Language Selection

English French German Italian Portuguese Spanish

Critical PGP Security Issue

Filed under
  • Attention PGP Users: New Vulnerabilities Require You To Take Action Now

    A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.

    The full details will be published in a paper on Tuesday at 07:00 AM UTC (3:00 AM Eastern, midnight Pacific). In order to reduce the short-term risk, we and the researchers have agreed to warn the wider PGP user community in advance of its full publication.

    Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email.

  • Disabling PGP in Thunderbird with Enigmail

Response from Werner Koch

Subject: Efail or OpenPGP is safer than S/MIME
Date: Mon, 14 May 2018 09:45:51 +0200
From: Werner Koch


Some may have noticed that the EFF has warnings about the use of PGP out
which I consider pretty overblown. The GnuPG team was not contacted by
the researchers but I got access to version of the paper related to
KMail. It seems to be the complete paper with just the names of the
other MUAs redacted.

Given that the EFF suggests to deinstall GpgOL, we know tha it is not
vulnerable; see see

Here is a response I wrote on the weekend to a reporter who inquired on
this problem.

The topic of that paper is that HTML is used as a back channel to create
an oracle for modified encrypted mails. It is long known that HTML
mails and in particular external links like
are evil if the MUA actually honors them (which many meanwhile seem to
do again; see all these newsletters). Due to broken MIME parsers a
bunch of MUAs seem to concatenate decrypted HTML mime parts which makes
it easy to plant such HTML snippets.

There are two ways to mitigate this attack

- Don't use HTML mails. Or if you really need to read them use a
proper MIME parser and disallow any access to external links.

- Use authenticated encryption.

The latter is actually easy for OpenPGP because we started to use
authenticated encryption (AE) since 2000 or 2001. Our AE is called MDC
(Modification detection code) and was back then introduced for a very
similar attack. Unfortunately some OpenPGP implementations were late to
introduce MDC and thus GPG could not fail hard on receiving a mail
without an MDC. However, an error is returned during decrypting and no
MDC is used:

gpg: encrypted with 256-bit ECDH key, ID 7F3B7ED4319BCCA8, created 2017-01-01
"Werner Koch "
There is more to life than increasing its speed.
-- Mahatma Gandhi
gpg: WARNING: message was not integrity protected

When giving a filename on the command line an output file is even not
created. This can't be done in pipe mode because gpg allows to process
huge amounts of data. MUAs are advised to consider the DECRYPTION_FAILED
status code and not to show the data or at least use a proper way to
display the possible corrupted mail without creating an oracle and to
inform the user that the mail is fishy.

For S/MIME authenticated encryption is not used or implemented in
practice and thus there is no short term way to fix this in S/MIME
except for not using HTML mails.

The upshot of this is that OpenPGP messages are way better protected
against such kind of attacks than S/MIME messages. Unless, well, the
MUAs are correctly implemented and check error codes!



Some cryptographers turn up their nose at the OpenPGP MDC which is an
ad-hoc AE mode from a time before AE received much research. However,
it does it job and protects reliable against this and other attacks.
The next OpenPGP revision will bring a real AE mode (EAX or OCB
depending on key preferences) which has other benefits (early detection
of corrupted messages, speed) but it will takes years before it will be
widely deployed and can can actually be used to create messages.

# Please read: Daniel Ellsberg - The Doomsday Machine #
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

Alarmist articles

Subject: Re: [Enigmail] FYI disable enigmail now
Date: Mon, 14 May 2018 03:14:12 -0400
From: Robert J. Hansen
Reply-To: Enigmail user discussion list

We saw a preview of that paper. It's under embargo so it would be
inappropriate for us to comment on it until it's released. It was also
inappropriate for the EFF to comment on it. You can expect us to have
an official statement on it once the paper is published.

I will say this is a tempest in a teapot. Patrick, Werner, and I have
all seen it. We are not in the least bit worried. We wish the EFF had
reached out to us before running with an alarmist article.

tl;dr: as always, please use the latest Enigmail version, and do so with

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Pseudo-Open Source (Openwashing)

OSS Leftovers

  • The Serverless Show: The Importance of Open Source & Community Involvement
    “I’m also involved with some open source projects. I started with Node community and helping out with some node libraries a long time ago. Now I’m mostly doing serverless-related things. I joined the Claudia.js team a long time ago, almost at the beginning, and helped Gojko Adzic and Alexander Simovich to build Claudia.js. Claudia was and still is a deployment library for AWS Lambda and API gateway. At the beginning, it was really hard to deploy serverless applications. If you tried to do that manually, you need to zip everything, to set the permissions, and things like that. The idea of Claudia was to extend AWS CLI tools and to help users deploy serverless applications easier. We continued doing Claudia and a few other things. We contributed a bit to AWS SAM and we built some other applications that are open source. We’re trying to build tools that we need and that the serverless community needs.”
  • Expect to Hear More About Open Source’s Role in Security [Ed: Security implemented with proprietary software is almost always fake. The Australian back doors ("encryption") bill is a reminder of it. If something is proprietary, one must assume back doors (even mandated from above, hidden in binaries)]
    Will 2019 be the year there is a big push for consolidation between open source and cybersecurity? Yes, said Sanjay Beri, CEO of Netskope, in an email comment. IBM’s acquisition of Red Hat could prove to be the game changer in how organizations approach security.
  • Want to Save Some Money? Check out These Free Software Alternatives
    The list covers drawing and design, animation and film, website building, and others. For example, Ghost Malone presents several free alternatives to drawing, design and post-processing, such as GIMP, Krita, Fire Alpaca, Autodesk Sketchbook, MediBang Paint, and Paint.NET. Another example, for editing vector graphics, is Inkscape, which is free and open source. The list goes on with several choices depending on what you're looking for.
  • A free and open source Bitcoin trading tool has been developed by two students
    University students Jonathan Shobrook and Aaron Lichtman have created a free and open source automated trading bot to use on the Bitstamp exchange.
  • Thank Stanford researchers for Puffer, a free and open source live TV streaming service that uses AI to improve video-streaming algorithms
  • Open Source To Open Newer Avenues For CIOs In 2019
    Open source plays a crucial role in all the top strategic technology trends that are reshaping the IT world. Rajarshi Bhattacharyya, Country Head, SUSE, looks at the key trends for 2019 that organizations need to explore and in explains how open source technologies and practices open up a window of opportunities for the CIOs in the coming days.
  • The High Profile Team of Handshake Looks to Truly Open the Internet with a New Domain Name System
    Unlike other major blockchain based companies like Ethereum, they chose to avoid ICO funding altogether and went straight for private investors. They were able to obtain major private investment funding from companies such as Polychain Capital, A16Z Crypto, and Founders Fund (purchasing 7.5% coin supply of HNS between them at $10.2M) with the idea that they could be responsible for replacing entire layers of Domain Name System (DNS) layering. This removes the need for those who safeguard these layers, saving future companies large amounts of cash up front.
  • Handshake is attempting to make the Internet more open
    Handshake came out of stealth mode last August. The project, which intends to replace various levels of the Domain Name System (DNS) hierarchy, was founded by Joseph Poon (co-creator of the Lightning Network & Plasma), Andrew Lee (co-founder & CEO of Purse), Andrew Lee (co-founder & CEO of Private Internet Access), Boyma Fahnbulleh (Bcoin developer), and Christopher Jeffery (Creator of Bcoin & CTO of Purse). Sidestepping the ICO route popularized by Ethereum, Handshake raised private funding from a slew of investors including A16Z Crypto, Polychain Capital, and Founders Fund. These investors purchased 7.5% of the initial coin supply of HNS, Handshake’s native token, for $10.2M, valuing the protocol at $136M.
  • Google remains the top open-source contributor to CNCF projects
    According to the latest data from Stackalytics, a project founded by Mirantis and hosted by the OpenStack Foundation that visualizes a company’s contribution to open-source projects, Google remains the dominant force in the CNCF open-source ecosystem. Indeed, according to this data, Google is responsible for almost 53 percent of all code commits to CNCF projects. Red Hat, the second biggest contributor, is far behind, with 7.4 percent. The CNCF is the home of Kubernetes, the extremely popular container orchestration service that Google open sourced, so the fact that Google is the top contributor may not seem like a major surprise. But according to this data, Google would still be the top code contributor to all CNCF projects without even taking Kubernetes into account. In part, that’s due to the fact that Google is also the major contributor to GRPC, a queuing project the company donated to the CNCF, and Vitess, the database clustering system it developed for YouTube.
  • Google Remains Top Open-Source Contributor
    According to a scan of code contributions to projects sponsored by the Cloud Native Computing Foundation (CNCF), Google (NASDAQ: GOOGL) remains by far the largest contributor of code across all projects. Using a tool called Stackalytics, the survey conducted by open-source infrastructure vendor Mirantis found that Google accounted for 52.9 percent of code commits to CNCF projects.
  • Johnson Controls to Introduce Open-Source Software for Targeting Retrofits

Server Side Public License (SSPL), Red Hat and Fedora

  • Red Hat/Fedora decide MongoDB’s SSLP doesn’t fit
    MongoDB’s January blues deepened this week as the team behind the Red Hat-backed Fedora Linux distribution confirmed it had added the open source database’s Server Side Public License to its “bad”list. The move came as it emerged Red Hat – Fedora’s sponsor – had nixed MongoDB support in RHEL 8.0.
  • AWS Raised Its Hand Lest Of Open Source Platform
    Even though AWS stands by MongoDB as the best the customers find it difficult to build and vastly accessible applications on the open-source platform can range from multiple terabytes to hundreds of thousands of reads and writes per second. Thus, the company built its own document database with an Apache 2.0 open source MongoDB 3.6 API compatibility. The open-sources politics are quite difficult to grasp. AWS has been blamed for taking the top open-source projects and re-branding plus re-using it without providing the communities. The catch here is that MongoDB was the company behind putting a halt to the re-licensing of the open-source tools under a novel license that clearly stated the companies willing to do this will have to purchase a commercial license.
  • Red Hat gets heebie-jeebies over MongoDB's T&Cs squeeze: NoSQL database dropped from RHEL 8B over license
    MongoDB justified its decision last October to shift the free version of its NoSQL database software, MongoDB Community Server, from the open-source GNU Affero General Public License to the not-quite-so-open Server Side Public License (SSPL) by arguing that cloud providers sell open-source software as a service without giving back. The following month, and not widely noticed until this week, Red Hat said it would no longer include MongoDB in version 8 of Red Hat Enterprise Linux. The removal notice came in the release notes for Red Hat Enterprise Linux Beta 8.0. Under section 4.7, the release notes say, "Note that the NoSQL MongoDB database server is not included in RHEL 8.0 Beta because it uses the Server Side Public License (SSPL)."
  • Server Side Public License struggles to gain open-source support
    MongoDB first announced the release of the new software license in October as a way to protect itself and other open-source projects like it from being taken advantage of by larger companies for monetary gain. At the time, MongoDB co-founder and CTO Eliot Horowitz explained: “This should be a time of incredible opportunity for open source. The revenue generated by a service can be a great source of funding for open-source projects, far greater than what has historically been available. The reality, however, is that once an open-source project becomes interesting, it is too easy for large cloud vendors to capture most of the value while contributing little or nothing back to the community.” Other open-source businesses have developed their own licenses or adopted others in recent months, citing the same issues. However, the problem with these new licenses is that if they are not approved by the Open Source Initiative (OSI), an organization created to promote and protect the open-source ecosystem, the software behind the license is technically not considered open source, and it will have a hard time getting acceptance from members in the community.
  • Open source has a problem with monetization, not AWS
  • Why you should take notice of the open source in enterprise suckers conundrum
    In the MongoDB case, AWS is widely regarded as responding to a licensing change MongoDB made in October 2018 that has caused something of a stir among the open source cognoscenti.
  • Fedora Community Blog: FPgM report: 2019-03
    Here’s your report of what has happened in Fedora Program Management this week. I’ve set up weekly office hours in #fedora-meeting-1. Drop by if you have any questions or comments about the schedule, Changes, elections, or anything else.

How to Integrate Dropbox in Ubuntu Using Nautilus File Manager

This beginners guide will help you to install and integrate Dropbox in Ubuntu’s Nautilus file manager. Dropbox is a popular file hosting service provides users cloud storage and access to your files from any device. Dropbox provides free account upto a certain storage limit and also provides subscription based accounts. Dropbox provides native desktop apps for Linux systems. Read more