FAQ: Technical Questions & Answers
How does GoodCrypto minimize MITM attacks on my messages?
Encryption and multifactor authentication
Encryption is a great first step. But it's only reliable with good authentication.
All authentication methods have flaws. Any one by itself may be easy to crack, but cracking multiple authentication factors for the same key is much harder. The standard form of this is called "Two factor authentication". GoodCrypto gives you more:
- Key pinning
- Out of band verification notice
- Public key in header
- Encrypts and signs
- Standard "the recipient got my encrypted message"
Remember that no authentication factor is perfect. But combined they can work well.
Key pinning. GoodCrypto pins PGP keys. Any time GoodCrypto generates or receives a new key, it records the fingerprint in GoodCrypto's database. It sends email to let you know about the new key. If that key ever changes, you get an alert.
When a signed message is received, GoodCrypto verifies the signature matches the message's 'From' and warns if it doesn't. Further, it verifies that the fingerprint of any keys in the message header match the fingerprint in GoodCrypto's database. Again, the user is warned if there are any inconsistencies and the key is blocked.
Out of band verification notice. Whenever a new key comes in, the user gets a message strongly advising them to verify the new key's fingerprint using some method other than email. You get their fingerprint from your local GoodCrypto Server's web site. Then you need at least one more source to verify. Getting a fingerprint from somewhere else online is pretty good. A phone call is better. Face to face is best.
Public key in header. Every message a GoodCrypto user sends has their public key in the header. Anyone can check it. GoodCrypto does.
Encrypts and signs. This is standard, but essential. GoodCrypto always both encrypts and signs messages. It checks signatures for you. If you exchange encrypted mail with PGP users who don't have GoodCrypto, ask them to also sign their messages.
"The recipient got my encrypted message." This is the most common method of verification. It's weak, but users seldom do more. That's why automated authentication is essential. If your contact has GoodCrypto, they get a tag line right in the message saying whether it was encrypted, so they can tell you. If the recipient replies saying something that clearly shows they really got your encrypted message, that helps.
Public key servers. In the future, we'll likely offer options such as verifying keys against public key servers. Key servers are convenient. They make PGP easier to use. That's crucial, because crypto that is hard to use is only used by experts. But relying on a few centralized crypto servers for the whole Internet is obviously very risky.
Use multiple factors. Most authentication methods aren't very strong by themselves. Always use multiple factors. GoodCrypto does it automatically, and helps you check things for yourself.