
Pretty Curved Privacy - e12e
https://github.com/TLINDEN/pcp
======
xorcist
If you need a "real" PGP, GnuPG 2.1 has had experimental support for
Curve25519 since 2014. In the most recent version the experimental warning
label was gone, so it should be pretty stable by now. Many keyservers still
barf on the keys though.

~~~
mstef
the problem is not that "pgp doesn't use 25519" the problem is the openpgp
format as per rfc4880 and the whole thing being from the naive nineties, not
suited for advanced adversaries we have since then.

------
tptacek
This package, by Watson Ladd, is the same idea implemented by an expert:

[https://github.com/wbl/cpgb](https://github.com/wbl/cpgb)

~~~
sigcode
The use of the word "expert" here gives me pause.

I thought one of the motivations behind this library was that you did not need
to be an "expert" to use it.

~~~
buu700
While NaCl/Sodium does simplify the crypto aspect in particular, it's
dangerous to assume that it entirely solves the broader problem of writing
secure code. Implementing anything securely is hard enough before involving
crypto that the level of expertise required doesn't change all that much.
(Most catastrophic vulnerabilities in security software aren't directly in the
cryptographic implementations.)

Even using NaCl, one needs to understand enough of what's happening under the
hood to properly reason about the security of the whole system they've built.

~~~
sigcode
Agreed. Now kindly point to the mistakes the author has made so others can
learn from them.

~~~
tptacek
Am I allowed to be concerned that this is C code that opens up random files to
be decrypted, slurps a 32 bit integer directly out of the file, passes that
value to malloc, and then just a few lines later loops memcpy'ing into that
buffer?

[https://github.com/TLINDEN/pcp/blob/master/libpcp/crypto.c#L...](https://github.com/TLINDEN/pcp/blob/master/libpcp/crypto.c#L204)

That's, like, 5 minutes worth of looking, most of it spent working out how to
get from main() to the part of the code that actually starts taking attacker-
controlled inputs; we're about 10 lines into the code that handles those
inputs. Is that a real vulnerability? Hell if I know, but I'm scared of this
code.

Which is not to say I don't like it. There's a small utility function in there
I'm stealing! The author is clearly smart and I hope this was an interesting
project for them. But I don't recommend using this for real --- and I think
neither does the author.

~~~
sigcode
You are allowed to be concerned. I probably read too much into your comment.
But I think you all understand my point. I was concerned that some mortals
might be scared off from experimenting with NaCl. "Experts only."

Some years ago, there was another fellow who wrote a set of NaCl utilities
that were very simple, UNIX filters. While I was "scared of the code" because
he's not a renown cryptographer (does he need to be?), I was thankful for a
simple, working example. There really weren't any publicly available at the
time.

I really appreciate when people share these self-learning projects.

------
e12e
I was sure I'd came across this on HN, but apparently I found it when I
wondered if anyone had taken a crack at taking NaCl and made a PGP work-alike
using the primitives NaCl provides. And here it is. Anyone have any experience
with it? Done a cursory review?

At this point I'm a fan of the idea (a set of protocols to mirror some of the
good parts of PGP, married with the good parts of NaCl. At least in ...
theory...).

~~~
lazard
I built flycrypt as a highly simplified PGP based on NaCl. I've used it to
send credit card numbers and passwords over email.

[https://github.com/davidlazar/flycrypt](https://github.com/davidlazar/flycrypt)

------
X86BSD
My question is: People don't even use PGP and it's been around for over 20
years. What makes this more adoptable, if it all? The problem with most
encryption is, it's not transparent to the end user. The second users have to
start goofing around with key generation, uploading keys, etc you lost. I get
that using Curve25519 is "better" but none of this still solves the
fundamental problem of end user adoption.

~~~
rakoo
From the README:

> In fact, I wrote it just to learn about the curve and see how it works.

I don't think the author seriously considers replacing PGP with this.

------
mstef
back in the days i consulted with tom on pcp a bit. Why, because i took it a
bit further with: [https://github.com/stef/pbp](https://github.com/stef/pbp)
\- there's even an axolotl implementation available - but not integrated yet:
[https://github.com/stef/saxolotl](https://github.com/stef/saxolotl)

~~~
mstef
i also gave a talk on pbp:
[https://www.youtube.com/watch?v=Kl_gLMef1mI](https://www.youtube.com/watch?v=Kl_gLMef1mI)

------
AtticHacker
> Please note the big difference to GPG though: both Alicia AND Bobby have to
> enter the passphrase for their secret key! That's the way CURVE25519 works:
> you encrypt a message using your secret key and the recipients public key
> and the recipient does the opposite, he uses his secret key and your public
> key to actually decrypt the message.

Forgive my ignorance, but I assume that this is to ensure that the message is
from Alicia. How is this different from signing + encrypting a message in PGP?

------
bascule
Despite all the claims in the README, Curve25519 has in fact been standardized
(at least informationally) by the IRTF CFRG in RFC 7748:
[https://tools.ietf.org/html/rfc7748](https://tools.ietf.org/html/rfc7748)

------
smcl
That example in the README.md of Alicia and Bob generating a keypair,
importing each others public keys, then encrypting/descripting a simple note
is really well laid out.

------
Sir_Cmpwn
Are these algorithms resistant to quantum attacks?

~~~
mstef
not the curve25519 based ones, the symmetric salsa based ones should be.

~~~
Sir_Cmpwn
Cool. I suspect that's going to start being a problem in the next decade or
two, assuming that government entities haven't already made sophisticated
quantum computers in secret.

------
jaredwindover
Read Pretty Curved Piracy multiple times. I'm kind of disappointed. I... don't
know what I expected.

------
curried_haskell
What are Alice and Bob talking about, anyway, that's so damned important?

------
0xmohit
Could somebody please change the URL to
[https://github.com/TLINDEN/pcp](https://github.com/TLINDEN/pcp) instead?

~~~
e12e
Yes please, a typo must've snuck in when I pasted into the url-field.

~~~
0xmohit
@dang may be able to help.

