Language Selection

English French German Italian Portuguese Spanish

Critical PGP Security Issue

Filed under
Security
  • Attention PGP Users: New Vulnerabilities Require You To Take Action Now

    A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.

    The full details will be published in a paper on Tuesday at 07:00 AM UTC (3:00 AM Eastern, midnight Pacific). In order to reduce the short-term risk, we and the researchers have agreed to warn the wider PGP user community in advance of its full publication.

    Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email.

  • Disabling PGP in Thunderbird with Enigmail

Response from Werner Koch

Subject: Efail or OpenPGP is safer than S/MIME
Date: Mon, 14 May 2018 09:45:51 +0200
From: Werner Koch
To: gnupg-users@gnupg.org

Hi!

Some may have noticed that the EFF has warnings about the use of PGP out
which I consider pretty overblown. The GnuPG team was not contacted by
the researchers but I got access to version of the paper related to
KMail. It seems to be the complete paper with just the names of the
other MUAs redacted.

Given that the EFF suggests to deinstall GpgOL, we know tha it is not
vulnerable; see see https://dev.gnupg.org/T3714.).

Here is a response I wrote on the weekend to a reporter who inquired on
this problem.

=============
The topic of that paper is that HTML is used as a back channel to create
an oracle for modified encrypted mails. It is long known that HTML
mails and in particular external links like
are evil if the MUA actually honors them (which many meanwhile seem to
do again; see all these newsletters). Due to broken MIME parsers a
bunch of MUAs seem to concatenate decrypted HTML mime parts which makes
it easy to plant such HTML snippets.

There are two ways to mitigate this attack

- Don't use HTML mails. Or if you really need to read them use a
proper MIME parser and disallow any access to external links.

- Use authenticated encryption.

The latter is actually easy for OpenPGP because we started to use
authenticated encryption (AE) since 2000 or 2001. Our AE is called MDC
(Modification detection code) and was back then introduced for a very
similar attack. Unfortunately some OpenPGP implementations were late to
introduce MDC and thus GPG could not fail hard on receiving a mail
without an MDC. However, an error is returned during decrypting and no
MDC is used:

gpg: encrypted with 256-bit ECDH key, ID 7F3B7ED4319BCCA8, created 2017-01-01
"Werner Koch "
[GNUPG:] BEGIN_DECRYPTION
[GNUPG:] DECRYPTION_INFO 0 7
[GNUPG:] PLAINTEXT 62 1526109594 [GNUPG:] PLAINTEXT_LENGTH 69
There is more to life than increasing its speed.
-- Mahatma Gandhi
gpg: WARNING: message was not integrity protected
[GNUPG:] DECRYPTION_FAILED
[GNUPG:] END_DECRYPTION

When giving a filename on the command line an output file is even not
created. This can't be done in pipe mode because gpg allows to process
huge amounts of data. MUAs are advised to consider the DECRYPTION_FAILED
status code and not to show the data or at least use a proper way to
display the possible corrupted mail without creating an oracle and to
inform the user that the mail is fishy.

For S/MIME authenticated encryption is not used or implemented in
practice and thus there is no short term way to fix this in S/MIME
except for not using HTML mails.

The upshot of this is that OpenPGP messages are way better protected
against such kind of attacks than S/MIME messages. Unless, well, the
MUAs are correctly implemented and check error codes!

Shalom-Salam,

Werner

p.s.
Some cryptographers turn up their nose at the OpenPGP MDC which is an
ad-hoc AE mode from a time before AE received much research. However,
it does it job and protects reliable against this and other attacks.
The next OpenPGP revision will bring a real AE mode (EAX or OCB
depending on key preferences) which has other benefits (early detection
of corrupted messages, speed) but it will takes years before it will be
widely deployed and can can actually be used to create messages.

--
# Please read: Daniel Ellsberg - The Doomsday Machine #
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

Alarmist articles

Subject: Re: [Enigmail] FYI disable enigmail now
Date: Mon, 14 May 2018 03:14:12 -0400
From: Robert J. Hansen
Reply-To: Enigmail user discussion list
To: enigmail-users@enigmail.net

We saw a preview of that paper. It's under embargo so it would be
inappropriate for us to comment on it until it's released. It was also
inappropriate for the EFF to comment on it. You can expect us to have
an official statement on it once the paper is published.

I will say this is a tempest in a teapot. Patrick, Werner, and I have
all seen it. We are not in the least bit worried. We wish the EFF had
reached out to us before running with an alarmist article.

tl;dr: as always, please use the latest Enigmail version, and do so with
confidence.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Belichick ended up being inquired in case

It turned out the eventful end of the week to the Patriots though the crew ended up being last Foxborough able to return atlanta falcons jersey cheap to develop Wednesday when they plan for Saturday's divisional rounded series using Tn.

Though your crew concluded way up their operate very last Thurs night ahead of benefiting from remainder in the ok bye 1 week, your Patriots sorted out a tale detail a new rift involving Invoice Belichick, Jeff Brady along with Robert Kraft, producing your crew for you to matter a new affirmation along with Kraft to make available distinct denials of assorted aspects of this content. There were obviously any good survey beyond The big apple that will mentioned Belichick could possibly have the sight for the empty Gambling article, consequently Monday's seminar call nfl atlanta falcons jersey up while using instructor has not been only tied to Titans chat.

Belichick got perhaps the most common design throughout the replies for you to almost all of the concerns that nfl atlanta falcons jersey outlet will sorted out your ESPN part that will induced your stirI didn't LaRoy Reynolds Falcons Jersey for sale look at articlewhile plummeting rear for the team's affirmation. Belichick ended up being inquired in case they that will surely always be rear while using Patriots up coming time. Definitely, they reported just. In any other case, your instructor has not been browse add just about any bits.

My spouse and i didn't look at content. We've by now mentioned in period with that predicament. Nothing at all features transpired subsequently, i really lack everything to nfl atlanta falcons jersey official include in the idea, they explained ahead of they ended up being inquired for you to review with regards to yet another distinct portion of your history.

Effectively, for starters, My spouse and i never genuinely determine what you happen to be speaking about. My spouse and i didn't look at content, i really have no idea of precisely what that will is the term for, Belichick recurring. We have been by way of this specific ahead of along with I realize you wish to survey in stuff are generally wrong along with unattributable along with I am just definitely not considering answering and adjusting all those hit-or-miss along with, I'd personally declare throughout a great deal of circumstances, baseless responses.

Android Leftovers

Git Basics - Git Series Part 1

This series will explain the purpose of git, how to clone GitHub repository, GitLab repository, or otherwise. How to view the changelog and how to revert to an older version of the repository, add and remove files, commit changes, update remote repositories, fetch most recent versions of a repo, and more. GUI front-ends will also be covered, as well as troubleshooting and how typical IDEs will handle source code files belonging to a git repo. Read more

today's leftovers

  • Dropbox plans to drop encrypted Linux filesystems in November
    Linux users are calling on Dropbox to reverse a decision to trim its filesystem support to unencrypted EXT4 only. The company's supported file system list, here, is missing some formats – including various encrypted Linux filesystems. Until that list was revised, Dropbox said it supported NTFS, HFS, EXT4, and APFS on Linux; as the new requirements makes clear, Linux users will only be able to run unencrypted EXT4.
  • MacBuntu 18.04 Transformation Pack Ready for Ubuntu 18.04 Bionic Beaver
    MacBuntu (Macbuntu Mojave/High Sierra/El Capitan/Yosemite) transformation pack is ready for Ubuntu 18.04 Bionic Beaver, we were constantly asked for this pack to be available on our site, so here it is for you guys. In this transformation pack we are featuring many themes for almost every desktop, so you don't have to worry about the desktop you are using whether it is Gnome Shell, Mate, Xfce, Cinnamon or any other desktop. You can simply install it in Ubuntu/Linux Mint or any other Ubuntu based distribution and make your desktop look like Mac OS X. The Unity desktop is still supported in case you are using unofficial version of Unity desktop. In this pack you will find plenty of light variants as well as dark versions, which is managed by different creators and I would like to thank all of them for contributing these themes (McOS-themes, macOS High Sierra, macOS 11, macOS High Sierra - ELBULLAZUL).  There are two themes for cursors, for dock we recommend you to install Plank dock and we are providing themes for it as well (credits: KenHarkey and erikdubois. Also we are including themes for Gnome Shell, for Cinnamon, and three icon packs in this transformation pack.
  •  
  • TensorFlow Pi port is latest salvo in battle for edge analytics
    The recent port of TensorFlow to the Raspberry Pi is the latest in a series of chess moves from Google and its chief AI rival Nvidia to win the hearts and keyboards of embedded Linux developers. Google’s recent announcement that it had ported its open source TensorFlow machine intelligence (ML) library for neural networking to the Raspberry Pi was the latest in a series of chess moves from Google and its chief AI rival Nvidia to win the hearts and keyboards of embedded Linux developers. The competition is a part of a wider battle with Amazon, Microsoft, Intel, and others to bring cloud analytics to the edge in IoT networks to reduce latency, increase reliability, and improve security.
  • 9 Android Pie Hidden Features: Best Android 9 Tricks You Might Have Missed
  • TicWatch Pro: Reviewing the 30-Day Battery Smartwatch