NCCIC encourages users and administrators to review CERT/CC’s Vulnerability
Note VU #122919.
https://www.us-cert.gov/ncas/current-activity/2018/05/14/OpenPGP-SMIME-Mail-Client-Vulnerabilities
--
Jerry
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
Werner Koch, wk, at gnupg.org wrote on
Mon May 14 19:32:18 CEST 2018:
...
I am all in favor of this and even considered to that some time ago.
However, not too long ago we removed support for PGP-2 keys which
unfortunately resulted in lots of angry mails from people who now think
they need to use
Hi
On Monday 14 May 2018 at 1:33:03 PM, in
,
Fiedler Roman wrote:-
> This would also prevent many other programming
> errors: e.g. if gpg
> claims to have processed 2 signed messages, a client
> has to verify,
> that it also received two "GOOD_SIG" messages.
What if a message has more than o
> I'm going to add this to the HN thread. I trust that's OK.
Go for it. :)
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 05/13/2018 08:27 PM, Robert J. Hansen wrote:
> [taps the mike]
>
> Hi. I maintain the official GnuPG FAQ. So let me start off by
> answering a question that is certainly about to be asked a lot: "Should
> we be worried about OpenPGP, GnuPG, or Enigmail? The EFF's advising us
> to uninstall i
> On 14 May 2018, at 14:47, Dan Kegel wrote:
>
> Anyway, if you have a checkbox for 'automatically decrypt', you might
> consider unticking it.)
This may not be sufficient. It’s not just automatic decryption but any
decryption at all in the client that can trigger a callback. In the PGP case
> On 14 May 2018, at 18:32, Werner Koch wrote:
>
> On Mon, 14 May 2018 15:44, andr...@andrewg.com said:
>
>> This all exposes one of the difficulties with trying to manage security
>> software in a decentralised ecosystem. We end up in arguments over whose
>
> That is actually easy compared to
> On 14 May 2018, at 18:57, Lars Noodén wrote:
>
> How feasible would it be to strip or disable encryption in a fork of an
> old version and just leave it capable of decryption?
I’m sure it’s feasible, but it doesn’t address this issue or any other kind of
oracle, replay or chosen-text attack.
On 05/14/2018 08:32 PM, Werner Koch wrote:
[snip]
> I am all in favor of this and even considered to that some time ago.
> However, not too long ago we removed support for PGP-2 keys which
> unfortunately resulted in lots of angry mails from people who now think
> they need to use gnupg 1.4 every d
On Mon, 14 May 2018 15:44, andr...@andrewg.com said:
> This all exposes one of the difficulties with trying to manage security
> software in a decentralised ecosystem. We end up in arguments over whose
That is actually easy compared to a system which is also designed to
protect data at rest. Som
On 14/05/2018 08:27, Robert J. Hansen wrote:
> Werner saw a preprint of this paper some time ago. I saw it recently.
> Patrick Brunschwig of Enigmail saw it. None of us are worried. Out of
> respect for the paper authors I will skip further comment until such
> time as the paper is published.
>
On 14/05/2018 08:27, Robert J. Hansen wrote:
> Werner saw a preprint of this paper some time ago. I saw it recently.
> Patrick Brunschwig of Enigmail saw it. None of us are worried. Out of
> respect for the paper authors I will skip further comment until such
> time as the paper is published.
>
Thanks for the heads up!
(The eff alert only suggests disabling tools that *automatically*
decrypt messages,
Stumbling around a bit on the net, this sounds like a rehash of
https://sourceforge.net/p/enigmail/bugs/226/
Anyway, if you have a checkbox for 'automatically decrypt', you might
consider u
On 14/05/18 13:42, Robert J. Hansen wrote:
>> If I read it correctly, it also has another attack, no longer based on
>> user agents concatenating HTML mime parts, but also based on CFB
>> gadgets. Which, here, looks like a flaw in the OpenPGP specification
>> indeed (and thus GnuPG's implementation
> Von: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] Im Auftrag von
>
> On 14/05/18 12:25, Robert J. Hansen wrote:
> > The problem is that gpg doesn't say anything. I would expect a
> > DECRYPTION_FAILED message here:
>
> So perhaps the solution is to throw a big warning and prompt when an
>
> If I read it correctly, it also has another attack, no longer based on
> user agents concatenating HTML mime parts, but also based on CFB
> gadgets. Which, here, looks like a flaw in the OpenPGP specification
> indeed (and thus GnuPG's implementation of it), and not in MUAs?
MDCs stop it dead.
On 05/14/2018 09:45 AM, Werner Koch wrote:> The topic of that paper is
that HTML is used as a back channel to create
> an oracle for modified encrypted mails. It is long known that HTML
> mails and in particular external links like
> are evil if the MUA actually honors them (which many meanwhile
Over the last few hours, Werner, Andre, and I have been working on an
official statement about the Efail paper. Without further ado, here it is.
An Official Statement on New Claimed Vulnerabilities
== = == === === ===
by the GnuPG and Gpg4Win teams
(This statem
On Mon, 14 May 2018 13:47, r...@sixdemonbag.org said:
> Short version: Mailpile isn't impressed, either, and is a little annoyed
> they were mistakenly listed as being vulnerable.
Yes, all green in the table for Mailpile. GgpOL (Gpg4win's Outlook
plugin) is also claimed to be vulnerable but the
On 14/05/18 12:25, Robert J. Hansen wrote:
> The problem is that gpg doesn't say anything. I would expect a
> DECRYPTION_FAILED message here:
So perhaps the solution is to throw a big warning and prompt when an
integrity check failure is thrown by gnupg? That would mitigate the
current issue, but
https://www.mailpile.is/blog/2018-05-14_PGP_Security_Alert.html
Short version: Mailpile isn't impressed, either, and is a little annoyed
they were mistakenly listed as being vulnerable.
signature.asc
Description: OpenPGP digital signature
___
Gnupg-us
On 14/05/18 12:23, Robert J. Hansen wrote:
> It's worth noting, incidentally, the #Efail attack flat-out requires
> MIME. So inline PGP messages are not vulnerable, as there's no MIME
> parsing pass which can be exploited. So you're *still* safe
I wouldn't be that confident. I haven't tested PGP
... and Patrick, moving faster than the speed of light, already has the
bug triaged and bounced back. This is actually a GnuPG bug, not an
Enigmail bug. From Patrick:
=
The problem is that gpg doesn't say anything. I would expect a
DECRYPTION_FAILED message here:
[GNUPG:] ENC_TO 5F5FDF4006
> Argh, I meant to say 3DES of course, not MD5. Sorry.
It's worth noting, incidentally, the #Efail attack flat-out requires
MIME. So inline PGP messages are not vulnerable, as there's no MIME
parsing pass which can be exploited. So you're *still* safe, although
this is still a bug that should be
On 14/05/18 12:13, Andrew Gallagher wrote:
> I tried again using CAST5 instead of MD5 to bypass the smartcard bug.
Argh, I meant to say 3DES of course, not MD5. Sorry.
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
___
Gnup
Fascinating. I've thrown it over to Patrick: we'll look into it and get
back in touch soon.
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On 14/05/18 10:42, Robert J. Hansen wrote:
> ... Yep, GnuPG will warn you the message was not integrity protected.
> Your email client should see this warning and refuse to render the message.
I tried again using CAST5 instead of MD5 to bypass the smartcard bug.
The news is not good.
```
andrewg@
On 14/05/18 10:42, Robert J. Hansen wrote:
> ... Yep, GnuPG will warn you the message was not integrity protected.
> Your email client should see this warning and refuse to render the message.
Yes, but that's not as serious as the error thrown for an unprotected
AES message. Do mail clients treat
>> We hesitate to require the MDC also for old algorithms (3DES, CAST5>
>> because a lot of data has been encrypted using them in the first
>> years of OpenPGP.
>
> So if someone sends me a 3DES-encrypted mail it won't check the MDC?
> Doesn't gpg still support reading 3DES?
Let's try it and find
On 14/05/18 10:15, Robert J. Hansen wrote:
>> I see that MDC is the default for all modern ciphers, but does that imply
>> that MDC *checking* is the default?
> MDC is an attribute of the packet, not the cipher. By default, all
> ciphers in the GnuPG suite use MDC.
OK, but from Werner's link earl
> So how do we enforce MDC checking at the receiving end? I assume this is
> something that has to be handled by the calling program at the moment.
By default, GnuPG will scream bloody murder if a message lacks an MDC or
if the MDC is invalid. At that point it's up to your email client to
pay att
Hi!
I digged in my mail archives and found a discussion with Sebastian
Schinzel about a work in progress thing which turned out to not being a
GnuPG problem. Here is a timeline with my messages.
On 2017-11-24 we were asked for the encryption keys of the security at
gnupg.org address. On the sam
On 14/05/18 08:45, Werner Koch wrote:
> The topic of that paper is that HTML is used as a back channel to
> create an oracle for modified encrypted mails.
This confirms that my forensic analysis of the wording of the
announcement was sound. ;-)
The good thing is that oracle attacks are *noisy*,
The following is what I wrote to a journalist covering the story:
=
We've known about problems in OpenPGP's feedback mode for at least
thirteen years. (See https://eprint.iacr.org/2005/033.pdf for an
example.) The OpenPGP working group resolved these problems by adopting
modification detect
[taps the mike]
Hi. I maintain the official GnuPG FAQ. So let me start off by
answering a question that is certainly about to be asked a lot: "Should
we be worried about OpenPGP, GnuPG, or Enigmail? The EFF's advising us
to uninstall it!"
https://www.eff.org/deeplinks/2018/05/attention-pgp-use
| A group of European security researchers have released a warning
| about a set of vulnerabilities affecting users of PGP and S/MIME.
| EFF has been in communication with the research team, and can
| confirm that these vulnerabilities pose an immediate risk to
| those using these tools for email c
Hi!
Some may have noticed that the EFF has warnings about the use of PGP out
which I consider pretty overblown. The GnuPG team was not contacted by
the researchers but I got access to version of the paper related to
KMail. It seems to be the complete paper with just the names of the
other MUAs r
37 matches
Mail list logo