search

keybase / keybase-issues

A single repo for managing publicly recognized issues with the keybase client, installer, and website.
902 stars 37 forks source link

PGP messages created using Keybase leak version information #2502

Open smkent opened 8 years ago

smkent commented 8 years ago

Creating a PGP encrypted messages using Keybase (both the client software and using the web form at http://keybase.io/encrypt) results in a message that includes the software version used to create the message.

For example:

-----BEGIN PGP MESSAGE-----
Version: Keybase OpenPGP v2.0.55
Comment: https://keybase.io/crypto

etc.

or

-----BEGIN PGP MESSAGE-----
Comment: https://keybase.io/download
Version: Keybase Go 1.0.16 (windows)

etc.

This is not a security issue by itself, but it gives potential attackers more information about the software used to create the message. If an attacker has both an encrypted message and knows of vulnerabilities/defects in specific client software versions (or if a flaw is discovered at a later time), it may aid the attacker in recovering the plaintext.

The version string and comments can be disabled in GnuPG with the no-emit-version and no-comments options, respectively.

I understand it is desirable to include the comment pointing to Keybase in order to decrypt messages they receive, but it would be best to omit the specific software version used to create the message.

BrandonIngalls commented 8 years ago

I 100% disagree with you on this issue, having the version information makes issues easier to debug, and hiding that information in no way makes you more secure.

Apache's stance on this issue via their ServerTokens configuration option

Setting ServerTokens to less than minimal is not recommended because it makes it more difficult to debug interoperational problems. Also note that disabling the Server: header does nothing at all to make your server more secure. The idea of "security through obscurity" is a myth and leads to a false sense of safety.

smkent commented 8 years ago

Of course security through obscurity is not real security. Certainly, hiding the software version information from a PGP message doesn't protect against any potential bugs in any particular software version. However, hiding the version number makes it more difficult/expensive for an attacker to exploit potential vulnerabilities, particularly if that attacker is working on a large scale against a large number of encrypted messages.

There is some past discussion on this topic in other packages:

zQueal commented 8 years ago

Both sides to this issue have merit. On one hand I think we can all agree that security through obscurity is nonsensical, but at the same time older versions of GPG may have exploitable security holes which give an attacker a foothold into possibly reversing your key (?) or other malicious things.

I think in the end it comes down to a simple judgement call. Risk vs reward.

For the meantime, though, saltpack can be used as a stand-in replacement for PGP;

BEGIN KEYBASE SALTPACK ENCRYPTED MESSAGE. kfIwgFPlzTTT0Og Kbn6DhSfhzoqesY RjbkM6xFOevSUW6 9xvSgVx6iFtMUU1 9sOTtqXGZXRsf3l XDqz5w7a1Oc8cXi YABaAWMaW0HVdbA 8eZGRVjhEsm53UE jWwGUT2a3fun4xM 62CcxHv0H5xSn2M kim7MxseyVo2Och t88KcfNIN88Pz4X obUBpQuuAnty1aM 9PCipCJL0ncYXIN CZxaiFC7XNDfy2t nie5OHcrcO0MHiO qjPIXfBWJqGJVuc cS8QSS7VlybGwE2 8J58WNwBsEjzknO BvsfnOmKRiahv5q bEvl2Wz1xpthZAc 5h6PrEjzopwJ0if iHjCi5IqD3Qvyyb lHSNjTLPggeI6Ca KCZUJnRuuKYCLnM NM3Oabp9E0ouVve SdY9bWTW6d3k4H0 NhWi3IxXJsOG3mu OepTjuuAmTPUZS9 6COweUION57kY3c zZFU1216R49smVI pY9ocO0r9YktZ5X PisgDGhnropL4hw 417xUKnYNUoTsOM An2NXv0WbnQ. END KEYBASE SALTPACK ENCRYPTED MESSAGE.

Not sure if that suits your fancy vs PGP, but it's a start.

smkent commented 8 years ago

Does Keybase realize any tangible benefit from including the version information? If not, PGP-encrypted messages creating using Keybase could still advertise Keybase without leaking the specific version used to create the message:

-----BEGIN PGP MESSAGE-----
Version: Keybase.io
Comment: https://keybase.io/crypto

or

-----BEGIN PGP MESSAGE-----
Version: Keybase
Comment: https://keybase.io/download

(etc.)

zQueal commented 8 years ago

Does Keybase realize any tangible benefit from including the version information?

Most likely simply debugging. Since Keybase is still in alpha/beta it's usable information to get Keybase to a stable position to where it works in the most situations possible.

But I don't speak for Keybase--and that's just my opinion on the matter.