Don't Panic.

Andrew Gallagher andrewg at
Mon May 14 22:49:32 CEST 2018

> On 14 May 2018, at 14:47, Dan Kegel <dank at> wrote:
> Anyway, if you have a checkbox for 'automatically decrypt', you might
> consider unticking it.)

This may not be sufficient. It’s not just automatic decryption but any decryption at all in the client that can trigger a callback. In the PGP case the attack is noisy, so you *may* have a chance to protect yourself before the damage is done if manual decryption is required for each attempt. But that assumes that a human being can reliably distinguish the attempts, which assumes a high level of knowledge of the attack procedure. 


More information about the Gnupg-users mailing list