Efail or OpenPGP is safer than S/MIME

Andrew Gallagher andrewg at andrewg.com
Mon May 14 22:09:45 CEST 2018

> On 14 May 2018, at 18:57, Lars Noodén <lars.nooden at gmail.com> wrote:
> How feasible would it be to strip or disable encryption in a fork of an
> old version and just leave it capable of decryption?

I’m sure it’s feasible, but it doesn’t address this issue or any other kind of oracle, replay or chosen-text attack. If today has taught us anything, surely it is that flaws in decryption are just as dangerous as flaws in encryption. 


More information about the Gnupg-users mailing list