EFF -- Attention PGP Users: New Vulnerabilities Require You to Take Action Now

Public key encryption sounds like a good thing but it was never designed to deal with the kinds of attacks on hardware, firmware, software and infrastructure that are commonplace today.
If you want a secure conversation both parties better exercise extreme opsec.

That means use published public keys for introductory purposes only.
Both parties should then generate new large keys on an offline device and encrypt the public keys.
Share the encrypted public keys with the intended recipient then share the password to them by another channel.
All encryption/decryption should be done on an offline device including all communications thereafter.
Anything less than that, it should be considered third parties will have access to the communications.

 

Nice statement. But arguably OpenPGP is mostly used for software authentication (e.g., Debian etc) and not for email.

Also, OpenPGP-encrypted email leaks metadata, and lacks perfect forward secrecy (PFS). If an adversary gets your private key, by pwning your machine or backups, they can decrypt all messages encrypted with that key. Potentially going back years. So one should compartmentalize. That is, use multiple personas, each with their own keys. Each persona, its messages, and its keys should live in a dedicated machine. For most isolation, different hardware, with full-disk encryption.

And it's not just email clients and plugins that have security weaknesses. For backward compatibility, and pipeline integration with other apps, GnuPG returned at least partial plaintext from cyphertext that failed authentication. That defect wasn't enough to allow Efail attacks. Email clients also had to decode HTML, decrypt automatically, and merge multiple message parts (which allowed creation of embedded links that contained plaintext) and then follow those links to remote resources (and so sending the plaintext to the attacker). I gather that GnuPG will be fixing that. No authentication, no plaintext. That's gonna break some old stuff, but so it goes.

 

New PGP Encryption Exploits Are Being Discovered Almost Every Other Day

http://www.gizmodo.co.uk/2018/05/ne...-are-being-discovered-almost-every-other-day/

 

Whatever arguments arise of it this it's still good that researchers are analaysing pgp implementations.
Questions ought to be asked about those who do things like remove the ability to generate RSA keys larger than 4096 bit especially when experts like Bruce Schneier have already recommended using larger keys than that.
There is no good reason for doing that unless they are working for big brother.

 

What a bloody clown show

Anyone sane, if they care about security, does this. I mean, it's been my standard practice for over 20 years.

And this:

It's just plain stupid to decode HTML in email. Messages shouldn't be webpages. That's a security nightmare. And again, I've rejected HTML in email for over 20 years.

I suspect that these OpenPGP exploits would not work if you: 1) do not decode HTML, 2) do not fetch remote content, and 3) do not load embedded images. If an attacker has included some of your old cyphertext in the message, it will be decrypted, along with their cyphertext, if any. And so you'll see it. If it's unexpected, you can review the source. I checked a message with base64-encoded body, and didn't find anything there except for the text that Thunderbird displays.

But upon reflection, I get that some headers (e.g., References) are replicated in replies. And perhaps an attacker could embed some of your old cyphertext in a header, and it will be plaintext in that header of your reply. What's a good email client for explicitly manipulating headers?

Edit: Header Tools Lite plugin for Thunderbird

 

E-Mail Vulnerabilities and Disclosure

https://www.schneier.com/blog/archives/2018/06/e-mail_vulnerab.html

 

The passphrase is "abc", by the way

https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000421.html

 

Interesting. Slackware was updated with the patched version on June 8th.

 

Why PGP is fundamentally flawed and needs to be fixed
Encryption should be the go-to standard for securing communications, such as email.
Unfortunately, the user-facing technology that works with PGP is flawed. Jack Wallen explains.
June 28, 2018
https://www.techrepublic.com/article/why-pgp-is-fundamentally-flawed-and-needs-to-be-fixed/

 

Yeah, it's sad Even in ~technical discussions, people tend to assume that HTML rendering and fetching remote resources are the norm. Maybe that's true for those who don't care about privacy. But why for OpenPGP users?

 

Not the norm for me, my email client is locked down firewalled it can only connect to one ip address, the main email server. If an email tries to get remote content I'll know about it.

 

Over Dozen Popular Email Clients Found Vulnerable to Signature Spoofing Attacks
April 30, 2019
https://thehackernews.com/2019/04/email-signature-spoofing.html

“Johnny, you are fired!” – Spoofing OpenPGP and S/MIME Signatures in Emails (PDF - 441 KB): https://github.com/RUB-NDS/Johnny-You-Are-Fired/raw/master/paper/johnny-fired.pdf