[ARTICLE] How difficult is PGP encryption to break?

Was thinking about things today, as I sometimes do, and was thinking about PGP encryption, the known and loved standard of the DarkNet and beyond for years. I was wondering why it stands for 'Pretty Good Privacy' and how easy it is to actually crack. I always assumed that it provides some 'pretty good' encryption but if GCHQ/NSA/XYZ really wanted to read it they could, it's just not worth their time to try and crack all these messages.

Turns out that is sort of the case but it arguably provides more than just 'pretty good' privacy. In fact it would take $100 trillion worth of computing power and 53,951,415,354 thousand years to brute force decrypt a single PGP message.

Here's the article/blog if you're interested. I think we should give PGP some more props for keeping our info safe!


Comments


[24 Points] scoobydrool:

it takes 5 mins and a wrench to brute force a PGP message

https://xkcd.com/538/


[3 Points] pauz43:

From what I've read, the only guaranteed way to crack a PGP message is by leaning HARD on the sender or recipient and forcing them to spit out their private key. That, of course, will only decrypt their half of the communication, but it still gives LE something to work with.

In summary, what you've written and sent while using PGP has to be A+ important to LE for them to put that much effort into decoding it. Individual buyers are in a lot more danger from floppy lips than by having their PGP cracked. Even big-time vendors can rest easy as far as PGP is concerned.

If someone else knows anything different, speak up!


[1 Points] idontakeacid:

Symmetric and assymetric keys encryption, elliptic curve, public key, between others are strong enough to be trusted.

As you said we don't have such computing power to break all of that techniques.

Thanks to Mathematics :)


[1 Points] obtusifolia:

Intelligence agencies can't break crypto, instead they use side channel attacks and coerce companies into placing backdoors in their hardware / software.

For example if you look at the Stuxnet malware which is attributed to NSA there were several zero days used in that piece of software alone.

I don't think it would be outside the realm of possibility for NSA to have backdoors in almost every piece of technology you own.

For example almost every piece of technology uses an Intel processor and almost every Intel processor has proprietary firmware called the Management Engine (ME).

Critics like the Electronic Frontier Foundation (EFF) and security expert Damien Zammit accuse the ME of being a backdoor and a privacy concern.[13][4] Zammit stresses that the ME has full access to memory (without the parent CPU having any knowledge); has full access to the TCP/IP stack and can send and receive network packets independent of the operating system, thus bypassing its firewall.[14]

I would not be surprised if NSA coerced Apple, Google, Microsoft, Facebook, etc into incorporating backdoors.

Anyway point is if your hardware or OS is compromised using PGP means nothing.


[1 Points] mymuse100:

Police and gov dont break PGP/signal/Wickr encryption.

The only people who may need to worry are those who might be the target of a total-device takeover, an exploit largely limited to nation-state actors. At that point, you’ve got far bigger concerns than end-to-end encrypted chat. That Signal and WhatsApp are still viable also doesn't lessen the broader implications of the CIA's secrets being in the wild.

Of course, the CIA can compromise the devices sending or receiving those messages. By taking control of a so-called end point, spies can access everything on a smartphone, be it texts, videos, the camera, or the microphone. "It isn't about ‘defeating encryption,’ despite the hype,” says Nicholas Weaver, a computer security researcher at the International Computer Science Institute. “If you compromise a target's phone, you don't care about encryption anymore.”

That makes saying the CIA can “bypass” encryption apps like WhatsApp akin to saying Jimmy Stewart could have bypassed his neighbor’s blinds in Rear Window by breaking into the guy’s house and hiding in his closet. Sure, that's one way to do it. But it doesn't make the blinds any less effective.


[0 Points] None:

[deleted]