Efail or OpenPGP is safer than S/MIME
Robert J. Hansen
rjh at sixdemonbag.org
Mon May 14 13:23:25 CEST 2018
> Argh, I meant to say 3DES of course, not MD5. Sorry.
It's worth noting, incidentally, the #Efail attack flat-out requires
MIME. So inline PGP messages are not vulnerable, as there's no MIME
parsing pass which can be exploited. So you're *still* safe, although
this is still a bug that should be fixed. ;)
I can recreate the bug; I'll be bringing it up to Patrick soon.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 228 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users