding is quite different. Email is inherently insecure and there is nothing you can do about it.

PGP is insecure for everything else as well

The Latacora article was eye-opening for me on the email problem - quite simply if I send an encrypted mail to a friend / collegue - which I intend them to read, and they read it and quote it to someone else in plain text then that's it - my plaintext and my cipher are available in the wild and my key (my long term key) is effectively broken.

I simply never thought it through that way. But that's how email is supposed to be used - it will be used that way.

Mind Blown.

[tptacek]

Wait, what? No. Leaking plaintext doesn't reveal your long term key. I definitely didn't write that.

[lifeisstillgood]

I finally got that when someone pointed out that the long term key is not used to encrypt the mail content - i made that leap incorrectly and went from there.

I made the change down thread - was too late to edit the original - and i hope clearly pointed out that your article did not say that

It takes me several run ups to understand most security issues and I got all excited before having my coffee that day.

[mkesper]

Messages are encrypted with a session key in openpgp so this doesn't work.

[lifeisstillgood]

How do I negotiate a session key with the email recipient? it's a single transmission? otherwise it's a one time pad perhaps - but then that defeats the point of the public key ?

would you mind expanding on this as it is an interesting area

[blattimwind]

A random key is used to encrypt the email, then that random key is asymmetrically encrypted using the recipient's public RSA key. You do not use your own key to encrypt mails to someone else. Indeed, you can send encrypted emails without even having a key of your own.

[lifeisstillgood]

So I actually re-read and followed links (I mean whats wrong with lazy assumptions anymore)

tptacek's "why email is insecure" post is here: https://news.ycombinator.com/item?id=16088386

And yes thats what he says in the original latacora post.

I read the article '''invariably CC the quoted plaintext of your encrypted message to someone else (we don’t know a PGP email user who hasn’t seen this happen)'''

So I made the (incorrect) leap to pgp using the long term key to encrypt files. My bad.

But this does not fix the original point it seems - email is not going to be "secure" any time soon. But you can send encrypted files over email to people.

[blattimwind]

> So I made the (incorrect) leap to pgp using the long term key to encrypt files. My bad.

It does. Which is why PGP has no forward secrecy and if I steal your key I can decrypt all your past and future mails.

[mikekchar]

> my plaintext and my cipher are available in the wild and my key (my long term key) is effectively broken.

Wait a minute. I may have to read the Latacora article again but if we are dealing with ciphers where having a plaintext attack reveals the key, I think we're in a lot bigger trouble than I ever imagined. To be blunt I don't really believe it and it would take some explanation to convince me it's true.

Edit: OK, I think I see the problem. I believe the quote in the article is discussing the fact that the user happily quotes a message and doesn't re-encrypt it, meaning that you have accidentally leaked the plain text -- not that they key is known. So I think they are arguing that we should write apps so that it is impossible to copy the plaintext.

[bscphil]

Since (as detailed in the reply chain) this is completely incorrect (PGP simply doesn't have this vulnerability), can you edit the comment to that effect? Otherwise this claim is a bit dangerous.