Locking pgp key/stopping pgp
Categories
(Thunderbird :: Security, enhancement)
Tracking
(Not tracked)
People
(Reporter: o.sykora, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0 Waterfox/56.3
Steps to reproduce:
Openpgp is set up and works. Master password ist set and is entered when Thunderbird is opened.
Actual results:
From that point, all existing encrypted messages and all new messages comming in from the IMAP server are automatically displayed in clear text.
There seems to be the only way to stop this behavior is to remove the secret key completely
This is a very serious security problem, as messages protected by encryption must not be displayed all time.
Expected results:
User must have a control to switch the pgp decrypting on/off, key protection to be switchd on, meaning the current passphrase deleted.
On demand, user should be able by means of simple control mechanism to be able to switch the pgp functionality on temporary again
|
||
Comment 1•5 years ago
|
||
The master password is for data at rest.
|
||
Comment 2•5 years ago
|
||
There is a long(er) discussion on that on https://support.mozilla.org/de/questions/1304363#answer-1393533
Here is my part, which boils down to "PLEASE give me the chance back, to set a more complex PGP password and keep it separate from the master password."
Full text:
Ok, this explains what I see - but I DON'T like it !
My PGP key used to be a LoOOOOnGGGGG passphrase with mixed upper and lower case.
My master password is quite simple compared to that.
Now
- The security level for PGP is down to that of thunderbird master password.
- I need the master password the moment I start thunderbird, so then ALL my PGP-encrypted mails are accessible as well.,
Convenient , but a security disaster from my perspective.
PLEASE give me the chance back, to set a more complex PGP password and keep it separate from the master password.
I second the comment from Martin Just - this is not a duplicate issue.
It is a massive breach of PGP security practices ... has the Thunderbird project been nobbled by security forces ?
The option now is to switch to something that does not compromise your PGP security.
- revert to the older (unsupported) Thunderbird with Enigmail
- shift to a project fork with Enigmail - https://binaryoutcast.com/projects/interlink/support/
|
||
Comment 4•4 years ago
|
||
+1 for an option to have the enigmail behaviour, of only keeping the pgp keyphrase for 5 minutes (or whatever it was).
It is really shocking to see what I thought were encrypted messages being visible, every time I open email. Not even a button to tell it to forget the passphrase.
Thunderbird 78 is not fit for purpose at the moment, and I'm going to be forced to downgrade or switch to the fork that is mentioned. :-(
This needs to be re-opened and flagged as a critical security bug.
Hi Magnus,
why did you consider this bug a duplicate of 1566458?...
The master password offers much LESS security than an OpenPGP passphrase does. It's worth mentioning you have agreed to it yourself (https://bugzilla.mozilla.org/show_bug.cgi?id=1566458#c2):
« Wouldn't want to encourage anyone to think the MP is really protecting them. The master password is also often causing a lot of problems for the users who do try to use it. »
So why set this bug "RESOLVED" (joke!) as "Duplicate of bug 1566458"?
|
|
||
Comment 6•4 years ago
|
||
I don't really see why it would be good for security. It's a usability nightmare.
(In reply to Magnus Melin [:mkmelin] from comment #6)
I don't really see why it would be good for security. It's a usability nightmare.
Are you an expert in the field of security?... I'm not. But from what I've read here and there, better trust OpenPGP mechanisms than Firefox/Tunderbird's "master password" mechanism (which is already cracked). I believe this question is no longer arguable. And you agreed on the weakness of the "master password" mechanism in the past. So I'm really surprised you don't see "why it would be good for security" today...
"It's a usability nightmare" is another topic and your sole opinion (which shouldn't be imposed to all other users). Security and usability are well known enemies. Each time you favor usability, it's at the expense of security. Maybe your preference goes to usability (your choice), but mine goes to security. And I accept the "nightmare" that comes with it. So you should definitely not think for others, nor reject others' requests (for more security) because you personally think it's useless.
The way Thunderbird handles PGP keys looks unbelievable. It's just shocking. TB weakens a lot the strong security policy I had. Please fix this massive security problem as soon as possible.
|
||
Comment 9•3 years ago
|
||
We are addressing lock-out behaviour options for OpenPGP in Bug 1741042.
Description
•