Efail or OpenPGP is safer than S/MIME
andrewg at andrewg.com
Mon May 14 11:03:48 CEST 2018
On 14/05/18 08:45, Werner Koch wrote:
> The topic of that paper is that HTML is used as a back channel to
> create an oracle for modified encrypted mails.
This confirms that my forensic analysis of the wording of the
announcement was sound. ;-)
The good thing is that oracle attacks are *noisy*, so you'll notice when
> There are two ways to mitigate this attack
> - Don't use HTML mails. Or if you really need to read them use a
> proper MIME parser and disallow any access to external links.
Unfortunately HTML mail is commonplace, so never reading an HTML mail
again may be too much to ask.
> - Use authenticated encryption.
So how do we enforce MDC checking at the receiving end? I assume this is
something that has to be handled by the calling program at the moment. I
see that MDC is the default for all modern ciphers, but does that imply
that MDC *checking* is the default? If so, then all we would need to do
is disable non-modern ciphers.
Looks like S/MIME is pretty much buggered though...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 862 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users