Efail or OpenPGP is safer than S/MIME

Robert J. Hansen rjh at sixdemonbag.org
Mon May 14 13:23:25 CEST 2018

> Argh, I meant to say 3DES of course, not MD5. Sorry.

It's worth noting, incidentally, the #Efail attack flat-out requires
MIME.  So inline PGP messages are not vulnerable, as there's no MIME
parsing pass which can be exploited.  So you're *still* safe, although
this is still a bug that should be fixed.  ;)

I can recreate the bug; I'll be bringing it up to Patrick soon.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180514/57e45f73/attachment.sig>

More information about the Gnupg-users mailing list