Cryptography Dispatches: Hello World, and OpenPGP Is Broken

Note that the author of this post, Filippo Valsorda, is a professional cryptographer. He works for Google, and used to work for Cloudflare.

So it’s a fair bet to say he’s vastly more knowledgeable about the matter than the overwhelming majority of readers of Privacy Tools IO, or similar sites.

And yet, he says he has never understood how a fundamental piece of the PGP process is supposed to work, and therefore he has never applied it (presumably breaking the security of the whole chain). He also says practically nobody ever applies it. Here (emphasis is mine):

OpenPGP is an encryption and signing protocol from the 90’s. It comes with a pretty idealistic solution to identity management and key distribution called the “web of trust”. How it works is that you and I have a private and a public key, and once we meet and you verify that I am who I say am, you sign my public key, effectively making the statement “I am Alice and I verified that this is indeed Filippo’s key”. The idea is that if enough statements like that are published, they form a web, and two people who did not meet can chain a path through it to securely find each other’s public key, to send each other emails, 0-days, or whatever.

I never got this to work for a number of reasons¹. For example, it was never clear to me whether signing a key meant that I’d verified the person’s identity, or that I then trusted them to verify other people’s identities. In the latter case I would never sign a stranger’s key, and in the former case there is no transitive trust to build chains out of.

(1) In my experience, neither has anyone else. Every use of PGP I’m aware of involves pre-shared keys, or just randomly trusting the first key you download. Notable exception, the Debian developer community built its own web of trust which seems to work.


I heard about this through the grapevine. It made me wonder if I should just stop using PGP altogether, and switch to a different method. Unfortunately, a lot of people are still recommending it for encrypting emails, and for authentication!

Encrypting emails with PGP works if your contact also uses PGP. Do they?
It’s a stupid question, but people find it a hassle to manage PGP keys.

In the cases where I’ve used it, yes. But most often, when I ask people, they’ve never even heard of PGP! Have you run into this?

In my case peeps don’t care that FB and Google is selling their data. I’ve convinced my cousin and sister to use Linux but that’s it. Don’t even think about mentioning PGP to them.

1 Like

You can tell them about my experience of having my personal data posted on a website without my permission (doxing) - would that scare them? :rofl: I’ve taken care of this the best I can, but I can’t exactly get a new body…

1 Like

Freenet also uses the “Web of Trust” model; I don’t know how different they are, exactly. But in Freenet’s case, you solve a series of CAPTCHAs to help verify that you’re not a bot. To quote them:

The Web of Trust plugin (WoT) implements a web of trust, similar to Advogato or other systems, primarily for filtering out spam. This is a network of pseudonymous identities, each of which can trust or distrust other identities. When a new identity is created, it obtains identities through the “seed identities” (an obvious point of failure, but unavoidable just as seednodes are unavoidable, short of personal introductions that might give the game away), and then solves a CAPTCHA challenge from an identity a few hops away from the seed. This gets it onto the Web of Trust with 0 trust, making it visible but only just. It is then necessary to get other identities to trust the new identity, so that it can introduce further identities, and so that it can’t be blocked by one identity distrusting it."

lol who doxxed you

The people from Doxbin. :rofl: