Since which Version ist that the case? (As maybe changelog is of little help
with the secrecy recently)
Am May 17, 2018 6:35:32 AM UTC schrieb Patrick Brunschwig
>I fear that that's likely to happen. A measure against the Efail
>vulnerability was to disable decryption of messages that have no MDC
>It's fairly possible that old messages (using old algorithms) have no
>MDC protection - but there is no way out. You'd risk to be attacked
>_very_ easily otherwise as the Efail paper clearly explains.
>I strongly suggest that you only read such old mails on the command
>- there is no sensible safeguarding possible in Enigmail.
>(CC-ing the Enigmail Mailing list, as I consider this important info
>many other users too)
>On 17.05.18 08:27, Bitcoin Admin wrote:
>> Hello, I can't use 2.0.4, after installation all my old encrypted
>> messages throw up an error (and don't decrypt anymore), the
>> details show , however, that the correct keys were used.
>> How come?
>> On 05/16/2018 04:40 PM, Patrick Brunschwig wrote:
>>> I have released Enigmail v2.0.4 for Thunderbird version 52 and
>>> 2.46 and newer.
>>> This version implements two workarounds to prevent against "Efail"
>>> vulnerabilities (https://efail.de). I strongly recommend to upgrade
>>> Enigmail 2.0.4 as soon as possible.
>>> Efail: fail on GnuPG integrity check warnings for old Algorithms
>>> Enigmail now discovers if GnuPG prints a warning message about
>>> MDC (Modification Detection Code) for old algorithms like CAST5 and
>>> treats it like a hard failure. Such a message will no longer be
>>> Efail: protect against remot URL calls in unpatched Thunderbird
>>> I implemented a workaround to prevent against leaking decrypted
>>> data to remote URLs. This workaround is meant as temporary measure
>>> Thunderbird has a more robust solution. The workaround protects
>>> successfully against the known forms of the vulnerabilities.
>>> I still recommend to use the "Simple HTML" view in Thunderbird
>>> (accessible via menu View > Message Body as > Simple HTML) to
>>> from loading any remote content.
>>> Obtaining Enigmail
>>> Enigmail can be downloaded from
>>> The changelog is available from
>>> Additional Remarks
>>> The new version is still waiting for approval on
>>> https://addons.mozilla.org; you should receive it automatically via
>>> addons-update once the approval is made.
>>> enigmail-users mailing list
>>> To unsubscribe or make changes to your subscription click here:
enigmail-users mailing list
To unsubscribe or make changes to your subscription click here: