Just How Secure is GnuPG?

200px-Gnupg_logo.svgLast night, I was exchanging a few comments with the ACLU’s Chris Soghoian (who was a very nice chap at last year’s Dragon Con EFForums event, and a pleasure to work with) on Twitter over https, and I asked if there were any easy guides for easy setup of SSL certs, not so much “for dummies” (as the the book series goes) but for a group that is smart, but not the most ‘technologically literate”. It’s something I’m calling the guide “for lawyers”.

It’s called that for a simple reason. Lawyers are, on the whole, smart people. They may not be the most technologically literate people in the world, but they’re certainly not ‘dummies’. They’re also a group that often has a need for security just to protect lawyer-client confidentiality, and it stems from conversations with my friend and colleague Blair Chintella last summer. He wanted to make his emails more secure, so I talked him through setting it up, and thought a video guide might be better. i’m still working on that, but ‘guides for lawyers’ was born.

Anyway, while commenting on this, and Australian responded back and was not… the most receptive to GnuPG (which is the open source version of PGP) and later claimed that it wouldn’t last 5 minutes (someone might want to let the RC5-72 group over at distributed.net know, they’ve been working on that since December 2002 – 4270 days)

The challenge boils down to this

— Andrew Norton (@ktetch) August 12, 2014

There you have it. The time is now ‘tomorrow’. The challenge has been set out. I’ve set a message and sent it from one email account to another, encrypted. I used my standard GPG key, the same one I’ve used since December 2009 (and which expires this December – but for something that can be cracked

The key is  0xD6DD7E47 which is available from the mit key repository. So now for the code itself.

-----BEGIN PGP MESSAGE----- Charset: ISO-8859-1 Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ hQEMA9udGcUbpz1zAQf/aSZ4Rz6rcOAR0WgYT7W58jTpnGeYtkTaLpmYIshfrj/X EBtYM4OXBpDV+b9270iMxTRrYHItml1BDsPaL/GWzUdxezTudo4Tg8r+hrSp1QCQ 0RxHB2BuSAhT9bY7o3ZzWbBJkwT1oPZ2YGWsCMoa4IqPQsvFDsuiEkeP7YzLofhB bQTnH1rKOJMQyXxwMSLys2AZJmotlofAP3Y7Yn4Lce9xR3xl46vJmynPmvP1Qe+O gQn+sT7tdoY6YCRYjRnI6tlJZi7Vqu5Q0Op5gVyDfoHLcq40kqrmzZUPEaN7vLOU 5o76kRNRidTH1bG+r4SSyfExHeAqr70cGbv1L2kWi4UCDANipfNuQDmhEAEP/3Ww xMxSoCtX55KORY1y6HM/VBQAQhONom+b/yec7nGr3TMi0NzF/6pgU2FRL4nywrC9 3qeT0Zhnb/83XrLHx+5G0bZ+v94vW5iHq9g3JSbxF+uYswvLCmFRwHzJ6C9epXGu 9OZZ+KqBIrftUlLtTzayRzFbRN+9fEB1Lg89fOs4oCRuVn7yyRU81vb/t6AdQvi3 TSyvPpV2nQ5+Xa6V0ptBol6h2OU1IfW/hOmRKwGnKWxDAhl9T/zH0DBPvkF8OFpj HAAlA1BtVTjtSHQhKRGmYdCAMpswxZ4mAovMMxP4gZYfHvGZ3N1Ms5QsNleSGXc5 tCS5zsP9PfKIULFF6rUWd2eTNt+Opt2aN/PR1siLMkJ1AKAhsAwSImdEqsoi7+63 D+NWr9eePN65/8kV/cn3koDHT0jVN9za1IupHiZUgIMMuXHE5I3+7Xl5MrEqYVnJ xw3hfw+bQfkzhL4H9OJmtcyvNQupCRGcyfYIn1IYpa7C+ov7I9izHArgIDzGwjW1 MTj6vn6FpLxV+ajd1rNdlIZ1Apfz48AAwoCUzQpaQDHL8anFKjpXfoyI4K2ojAUB yCXbFj36X5YH4dJXuECfahnkjX9ZaTEho4oUURncnsIeeTxR/L8K1B8n6Jyzh3Uh OKks/NRHwXLSLIQWrAB2S1UkFdio0v/8YoXz2o9h0sChAa84rWom2rhFQGt33wFD u+5s2ovzLcWklsdRSlwBBBouvdqrzlkQauXbHnJLmf/uKtFUpHyKcuLHrfACP15W Nmn3yb7QMVu87Z/RL3arfX2on41bbtte4GAGBkIZKzZ/Iocgu9J6tYJ+9csMrjRd rvSH6GVM6R3n7TvE85DQIIfdq7DyPWIdhnb1FDEMj21U9su43Zfa3uiWjgkRxRc6 u6lbItE86i8x0oH5KDHvIHQWsqrfzD7j2XPx+4I7jvU1BUWOJ0FqfAcdyCnnLP3i v0YorX6p/3cdwuT6UOsMHGjEwobO1461bf/d/MdUBuQHW7MgaakPXw6zn9gllo1F PH7VE9sPRzztEYYnIPrHQ+LCEieDEeiXsmCWJmAx0RlEF3TaqcWNeMOtgCoCvOxf YhLW/ZTO95fVYvFFeJA4fnI0gwhR4Ek+lMKOgmQQnLlNCfykZIK/cIibf7EsbY92 vc4= =yR3m -----END PGP MESSAGE-----

Think you can break that? I’m interested to know.