Language Selection

English French German Italian Portuguese Spanish

Critical PGP Security Issue

Filed under
Security
  • Attention PGP Users: New Vulnerabilities Require You To Take Action Now

    A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.

    The full details will be published in a paper on Tuesday at 07:00 AM UTC (3:00 AM Eastern, midnight Pacific). In order to reduce the short-term risk, we and the researchers have agreed to warn the wider PGP user community in advance of its full publication.

    Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email.

  • Disabling PGP in Thunderbird with Enigmail

Response from Werner Koch

Subject: Efail or OpenPGP is safer than S/MIME
Date: Mon, 14 May 2018 09:45:51 +0200
From: Werner Koch
To: gnupg-users@gnupg.org

Hi!

Some may have noticed that the EFF has warnings about the use of PGP out
which I consider pretty overblown. The GnuPG team was not contacted by
the researchers but I got access to version of the paper related to
KMail. It seems to be the complete paper with just the names of the
other MUAs redacted.

Given that the EFF suggests to deinstall GpgOL, we know tha it is not
vulnerable; see see https://dev.gnupg.org/T3714.).

Here is a response I wrote on the weekend to a reporter who inquired on
this problem.

=============
The topic of that paper is that HTML is used as a back channel to create
an oracle for modified encrypted mails. It is long known that HTML
mails and in particular external links like
are evil if the MUA actually honors them (which many meanwhile seem to
do again; see all these newsletters). Due to broken MIME parsers a
bunch of MUAs seem to concatenate decrypted HTML mime parts which makes
it easy to plant such HTML snippets.

There are two ways to mitigate this attack

- Don't use HTML mails. Or if you really need to read them use a
proper MIME parser and disallow any access to external links.

- Use authenticated encryption.

The latter is actually easy for OpenPGP because we started to use
authenticated encryption (AE) since 2000 or 2001. Our AE is called MDC
(Modification detection code) and was back then introduced for a very
similar attack. Unfortunately some OpenPGP implementations were late to
introduce MDC and thus GPG could not fail hard on receiving a mail
without an MDC. However, an error is returned during decrypting and no
MDC is used:

gpg: encrypted with 256-bit ECDH key, ID 7F3B7ED4319BCCA8, created 2017-01-01
"Werner Koch "
[GNUPG:] BEGIN_DECRYPTION
[GNUPG:] DECRYPTION_INFO 0 7
[GNUPG:] PLAINTEXT 62 1526109594 [GNUPG:] PLAINTEXT_LENGTH 69
There is more to life than increasing its speed.
-- Mahatma Gandhi
gpg: WARNING: message was not integrity protected
[GNUPG:] DECRYPTION_FAILED
[GNUPG:] END_DECRYPTION

When giving a filename on the command line an output file is even not
created. This can't be done in pipe mode because gpg allows to process
huge amounts of data. MUAs are advised to consider the DECRYPTION_FAILED
status code and not to show the data or at least use a proper way to
display the possible corrupted mail without creating an oracle and to
inform the user that the mail is fishy.

For S/MIME authenticated encryption is not used or implemented in
practice and thus there is no short term way to fix this in S/MIME
except for not using HTML mails.

The upshot of this is that OpenPGP messages are way better protected
against such kind of attacks than S/MIME messages. Unless, well, the
MUAs are correctly implemented and check error codes!

Shalom-Salam,

Werner

p.s.
Some cryptographers turn up their nose at the OpenPGP MDC which is an
ad-hoc AE mode from a time before AE received much research. However,
it does it job and protects reliable against this and other attacks.
The next OpenPGP revision will bring a real AE mode (EAX or OCB
depending on key preferences) which has other benefits (early detection
of corrupted messages, speed) but it will takes years before it will be
widely deployed and can can actually be used to create messages.

--
# Please read: Daniel Ellsberg - The Doomsday Machine #
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

Alarmist articles

Subject: Re: [Enigmail] FYI disable enigmail now
Date: Mon, 14 May 2018 03:14:12 -0400
From: Robert J. Hansen
Reply-To: Enigmail user discussion list
To: enigmail-users@enigmail.net

We saw a preview of that paper. It's under embargo so it would be
inappropriate for us to comment on it until it's released. It was also
inappropriate for the EFF to comment on it. You can expect us to have
an official statement on it once the paper is published.

I will say this is a tempest in a teapot. Patrick, Werner, and I have
all seen it. We are not in the least bit worried. We wish the EFF had
reached out to us before running with an alarmist article.

tl;dr: as always, please use the latest Enigmail version, and do so with
confidence.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

EEE, Entryism and Openwashing

  • New Linux distro specifically designed for Windows comes to the Microsoft Store [Ed: WLinux or Whitewater Foundry not the first time people exploit Microsoft to put a price tag on FOSS such as LibreOffice. Microsoft is doing a fine job sabotaging the GNU/Linux 'ecosystem'.]
    WLinux is based on Debian, and the developer, Whitewater Foundry, claims their custom distro will also allow faster patching of security and compatibility issues that appear from time to time between upstream distros and WSL. [...] In return for saving developers time Whitewater Foundry is charging $19.99 (though the app is currently 50% off and the distribution can be downloaded from Github for free).
  • Open source dev gets Win32 apps running on Xbox One [Ed: Running blobs on two DRM platforms does not make you "Open source dev"]
  • Building Blocks of Secure Development: How to Make Open Source Work for You [Ed: Veracode self-promotion in "webinar" form, badmouthing FOSS to push their proprietary things. They work with Microsoft.]
  • SD Times open source project of the week: TonY [Ed: Openwashing of a surveillance operation at Microsoft]
    Unsatisfied with the available solutions for connecting the analytics-generating power of their TensorFlow machine learning implementations with the scalable data computation and storage capabilities of their Apache Hadoop clusters, developers at LinkedIn decided that they’d take matters into their own hands with the development of this week’s highlighted project, TonY.
  • Open Source: Automating Release Notes in Github [Ed: The New York Times is still propping up Microsoft hosting]
  • Opendesk launches augmented-reality shopping for its open-source furniture [Ed: Calling furniture "open"]
    Opendesk customers can now use augmented reality to see how the furniture brand's pieces look in their homes before ordering them from local makers. The augmented-reality (AR) experience launched with the arrival of Apple's iOS 12 operating system this week. It enables customers to use their smartphones to view some of Opendesk's furniture superimposed on the room in front of them.
  • Open Source Testing Startup Cypress Leaves Beta With Thousands of Users, Launches Paid Plans [Ed: This is not Open Source; they misuse the label and even put dashes ("open-source") because they know they're faking it.]
    Cypress.io‘s CEO Drew Lanham explains that the startup’s tool is software created by developers, for developers. The company was founded in 2014 by technologist Brian Mann, after observing that while computing and application development had changed drastically over the past decade, software testing had not. Large companies now release thousands of software updates a year, often on a daily basis across their organization. Technology teams aim to move rapidly, iterating on an agile basis and working in parallel so they can sync their code together even faster. But, as Lanham explains, the testing software out there was far outdated for these agile processes.
  • Kindred Introduces SenseAct, the First Reinforcement Learning Open-Source Toolkit for Physical Robots [Ed: Kindred or SenseAct not actually FOSS; but they sure try to make it seem that way, by focusing on a toolkit.]

Top Linux Distros for Software Developers

A major factor in the choice of Linux distro is your personal preference. You may try one of the most popular Linux distros but find that you prefer one that’s less often used. Your experience with Linux will also factor into which distro is suited to you. With the benefits Linux can offer — including flexibility, stability, and support — it’s worth evaluating your options. Read more

Source Code From Deutsche Telekom

  • Edge compute platform is open source
    Deutsche Telekom and Aricent have partnered for the creation of an Open Source, low latency Edge compute platform available to operators, to enable them to develop and launch 5G mobile applications and services faster.
  • Deutsche Telekom and Aricent Create Open Source Edge Software Framework
    Deutsche Telekom and Aricent today announced the creation of an Open Source, Low Latency Edge Compute Platform available to operators, to enable them to develop and launch 5G mobile applications and services faster. The cost-effective Edge platform is built for software-defined data centers (SDDC) and is decentralized, to accelerate the deployment of ultra-low latency applications. The joint solution will include a software framework with key capabilities for developers, delivered as a platform-as-a-service (PaaS) and will incorporate cloud-native Multi-access edge computing (MEC) technologies.
  • DT and Aricent announce telco Open Source Edge framework for 5G
    Deutsche Telekom and Aricent have announced the creation of an Open Source Edge software framework, designed especially for developers, platform-as-a-service and cloud-native multi-access edge computing technologies and on-track to intersect with the deployment of 5G enabled network edge facilities to tackle ultra-low latency network applications. The Edge platform has been built for software-defined data centers (SDDC) and will include a software framework with key capabilities for developers, delivered as a platform-as-a-service (PaaS) and will incorporate cloud-native Multi-access edge computing (MEC) technologies.
  • Deutsche Telekom, Aricent brew up edge compute platform for 5G apps and services
    In order to speed up the rollout of 5G applications and services, Duetsche Telekom and Aricent have teamed up to build an edge compute platform. The open source, edge software framework was built for use in software-defined data centers in decentralized locations. It also uses cloud-native multiaccess edge computing (MEC) technologies.
  • Deutsche Telekom, Aricent Bridge Cloud Native, Telco MEC Gap
    German telecom giant Deutsche Telekom and Aricent threw their collective weight behind an open source edge computing platform targeted at software-defined data centers (SDDC). The initiative gamely joins a growing list of open source multi-access edge computing (MEC) initiatives. The DT-Aricent collaboration is at its core a decentralized platform designed to help telecom operators develop and launch low-latency 5G mobile applications and services. It includes a software framework with features delivered through a platform-as-a-service (PaaS) model.

Android Leftovers