>> On 05/14/2018 10:33 AM, [email protected] wrote: >> I know that right now details are sketchy but the advice of disabling PGP is sound at least until we get to know more information, especially since it's coming from reputable researchers and the EFF (links below but I guess everybody here already knows about that), so obviously that there is ground for worry. >> >> Do any of the Qubes users or devs know more at present about this issue or have advice to provide, aside from waiting for the publication of the research paper tomorrow morning (15th of May) and stopping using Split-GPG for the time being as a precaution? >> >> https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now >> >> https://arstechnica.com/information-technology/2018/05/critical-pgp-and-smime-bugs-can-reveal-encrypted-e-mails-uninstall-now/ >> >> Thanks. >'Leo Gaspard' via qubes-users: > I can't tell for sure for not having read the paper, but it sounds like > too much hype for vulnerabilities not so important: > > https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060317.html > > https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html > (Werner being the maintainer of GnuPG) > > So I wouldn't worry about (but why not disable automatic > decryption/verification of incoming emails in the meantime, doesn't cost > much) > >
I would expect that if indeed this bug allows exfiltration of PGP private keys, then qubes-splt-gpg would defend against this. Unless "an oracle" does something magical that doesn't steal the PGP private key directly (see below). For our friends/colleagues/comrades who are especially concerned or who are not yet qubes or qubes-split-gpg users, if HTML is the problem (as Werner suggests) I suggest to mitigate as follows: in the Thunderbird menu: 1) View -> Message Body As > [*] Plain Text 2) View -> [ ] Display Attachments Inline [should be NOT selected] As I understand it, this works because split gpg doesn't expose private keys to the mail client but instead sends encrypted emails to the vault qube/AppVM for decryption. My question for more knowledgeable friends here would be, what is meant in Werner's message -- https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html -- by "an oracle for modified encrypted mails"? My understanding of PGP is that PGP/GPG encrypts/decrypts a short-lived symmetric key that is actually used to encrypt/decrypt the message, so analysis of both the plaintext and ciphertext of a single message would (at best, if this were feasible) give you insight into the symmetric key, and not the PGP private key itself. But someone who understands more deeply, please enlighten us! -m0ssy -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4ce7c9d4-cbf5-59d5-946b-e4e55c5241d1%40riseup.net. For more options, visit https://groups.google.com/d/optout.
