andrewg at andrewg.com
Mon May 14 22:49:32 CEST 2018
> On 14 May 2018, at 14:47, Dan Kegel <dank at kegel.com> wrote:
> Anyway, if you have a checkbox for 'automatically decrypt', you might
> consider unticking it.)
This may not be sufficient. It’s not just automatic decryption but any decryption at all in the client that can trigger a callback. In the PGP case the attack is noisy, so you *may* have a chance to protect yourself before the damage is done if manual decryption is required for each attempt. But that assumes that a human being can reliably distinguish the attempts, which assumes a high level of knowledge of the attack procedure.
More information about the Gnupg-users