Browse Source

added slides from my talk

master
Micah Lee 8 years ago
parent
commit
0da0a1bbdb
1 changed files with 686 additions and 0 deletions
  1. 686
    0
      trollwot.pdf

+ 686
- 0
trollwot.pdf View File

@@ -0,0 +1,686 @@
Trolling the Web of Trust

Micah Lee
Staff Technologist
Electronic Frontier Foundation

micah@spock:~$ gpg --fingerprint 99999697
pub 4096R/99999697 2011-06-24

Key fingerprint = 5C17 6163 61BD 9F92 422A C08B B4D2 5A1E 9999 9697
uid Micah Lee <micahflee@riseup.net>
uid Micah Lee <micah@eff.org>
uid Micah Lee <micahflee@gmail.com>
uid Micah Lee <micah@pressfreedomfoundation.org>
sub 4096R/E8839F99 2011-06-24

Twitter: @micahflee

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Terminology

● OpenPGP: open standard for email encryption
that various pieces of software implement

● PGP: proprietary software that implements the
OpenPGP standard

● GnuPG (GPG): free software (and much more
popular) that implements the OpenPGP standard

● OpenPGP key, PGP key, GPG key: used
interchangably to describe an OpenPGP keypair,
or just a public key

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
A brief introduction to OpenPGP

● Each OpenPGP user needs their own key pair,
split into public and secret keys

● Use someone's public key to:

– Encrypt a message to them
– Verify a signature that their secret key

generated

● Use your secret key to:

– Decrypt messages that were encrypted with your
public key

– Digitally sign messages and keys

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
A brief introduction to key
servers and the Web of Trust

KEY SERVER

Alice Alice Bob Charlie

Alice and Bob have signed keys
Bob and Charlie have signed keys

Charlie needs to talk to Alice, but two keys are
called 'Alice'! Which key is correct?

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
The Web of Trust is
Crawling With Lies

Here, let me show you...

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
The Web of Trust is
Crawling With Lies

Some of the things that you can't trust:
● Name and email address part of the key

(e.g.: Micah Lee <micahflee@riseup.net>)
● Signatures on a key (if you haven't manually

confirmed the signer's fingerprint)

– If one email address has two keys, and one key
is signed by 50 people, the other by 5, which is
more trustworthy?

● Timestamps

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
What can you trust?

If:

● You have manually verified someone's
fingerprint

– In person, over the phone if you recognize their
voice, or through a very trusted 3rd party that
you are verified with

● And you're pretty sure you did it right

Then:

● That public key belongs to the person you
think it belongs to

● Other keys they have signed probably were
actually signed by them

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
What can you trust?

However:
● You can't be certain their key hasn't

been compromised

● You can't trust other signatures on their

key

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Some Code to Play With

https://github.com/
micahflee/trollwot

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Bringing Art to Key Servers
(please paint responsibly)

   ██    ▓███▒  ░███▒ █████  █████           ██            █   
   ██   █▓  ░█ ░█▒ ░█   █      █             ██            █   
  ▒██▒  █      █▒       █      █            ▒██▒   █▒██▒ █████ 
  ▓▒▒▓  █▓░    █        █      █            ▓▒▒▓   ██  █   █   
  █░░█   ▓██▓  █        █      █            █░░█   █       █   
  █  █      ▓█ █        █      █            █  █   █       █   
 ▒████▒      █ █▒       █      █           ▒████▒  █       █   
 ▓▒  ▒▓ █░  ▓█ ░█▒ ░▓   █      █           ▓▒  ▒▓  █       █░  
 █░  ░█ ▒████░  ▒███▒ █████  █████         █░  ░█  █       ▒██ 

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Introducing ascii_sign

https://github.com/micahflee/trollwot/
Usage:

./ascii_sign [ASCII_ART_FILENAME]
[KEYID]

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
ASCII Signing

Inspired by ASCII Goatse

I thought better of including it in these
slides. But if you'd really like to see it,

I made a convenient short URL:

http://bit.ly/ascii-goatse

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Fake Signatures

● As you already saw, "Barack Obama" signed my
key...

● I could make the entire Obama administration
sign "Barack Obama"'s key

● Would "Osama bin Laden" sign NSA Director
"Keith Alexander"'s key?

● And would "Keith Alexander" sign "bin
Laden"'s key back?

● Nothing is stopping you from signing the
goatse key

● Nothing is stopping "Barack Obama" from
signing the goatse key

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
NOTHING STOPS ANYONE FROM
MAKING ANY KEY AND USING
IT TO SIGN ANY OTHER KEY,
AND UPLOADING EVERYTHING

TO THE WEB OF TRUST

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Introducing fake_sign

https://github.com/micahflee/trollwot/
Usage:

./fake_sign [NAME] [EMAIL] [KEYID]

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
What else can go inside of keys?

Any arbitrary text, so...
● Wikileaks cables and other leaked documents
● Credit card numbers, passwords, other personal

information (but don't do this, it's mean)
● DRM secret keys
● ANY OTHER INFORMATION THAT WANTS TO BE FREE

If any of this ends up on a key server,
it gets synced to all the other key servers.

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Timestamps Can't be Trusted

You can set back your computer's time
before generating a key or signature

Or you can...

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Edward Snowden's public key

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Verax (Informed Democracy Front)

micah@spock:~/projects/trollwot/trollwot$ gpg --homedir homedir_verax --list-keys
--fingerprint
homedir_verax/pubring.gpg
-------------------------
pub 4096R/71A3AA96 2013-05-20

Key fingerprint = 2B5D D0BF F454 8592 1FAF 22FB 4569 3580 71A3 AA96
uid Verax (Informed Democracy Front)
sub 4096R/9E06D59D 2013-05-20

pub 4096R/0E8CD2B6 2013-05-20
Key fingerprint = F606 1774 A693 72A1 8AD0 1CD7 0C4D AF57 0E8C D2B6

uid Verax (Informed Democracy Front)
sub 4096R/DCF43355 2013-05-20

pub 4096R/79B82638 2013-05-20
Key fingerprint = 4ECC 0702 A2E9 5FA6 2074 C7BE 574F C888 79B8 2638

uid Verax (Informed Democracy Front)
sub 4096R/B124BA64 2013-05-20

pub 4096R/E87C2665 2013-05-20 [expires: 2013-08-18]
Key fingerprint = 7F99 43F6 5CC9 BAD1 92A9 8DF8 96E6 0F93 E87C 2665

uid Verax (Informed Democracy Front)

Tsruob lli40n9g6R/tEh0e2DEW9eEBb 2o01f3-T05r-u2s0t[exp|ires0:x520C1137-0681-6183]61BD9F92422AC08BB4D25A1E99999697
Verax (Informed Democracy Front)

pub 4096R/C920FAA6 2013-05-20
Key fingerprint = AC5E 06C5 17D0 A8C1 75D3 17F5 53B9 0192 C920 FAA6

uid Verax (Informed Democracy Front)
sub 4096R/F48E7DE5 2013-05-20

pub 4096R/2BE0BC29 2013-05-20
Key fingerprint = 5091 7466 B18F 35B3 F644 F700 1D0D 97F2 2BE0 BC29

uid Verax (Informed Democracy Front)
sub 4096R/79DEBE35 2013-05-20

pub 4096R/9DCA85F7 2013-05-19
Key fingerprint = BDE4 AA86 8507 1371 7793 11A8 105D A7AB 9DCA 85F7

uid Verax (Informed Democracy Front)
sub 4096R/4FEB7EDC 2013-05-19

pub 4096R/BE452B27 2013-05-13
Key fingerprint = 134D 970C 5872 5AA6 8F2A BD75 D18D FE89 BE45 2B27

uid Verax (Informed Democracy Front)

Tsruoblli4n0g96tR/hAe22WFe0Cb5Dof20T13r-u0s5t-13 | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
-----BEGIN PGP PRIVATE KEY BLOCK----- r/9u871daglAZSE9bsI/Ftk0JlBp6X7My6ypnkrl+AFg2i6OGjozgGwNpfVbOPtx

Here's the Verax (Informed Democracy Front) Version: GnuPG v1.4.13 (GNU/Linux) q2m0lRN44c/rCwUO7OOifHWQPlhLVfHjnQcYBFGRXlUBEADUKdY2RZK+jeTM/m9i
key that's from one week before all the others
AtEvgftQEyj2AmilK47fKrhi7ns5va+1iqq1uxMYciCcS0eqj1gIR00mA9TYyDjS
TIMESTAMPS CAN'T BE TRUSTED
lQcYBFGRXlUBEADJqo7F0vibWC8WbHyeH3K0q8wDhmPq1DiB4Bp8+tUox9LAeURe +bpnEulyq9ccM2abFB1zP8o3lh4goa+7QarDR96ik/yKgF92qsoZJKuzY6SSkj6g

im54igzSqjR1zYIyl46Z3LdyZ5bXflkC8qJMlW6Cqv864NTjPlgauDdFPQa2H9x1 JYqiOofJ2owxCPiwQVAOdOJseqRElf2Ag9MIih77Zs9uv1uLTbuDWTDpZ2bI60y+

G2FeHGejdp7Bt728xcyOvLI8Qukn8sBfT6L5FKNyHCkvSW8cH+7tFRqxuWbYK1tY qXhcwtQi7X561BKMd1CO5SX7sX9Jhf4M0sGY+BZdtEaO0CjZtWPwJUnNqJnSgvZ2

MbZDouj7zVJM+WBd+SUUEPsNDUrbaUnYhbkG/vYJmsK51+guAW14KU1nYjE03Pvv SUDbP4QbeZXHvVTc+gv3A7M4QU/7TCnQikz5o+NOYePe9YxK/xcDhzBkyitttroQ

c10gwdd7nuv5QAeVtrHsstzQNTyLpXsTazylm9J1JHDoB4vZ2zIsC051es27pGdY BVnwgV+22WoebDA/Qfswje5047KG2TqnHU5Ml1uvtmrFCxJR4bYZwP418fDVMWQR

o7oWamMPUxPkiDJ4MEJG77BGJK9TC+vUX67sqwqmkF5lNr/EcPaPzaE/bZIoWXsx qsvi4/fzHjKPqgNKQmwcOmRD7K2wUduw0ZD2Ma/YYNt0DQ81kqvUTF4g/Za4/vAf

pnMDygFa2u2UPanyvnIVKLabCdgzKxGCzLxHfM75aGyYWvhXo3ySPUwgdCdzigTj LGb6ub8Um3VU5IH/raqixPRwNZUgPYJo+ioyHWjX4wTF4g8EC0w0yNBRZYDoD+8a
I8vC8AO7wuJFmueX8ozuXSV2w+CyA9/qKDsTZ7RxIh+Oj6yoNfSm5+A6znjWuakx pPBkUwXnAmuN/Ay4INnFBeA2Kp/zbqJffKj/NT4qSGRnnmxVCZQUn0aLtMMi27w3
ptyl9o//3FRd9H4G/3D/6dRvsO/T4HYwPilinXjZ/mbgB4i73uwYgoVZbI6VQh7V kFttj8IGerct72QByESR0harkGgswSAdj4GoZa1cvSev8lp1a7bKoEktNpC9y9oL
fhy5IrADnyDDzY/ESU2xcluJV93Yo5ek1XKXTop83bQjXMvt79XdEiZUZ3DWGvtL a/70v3HzQK9hFWz5ZbKAMWI66wARAQABAA/+JUwJhVbruiX1n/fmmsNGBOUDygrk
wJ7zw85qbY5Mdmu7awCh7RYbf1EkoFBiLalGjasavXHgDm3hJCIEszS4MwARAQAB O4Mm5Epo/mBjM7ka3oazGeX7pqDxdW2yv+cX/Srf3eyy6kjoJQflvWj7VN1lPqxo
AA//SdLU9xgXCA8NFcFbEStj+z2Uromo1BMiKHEYYT4VgBs+TFVYMN+uNxQaQ5gp z2NV2VNK7hS7ttPkDfZ+jxu3Kkc7IzeCwNJadeEGUC87I/kTWFTvP3X6DhTeBCUw
IiK8Ebcnba29vfSr5HENNqYJwc1GKjFcw3oAlLuC1y0ulnsTlOIu+vOt/hyZ194Z WfpqxYllynTPzSQuNoRroSkLc0fctHNZae2n6TBME4YdbBqqXg3HWwktyJjTdCRu
mcKgg5VJH8t119eKsKQNxhZKC7KBbsleTkAsm3gZJ9L89ahwPJwKkUuJdFMTxPHR BKe9bwYWmlg8Oif06Xbtt1FhiUOrouNrN/XuCH+zxua3N7k4+WHec+LizOg4kB/q
ufnkTCJjb2gT7yA5kf6GGOxC4ou9F6D+vbeK+CRvpXhBLKJmbvqig3KQ2ef78PYp rcdh4MrwSYdT/UK2DcZQ34FAkO43qnLY/TwLYq+/WvZsEnvb8Jib0u8t5SDQYSaf
XhIRdL3vfj2v1cxXQKuwVViBWAKl1VokttvkVzkFsdflvd3ZqGIzruAoxAHoB3kb izWqYBD1EvsxPTj65oTKgakzmdC20TlIVcFAWsoA2WtNpdlvYf1LELKPaJGCqVUY
JCKzjwnjiUI/Hj5ZrCYGC7WHO9eQoSqtHZbU9e/6KNQ3r8pERtzDqMK2kcs4a2f0 bCYgreFUbg+cF5kWPbiGX+06TB7T2Fim0veZW8l90zBJZyot46kshOJpQc0jb6HK
XthenYRPxLnH5blzupTdeuIBehXqgn2cF8TQ26ia7qBwbmEpnTErAWCcUPUtm6kQ 8eBqc6Z57daXrld85ykF0dziZCW5N4Vk8T2nKOE5lJeZHjoBMrK0A7S+HHASI46L
gzaa62S+2AVbn19d5FvDUu0e/gZQBbabNr1CtP5OtN2JCeZV3aEhc6uPxfq4cjFY zleuVxqfLP4UBhBly/r9TUYME2avB/yqptXd85hF05fp8OCxWjlJAF+WNYaE6P0v
mHivbaIBjCbPOWyw/Gfon9pbBX6GO8UDU0Q01bgbR8uVG/gPy1nqrTheh9evlRaF x6q45wXYQyZaSUMYS9FDA4X0djb/8R5oXzvXi8516nDoj13OU9CcYY33FANSxMkI
mNn3wrSRM6oS0EGLQpMD47UL1dOkVDBUpgp3UfuerVYxj1fuNMZ+mYfYfPURbLYK bg+cGt/mSqtMW6EIAOKgDhLnMOYLHQLgat6FZ3HiiO0c6UXcUy9+wX0mdy9n1vZa
iip1ScokoqIBjVCYS3FXj8UFeUxeybhR6iVESI6vq6Zrh1kIANlcOR6qbZE73jHf dsWUqFnOF9EKjKvAPFb+YU/Cj443E3B6IaOvegk+UIdGDfX4BDkX43GQ/bt8/am5
bQ9RWFF/cQ0EMlcyTW4U5BSMPnFLVQAAAAXymV7w36F26YnGAlxi1VxVcDF/iBga G6qaDyoBv4tC+uFAZ/+ElT1VTsBVzwnaOMJR5mY8cy8jWr/qIXBXkF1eEz41QvDQ
USGCiAaObPtUzkvKJ/WHt08jcrBbwJHsGdfrTny2R5JYupMrQRvBbWIhAaISL8Xj LY1ZcEg8maUmJHm+SnafTBxsF2ckSvDtMUyWpxIxrA9+GQi/PNhBaE+IqnFN25dN
QGhaDVWywTQDmKcrEnm9Em/LHW4hQhW9TVfv8VzabsZywYbKUYlGJCpIg6oHTsU7 dOyx4nArWuxWGejUOvmm23Vkcc9IquWQN/ZQlREODN9yq6QcevAy1ngOkXQwAAAA
Hd5GOB5OdURmPqXdE8fQ/iCq1xlDlBUPE0/pGHLLWaJJIoIKaB014xnB4VkZRvS6 AMA8sDHQ4loXPWYMcxr8mlNAOut0m3lKKFzsazsIAO+p6AlbW3Fx6S1qAtoL1ERT
Q97GzzOYzagV/DtNHJha+3SzjhZ4HT3vLscf3zUb6SNN0P4jMl/HCkiUpjY8mxyS Ja5o7MyvTUfDSitHIBI8jjLZQsPLHngAAAAAU9TCCCqOXDG5JOpW0vvvSBHqEXps
7ylw2f7EZn3TxRsJ8WMvQ0pCaQlMoCJwx/dCy02GbUFYRx9+2GdnZ9YyZgsiPWP+

U6Hcx00IAO2EHwWrjllU2tnQZClHsmscKzlxsvT8b51izj/C7mRC+vluF2Gm5Dvx pa4/LAgSOVYtlSVtT5dJiGODKj9b/ydHW2sO24gxEysor3WOHrY5IqlDT7laiDhR

9vEZGiW7L4DxZEtGoycxP4c3R/SE0HFamTIugylHAFgy6hPmTWoJuSPuUrLsO3mB 6tQxIol7NAwvS0F7eDFj261lC98qOwqMYkNdR52Pe7gpAAAKNgl5UI7zKvtzQloT

z75p4zUiJDZPBFHJ2Cl2CcAyfQAAAAAELVQPNRbVZwc//kZxsXMU4KQuPOEYzyua gqkbwFXrbcbByEdU2vA6Pi5TVS2Y+y1f/C0ePNQBFVqgDWe1KcNDqSOZXuIDlBEH

+CUA/c9nLZMNzBs3W/Q/v77Mb40HOzOZAdl7sLW+Cags9mIZ8z1H91jmOuezLSoN /27tA7RnmzhHPBNcXQn2q6hu+ae5ht0CMnRwp/0JrqIg40MYgLaTcee3mv900kdA

eA45UfIYaWrddCplqvhMOECDciMBY30XlzRGuQ9CXAY3hSFN5jgXguhrUg/3tx5N 5RkYxn7yGvLN6zf4yrhcXMRf999Sod+LKMvFocI7FET/lRim9mhnjqcyS+zr48uz

Y+8chxXAYUQNjQZUou1j+MYzdiSyvX8IAISxpQ+WwU4rzleyFmZP4wYXuz/3Fg3r 6sp3F9amQVLYN6KGGyFDehv5j8+xgw1oLaOTJ18DNHDV+u1+FOcZK2+ToktjFgUr

WK7H9aKrUjBFsuK4NRhVtJ4STN7n6ejrIKYYpUPpJPWbmpPU7SHMmpNemdBcroZ+ gVImIF6Aic/nz8HX6OEG6u+XxL4Y0mnkn9EanBnzH1nW7P/wLXGE6lPBlxn4aZqO

UMT0sqbXp+lLVbkX3v6WgGcxA9TVbhI4Yxf8C4pJmTBE1kda2M+3LMxqM0ICcvt5 fCuRARdF8EWpP/n51YRQapvlZyzIJBkSInS5UnhxPeIhIUYHgyIbRoYwzHpIwWS2

hhy/zUmmkS0o7rxjL2Z17qfp7ii65psKMiODcL4ZZeS6CITs3HUp4h4zFX7386Wx zokXaBpyqS/fSlHh+nclDjdpiokCHwQYAQIACQUCUZFeVQIbDAAKCRDRjf6JvkUr

6F7t2uww+DJ4+Z4Tz4tzhRicHDQmW+/DZmU0+YJdeHqDD3jsH5cD+vix9kTaKmad J0svD/92D32R77PC1bNSTxbHAV3zKrhh7kXC78M7LZRn0kgNR8f9i4cTjgZolTmo

N98zCoujHqpD0g7h7yaSU210rbRv/fPfKi4oNB71TJr0UsVtsra9icVmJbQgVmVy GFVNTnPpVfnutJiPFFqk8BR1Tk+/U5Xz4HMlJp+G83ZoOL8suBgN/mwQ13swFO2k

YXggKEluZm9ybWVkIERlbW9jcmFjeSBGcm9udCmJAjgEEwECACIFAlGRXlUCGwMG 07Bn7MHAjQ934ZV+O653ZvKXR2OtMmAITV+J8BxFwZ+2yGOtQUMyJn1SOQrG7COP

CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJENGN/om+RSsnepMP/3pevPjmQli+ mw9YG0q9PuPN81HLmB6HkbsGmjADZFNrIuH47U8NJX3kpKqd65sBBIPmBJ1Oq1O5

LAj7nltq6te0xjOP56WvGawEeOaloOLwDDPy8U35rJJMnjausKf7fwlGpzE21oKH XHoF3AwTJke4zpE60VQUvyKox/v3fZjg+wQrj7/cb0445G3edUVv8tOtqBc5v/qS

SYTSaHWflpseK7SCMMnNOF6jyQMdcWFeIplulJrIdgnx4Ch7Ag79XJTsoE3JeJBI Y0RUri//agjwZenj5KDBIuV5YKG7pvlO89WgZKRvkKLWcsG1gwIVaBf3VLWtTppY

XnxRPtsaAdiSW1JCCtV1RggD+8J1y+gar35YlezbYNnzqsB7lwVDCSISwLyBILv+ LpJL1Rp9Zzeme3Z0NqaZLB6g85YyyIpvFrs29/FOE9lU368q+lSqFeL8jNdnShhS

DDK32Mb7fzxRV4DeTU/TXxAHp4sKQENtK0UlZMx1cSvjSHfz6KAlKK8a8qgtdvN1 z3a0+mrsP3ySXswPNDRn241KTlTFRAbqSQ7hJbQ+ttDwzRdxV/FdHTemFh7V+RKQ

B8thuD5vPlTe52ilko0t19Umot7tseB02/R0aXMTcFHzMMSyINb5S89xph2vjT5d wpVGUJQhLtOSajUl+mjIIIv4gVtxSDiEoC/D5//j1/y/plZ87K8nDmojZRJ+cuDY

vpfyLHXIeCTXGgQ4nhtzH3ma/bWZZMheX46WKluSSPDsO6HaRqG9OHLE9Cu3j/AO 1NRT+azu030OvYMcGtjndkonJqoM5yO/1Of5n+eBniG56jmLEg2Gvea3F41zKtNc

LyY8BtB9aSe8EaGnl4SX3gHU2J9nR47frPs/SDe0dprZEhVyFQ==
dekTN6BF3wxPBjX8pt4xhqlW1LjBd+qRMJkHud1dmW1qS8QYaX+zbdts6Jr3KeOR
Trolling the
Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E9999969787XkGwk8Q9gCyFYS0EY7oduwjIm36Z4cjCinjTQNyAZE9c4FNovBBdRDYNqLZTdy
kLSBKpFgU7zYxbj0PToySakgwv2toU2dAlz3g+5DRooTMOVruvNF2pgE7z83bR7P =i+iY
-----END PGP PRIVATE KEY BLOCK-----
Mere days after making first
contact with the Vulcans, Zefram
Cochrane generated a new PGP key

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Faking Key IDs

My fingerprint is:
0x5C17616361BD9F92422AC08BB4D25A1E99999697

(20 bytes)

My key ID:
0x99999697 (4 bytes)

People often use short key IDs to uniquely
identify keys. This is a bad idea.

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Key IDs Can't Be Trusted

● My public key has these user IDs and this key ID:
Micah Lee <micahflee@riseup.net>
Micah Lee <micah@eff.org>
Micah Lee < micahflee@gmail.com>
Micah Lee <micah@pressfreedomfoundation.org>
0x99999697, 2011-06-24

● User IDs and timestamps can be faked
● If someone can fake my key ID as well, they can

make an imposter key that has all the above
information
● Let me should you how fake key IDs

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
What is an OpenPGP fingerprint?

fingerprint = hash(public_key)

Hash functions takes data and returns
output that is indistinguishable from

random.
PGP fingerprints are 20 bytes long of
(indistinguishable from random) data.
What are the chances two keys share the

same last 4 bytes?

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Collisions are unintiutively common.
If there are 30 people in a room, there's 70% chance

of a birthday collision.

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Birthday Attack

● Key IDs are 4 bytes == 32 bits, so the
keyspace is 2^32.

● What happens if we generate 3 billion
keys?

If you have 3 billion random fingerprints

there's a 50% chance of finding a specific

key ID collision

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
So how can we generate keys
really really quickly?

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Oh, and by the way:

Both ascii_sign and fake_sign use this
horrible, maimed, insecure version of

GnuPG to generate keys

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Is there a quicker way?

micah@spock:~$ gpg --fingerprint micahflee
pub 4096R/99999697 2011-06-24

Key fingerprint = 5C17 6163 61BD 9F92 422A C08B B4D2 5A1E 9999 9697

public_key = timestamp +
public_vars

fingerprint = hash(public_key)
fingerprint = hash(timestamp +

public_vars)

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Introducing bruteforce_keyid

https://github.com/micahflee/trollwot/
Usage:

./brute_force_keyid [KEYID] [USERID]
(Only this implementation is really
slow. Patches welcome!)

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Client-Side Exploits?

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Downloading the Web of Trust

● I tried recursively downloading keys, starting
with my own (see download_strong_set)

● Turns out this is really slow
● But some key servers provide weekly static dumps

of all the keys:

– ftp://ftp.prato.linux.it/pub/keyring/
– http://keys.niif.hu/keydump/
– http://keyserver.borgnet.us/dump/

But what can you do with a copy of the web of trust?

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Mirror World Web of Trust

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Mirror World Web of Trust

With all of the public keys you can:
● Generate your own mirror copy of all these

keys, with the same user IDs
● They can even have the same 4-byte key IDs
● Make them randomly sign each other
● Make them randomly sign real keys too!

Design as many intricate mirror trust
universes as you wish, and make them
collide with normal spacetime in the key
servers

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Denial of Service

● What happens if you append 8GB of
signatures to a public key?

– How will key servers handle it?
– Will Enigmail crash?

● What happens if you create a key and add
terabytes of user IDs?

– Will it cause the key servers to run out of
disk space?

– Will all key servers run out of disk space
when they try syncing this key?

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Botnet Command & Control

● Bots can be hard-coded with a public key
(botnet_key)

● Bots can refresh botnet_key from key
servers to receive new commands

● Commands are sigs on botnet_key. As long
as the key that generated the sig is
signed by botnet_key, it trusts the
command

● There can be a command to switch
botnet_key to a different public key

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
+=

hkp://2eghzlv2wwcq7u7y.onion

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Hacking on OpenPGP

python-gnupg
● A python module that lets you easily script

stuff with GnuPG
● Useful for key generation, signing, verify,

encrypting, decrypting, etc.
● Official:

https://code.google.com/p/python-gnupg/
● Isis's version:

https://github.com/isislovecruft/python-
gnupg

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Hacking on OpenPGP

python-pgpdump
● Takes any sort of OpenPGP data as input

(public keys, secret keys, signatures,
encryption blocks of data)
● Separates it into packets to inspect,
grab data from

● https://github.com/toofishes/python-pgpdump

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Hacking on OpenPGP

gnupg
● Hacking on GnuPG itself is not as

daunting as it sounds
● You don't need to be a cryptographer,

just bit of a C programmer
● Grep is your friend
● http://git.gnupg.org/

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Fear not, OpenPGP isn't broken

● KEY SERVERS AND THE WEB OF TRUST ARE NOT
NECESSARY FOR OPENPGP TO BE USEFUL

● Encryption, decryption, signing,
verifying all work great

● Key servers provide convenience in

exchanging keys, but we cannot trust
what's in them without knowing exactly
what we're doing

● Many of OpenPGP users refuse to use the
web of trust anyway

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Be Excellent to Each Other

● Don't be a jerk! No one likes jerks.
● People rely on OpenPGP for life and death

situations
● Some of whom may not realize that the web

of trust is about as informative as
YouTube comments
● Most users won't become OpenPGP experts,
nor should they

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
The Cypherpunk Future

● It's not going to be using OpenPGP
● It's going to be easy to use
● It's going to be turned on by default
● Key management won't be quite as

ridiculously cumbersome (I hope)
● Associations will be private
● It will probably be in a web browser
● It probably doesn't exist yet

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Code for
Trolling the Web of Trust

https://github.com/micahflee/trollwot
Pull requests welcome :)

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697
Thanks!
Feel free to sign my key

Micah Lee
Staff Technologist
Electronic Frontier Foundation

micah@spock:~$ gpg --fingerprint 99999697
pub 4096R/99999697 2011-06-24

Key fingerprint = 5C17 6163 61BD 9F92 422A C08B B4D2 5A1E 9999 9697
uid Micah Lee <micahflee@riseup.net>
uid Micah Lee <micah@eff.org>
uid Micah Lee <micahflee@gmail.com>
uid Micah Lee <micah@pressfreedomfoundation.org>
sub 4096R/E8839F99 2011-06-24

Twitter: @micahflee

Trolling the Web of Trust | 0x5C17616361BD9F92422AC08BB4D25A1E99999697

Loading…
Cancel
Save