-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 04/22/2015 01:45 PM, Daniele Raffo wrote: > Jan-Philipp Litza wrote on 16/04/2015 20:26: >> > Hi everybody, >> > >> > I think I found a security-related usability problem with Enigmail: >> > When replying to a message, Enigmail decrypts parts of the mail I reply >> > to without notifying me. This could lead to me decrypting a message an >> > adversary sent me for decrypting without noticing. > > Hi, > > That's interesting. I've made some more realistic tests with two users > and I can definitely reproduce this behaviour, although with some > differences. > Below the steps: > > 1. Mallory manages to sniff a message addressed to Alice. This message, > that we'll call Message #1, is encrypted with Alice's pubkey so Mallory > can't read it. > 2. Mallory writes a long message to Alice and, buried deep at the end, > includes the ciphertext from Message #1. > 3. Mallory sends the message *unencrypted*. > 4. Alice receives the message. (The Enigmail status bar says "Decrypted > message". The Enigmail Security Info says "Part of the message signed - > Decrypted message".) The message contains Mallory's text, followed by: > > ********* *BEGIN ENCRYPTED or SIGNED PART* ********* > > (Message #1 in plaintext) > > ********** *END ENCRYPTED or SIGNED PART* ********** > > 5. If Alice replies to Mallory and quotes the message in its entirety (as > mailclients do by default), she'll have disclosed the content of Message > #1 to Mallory. > > > Note that, if in step 3 Mallory sends the message encrypted with Alice's > pubkey, we don't have a security disclosure: Alice receives Mallory's text > followed by a PGP ciphertext block i.e. Message #1. (The Enigmail status > bar says "Decrypted message". The Enigmail Security Info says "Decrypted > message".) When she replies quoting the whole message, Message #1 will be > quoted encrypted. > > > Still, that's a neat attack, and thanks for bringing it to the attention > of the community. Whether this would be an user error or a lack of a > security check from Enigmail (I wouldn't certainly call it a bug) should > be discussed further.
I thought this was one of the reasons why it is recommended to limit quoting when sending/receiving/replying to encrypted messages, in addition to the other reason I've heard/been told, that is can make it easier for an adversary trying to find patterns in the encrypted portion of messages if a large portion of the message constantly remains the same. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJVN9/uAAoJEKBpQL3CDq4d42QP/irgrctMbJ7VnugIQ2flemZr HaeeM44ddIH5ev7usLoLBkCUR4qLxYWsvivYlaaptpsAaHQ6oufxlF08C/UvX1G4 zepJ/NbzcWCCNA1QlgnlDQzQYnFc04JhYCITcrMGBWMCxT/235Kthms6ZsOa3tAH 7u+Wi4fC/w8xedSq3/QJPtPuTHB7chC6xIctgFIfpZSVHG/wxbshxNvk6vndZEyx f46qJxYx5LBuvFHzayjsH4Us1PGXbNbDXYaRVfXzK6Hobc3aLwy1Ri/Pv0cMSlkb tzfxQp4SWGE9G32a/ceSk1Q0pvd1CPB2vKPNapeo9CZJ5aVek6sVed/L8oRVqxV3 VqJrlnGL0BM4Y8Fv0RuMOrg8fxoI/9c3E4MSpHq5tqnFXZnTIgL31nXJSlXYjpFd PgZLrwsxauUxsTx3dh8KsCtXl84CTxnowdRPLspsUArfuZTRQuMBH+q4+1iM6f6w +/XGm6Bb1d27hiJuiYD/Q1K4jWUe52mkQstqUh+vk7oBGRI1XH/ShCiM7jU0QA2i N6OW2T4Wa5EVjcPFKrWCb4uyKQ16csSXjTxn8bEfjSdp4FGA0VWbeQcifKEBNQL8 Md8VLVPeIviVunbVESs2qUxi6jrIX+LoGS1WsRqdnu1yn8+vTQuGIL8Ket++Py2/ salQwKZqayGsM2xoC4kL =c/Yf -----END PGP SIGNATURE----- _______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
