Thursday, January 15, 2015

Peerio: end-to-end encryption made easy (a quick look)

On Wednesday security startup Technologies Peerio, Inc. pulled the covers off a new website and service, named simply enough, Peerio. The concept is greatly needed: easy to use, end-to-end encrypted communication that doesn't require a computer science degree. Sign up for an account, and from within that account you can securely send email and instant messages, as well as share files. Since the messages and files are encrypted, they can't be read by anyone except the intended recipient. Messages and files are encrypted at your client before being sent to the Peerio servers, so unencrypted data is never exposed. Here's a brief first look at the service.

So-called "asymmetric" or public/private key encryption involves a very useful mathematical condition: there are algorithms where you can use one number to encrypt your information, but have to use a different number to decrypt it. Imagine a mailbox with two keys - one key locks the mailbox, but a completely different key unlocks it. You could share the first key with anyone in the world. They could put private mail into your mailbox and lock it, knowing that only with your second key could you open the mailbox.

The big problem in encryption though is sharing the public key. How does someone that wants to communicate securely with you obtain your public key, and more importantly, how do they know it is your public key? Peerio deals with this hurdle by not even trying to manage keys: Peerio uses a user’s password to generate the private key. As long as you know your password, Peerio can re-generate the private key anytime you want to read a message.

Which brings up a number of questions in my mind:

What happens if I change my password? If the private key is generated from the password, wouldn't a new password mean a new private key? If so, what happens to messages sent to me before I changed the password? They would be encrypted using a key generated by my previous password, which I no longer use. Does that mean everything sent to me when I used my previous password is lost forever?

Actually, as best as I can tell, that problem is "solved" by not even considering changing a password. I do not see any way to change an account password. In addition to the password, you can also set (and change) a device-specific PIN, but that is a device-specific alternative to the master password (and in fact the master password will still unlock Peerio on any device).

Which brings up yet another question: is the master password stored somewhere on my computer, in a way that can be recovered? Since the private key is generated from my password, and I can log in with a device PIN instead of the password, Peerio has to get the password from somewhere ... which means the password could be discovered by malware, making my carefully-encrypted communication not so safe.

How is the public key generated? Is it too generated from my password? Does that mean Peerio servers also have my password in a recoverable form, instead of as a one-way hash?

Despite doing away with private key management, the root issue of key exchange still exists: if I wish to send an encrypted email to someone, I still must obtain their public key. Peerio makes that easier by (apparently) sharing that key automatically, but I still need a way to be certain I have the key for the right person. Keybase.io very elegantly solved that problem by using existing known identities (Twitter, GitHub, websites known to belong to someone) to prove the identity of a keybase user ... at this point Peerio identity is only as certain as you believe it to be.

On the plus side, it supports two-factor authentication, and there is an ability to delete messages I have sent, even after they have been read (sort of an after-the-fact version of Snapchat's temporary messages). Of course like Snapchat, there is nothing to prevent the recipient from copying the content of a protected message and putting it somewhere unprotected - once you send something, you no longer control it.

Bottom line: I don't yet have a verdict on Peerio. It's an intriguing solution to a hard problem, but it has a lot of growing-up ahead of it. I'll be very interested to see how it matures. Incidentally, I am also an early adopter of the afore-mentioned Keybase.io and will be writing a more detailed post about that product in the near future too.