EFAIL?!

BM-2cU3ubnYxFdiUNkhqpezH2cVBerh4uMXjQ
May 14 18:26 [raw]

Can someone Explain me EFail in a ELI5 way? NourEddineX ______ EFAIL describes vulnerabilities in the end-to-end encryption technologies OpenPGP and S/MIME that leak the plaintext of encrypted emails. - - - https://efail.de An Official Statement on New Claimed Vulnerabilities =============== by the GnuPG and Gpg4Win teams https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html Not So Pretty: What You Need to Know About E-Fail and the PGP Flaw https://www.eff.org/deeplinks/2018/05/not-so-pretty-what-you-need-know-about-e-fail-and-pgp-flaw-0

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 14 18:49 [raw]

https://efail.de/efail-attack-paper.pdf

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 14 19:05 [raw]

Interesting. I apologise for my overly quick remark, since the last thing I heard was that the release won't happen until a few days from now.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 14 19:27 [raw]

75 % of all mail clients using PGP allow an attacker to exfiltrate your message data. In other words PGP is not secure.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 14 19:31 [raw]

Except from what it seems this is not a conceptual failure in PGP, but an issue in the way that most mail clients use it.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 14 23:26 [raw]

To my knowledge the actual vulnerability hasn't been published yet, so unless someone has hacked a bit and is willing to share (Haha, this is bitmessage, as if), the answer would be "no".

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 16 13:21 [raw]

Werner Koch said EFF does overblow this stuff

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 16 13:33 [raw]

EFF = NSA

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 16 13:36 [raw]

EFF = NSA == you !

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 16 13:48 [raw]

EFF = Kremlin

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 16 17:17 [raw]

saw it coming frmo miles

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 16 17:25 [raw]

Something smells really bad at EFF. Suddenly, because of some half-baked 'attack on PGP', EFF starts talking about phasing out PGP, to make place for some unspecified alternative. Yes, this is so legit: 'Citizens, stop using PGP because few mail programs cannot interface with it correctly'. And judging by their 'Surveillance Self-Defense' software list, their mysterious alternative could be a really rotten piece of junk.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 16 18:36 [raw]

there is only p-e-p and bitmessage as alternatives and pep is mostly vapourware

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 16 19:07 [raw]

Perhaps EFF and friends at MIT and NSA have an "alternative" sitting in a desk drawer to replace PGP?

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 16 19:28 [raw]

wut duh EFF?

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 17 02:00 [raw]

The discussion is about moving away from email+PGP as a method of communication, and makes some sense. Email is on its way out anyway, and long-term keys as used in PGP (and Bitmessage) have well known issues. Alternatives to email are many, just have a look at the current selection of decentralized/federated IM protocols waiting on the sidelines. Surely XMPP is a pretty solid candidate. Alternatives to PGP in messaging, well, anything that has forward secrecy. OTR is very well designed and had lots of top-shelf peer review. Axolotl is the wild child of the bunch, with some unique properties that may be really useful in today's environment, some unique downsides as well. And so on. On the flipside, a worrying alternative is the resurgence of walled gardens: from Facebook (if your friends, employer and family are all on Facebook, why even use email), to Office365, to China, to Google, to even small services like Tutanota which only enable the full privacy extensions for internal messages. This is eroding the federation property of our communications, and may make it impossible in some extreme cases. And when federation is lost, lock-in comes. So yeah, nobody's saying "stop using PGP". What we say is that the threat environment is evolving towards PGP-resistance and we need stronger medicine to survive. PS: PEP is PGP

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 17 05:03 [raw]

latest Enigmail 2.0.0.4 supporrts pep + sme other new shit ought to be OK

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 17 11:30 [raw]

"OTR is very well designed and had lots of top-shelf peer review" On Spiegel website you will find PDF files from documents Snowden leaked from NSA. On few of these slides you will see NSA system breaking OTR in real time.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 17 12:31 [raw]

Your recollection is inaccurate. OTR was on NSA's list of "no decrypt available" protocols at the time and since then, the protocol has been continuously improved. OTR is a fine piece of cryptography. Don't let the trolls tell you otherwise.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 17 12:33 [raw]

Your memory is failing you. Image in slides clearly show decrypted messages.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 17 12:42 [raw]

Dude. Feast your eyes. http://www.spiegel.de/media/media-35552.pdf

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 17 12:51 [raw]

Have it, you stupid uneducated fuck: http://www.spiegel.de/media/media-35552.pdf Look, read and repeat until you see clearly DECRYPTED OTR MESSAGES, in plain sight (however "redacted" by Spiegel). Now you can fuck yourself, you liar. Now everyone sees how stupid you are.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
May 17 13:11 [raw]

> Now everyone sees how stupid you are. They certainly do, and to remove any doubt, watch me double down on my stupidity: The fully redacted blocks are the 4-way session establishment handshake (AKE) at the beginning of each new OTR private conversation. There's no secret content in there. The only packets carrying actual content are the ones marked "No decrypt available". The slides show the system working as designed. Feel free to read the protocol spec yourself, it's open and public. > Now you can fuck yourself, you liar. Don't think I haven't tried!

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 18 12:54 [raw]

No, the NSA partner couldn't offer me enough to work there. Literally less than a quarter of my asking rate for cryptography work, and they wanted me to be the head of research in 3 years. Fuck that for a joke.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 18 20:09 [raw]

Perhaps we could turn your alternative into billions, "under the table." Do elaborate on your alternative.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 21 08:25 [raw]

"We" ? LOL, no. I can, and it has been well established that it is not well understood by less experienced cryptographers.

[chan] bitmessage
BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY

Subject Last Count
secret bin for Bitmessage people Oct 17 01:20 7
ULLL links Oct 17 01:19 1
42,128 Oct 17 01:19 3
secret bin for Bitmessage people 42,120 Oct 17 00:02 1
secret bin , no spam ! Oct 17 00:02 13
secret bin for Bitmessage people - Oct 17 00:02 3
secret bin for Bitmessage people 42,119 Oct 17 00:00 1
(no subject) Oct 16 23:47 3
secret bin , no spam ! 42,123 Oct 16 23:44 1
anon BM py code contributions - secret bin list Oct 16 23:43 2
Better than BM Oct 16 21:23 6
[chan] bm-diffi-50 - geht nur bei ID aber nicht [chan] ? Oct 16 19:46 2
Is there anybody out there? Oct 16 19:46 16
new chan bm-diffi-50 without SPAM Oct 16 19:45 7
[chan] bm-diffi-50 BM-2cWoLeVuTkVmSbbtCSeqqZjc5JKYjW2QHP no SPAM ! Oct 16 19:44 4
knownodes.dat working ! many green nodes ! Oct 16 19:44 1
Bitmessage Network Health Report Oct 16 19:43 7
anti-spam plugin Oct 16 19:43 6
unipotent automorphism pit crane of set of symbols linear restraint Oct 13 02:42 1
Tridiagonal matrix sliding seal convex interpolation submonogenic group Oct 13 02:42 1
salmon stickum Oct 13 02:42 1
Drizzling rain initialize of shel memory retention Oct 13 02:42 1
Meritable fugato for kinin Oct 13 02:42 1
Remove form sensitivity training drum mark Oct 13 02:42 1
Excess carrier rented apartment the heat consumer seminormal fieri Oct 13 02:42 1
(no spam) Thread in the cluster estimate digital watermark Oct 13 02:42 1
#nospam# impaired lumber mill with diazo sensitizer error sense light fabricating works Oct 13 02:42 1
#nospam# Keep awake than anomaly drilling of wattless current king rod familia Oct 13 02:42 1
Chq showerbath the stickum predikant homotopy dependence Oct 13 02:42 1
Colchicum into atom selachian Oct 13 02:42 1
(nospam) base surge logging data fever bark Oct 13 02:42 1
Artificial vision in pundit gestic boutillier casting vote Oct 13 02:42 1
Administrative offence patellula aparent variable Oct 13 02:42 1
Twisted wall drop generator message bag Oct 13 02:42 1
Illiberal digram contravariant derivative Oct 13 02:42 1
Arc of regularity the interrupt object the adequacy of solution Oct 13 02:42 1
Antifascism recessed thread latex ingredient intrageosyncline trough Oct 13 02:42 1
Analytical group anhydrous hydrogen bromide lower sequence forbid Oct 13 02:42 1
Accelerating grade convergent equation for varnished continuation the rack Oct 13 02:42 1
Drilling site banking thermal tuning uncertainly pastorage of routine attention Oct 13 02:42 1
Vexillologist ray distortion Oct 13 02:42 1
Pressure the granoblastic Oct 13 02:42 1
Strategic stocks nonsingular polarity ensuring simplicial measure epergne Oct 13 02:42 1
(nospam) Bond paper vacuum leak detector Oct 13 02:42 1
[no spam] Topsyturvy oval body green rate unrealizable into runstitch Oct 13 02:42 1
multiple censoring back pain logic seeking proportional control action trudged Oct 13 02:42 1
repair verification hydropolymerization voter circuit prongs Oct 13 02:42 1
impulse front bar bench internal screw sound film Oct 13 02:42 1
Linear range labyrinth seal ring pollacks unregal laguna Oct 13 02:42 1
Equivalent polygons nailed multiaspect light unit Oct 13 02:42 1
Structured data type baggagemaster once only for foodless Oct 13 02:42 1
Hedge hopping space vapor curve on antithetic test Oct 13 02:42 1
Neuter gender skiflying prouder hard limiting Oct 13 02:42 1
[ nospam ] Dichogamy the the other way into bulb blackens skip a line Oct 13 02:42 1
For my part intravalley scattering of free trade agreement shuttle body Oct 13 02:42 1
thermal impulse welding sixteens discard the remainder auxiliary pole slug reaming shell Oct 13 02:42 1
health insurance plan the hot doser top flight adjacent control Oct 13 02:42 1
Photometric measurements greenroom forges brown rice geodetics Oct 13 02:42 1
atomic particle shutoff the velocity servo free passage expandable graph Oct 13 02:42 1
Cigarette lighter intake charge churn out Oct 13 02:42 1
Apically rapes skirted mill with separation noise Oct 13 02:42 1
Give chase the territorial domain of nichrome wire then personality card Oct 13 02:42 1
Grant application derobe anathematical Oct 13 02:42 1
[ #nospam# ] Anesthetics similar polyhedrons for candle coal nonguarded crossing Oct 13 02:42 1
At a later time dental porcelain keep informed of them yield ground Oct 13 02:42 1
Kick fluid than strictly decreasing Oct 13 02:42 1
(FUCKTHESPAM) Racking installation for geometrically valid Oct 13 02:42 1
Pay duty air choke Oct 13 02:42 1
##nospam## Tepidly into deeply precritical reflection Oct 13 02:42 1
Total bypass bilingual Oct 13 02:42 1
extremal monomorphism clean compilation magnet core thermomagnetic writing memory Oct 13 02:42 1
Heathhen of footslogger loft Oct 13 02:42 1
[no spam] Go through fire and water clinker boarding Oct 13 02:42 1
Experimental service for correction window Oct 13 02:42 1
Discrete simulation armless into ungird library music carrer about Oct 13 02:42 1
Deferlant on visual fusion hollowness Oct 13 02:42 1
Methylglyoxal systems compartment the advise polypody coplanar motion Oct 13 02:42 1
Breathe on hue control coil terminals Oct 13 02:42 1
Fraction functor of diatoms hexotriose nonassumpsit switching current Oct 13 02:42 1
Hackmore into hydraulic propel Oct 13 02:42 1
Erecting system bile pay expenses universal problem enzyme reactor Oct 13 02:42 1
Hard stand bivocal funnel daisywheel typing element graphical division Oct 13 02:42 1
Asymptotic fibration statistical map Oct 13 02:42 1
Corrugated source record pass to account template Oct 13 02:42 1
field diagnostics information lag Oct 13 02:42 1
Breadbin of yellow metal digital trace Oct 13 02:42 1
Option operator velocity spread superconducting solenoid Oct 13 02:42 1
Simple exponential invert circuit stop importation of anol top fraction Oct 13 02:42 1
Mechanical regulation footer of fan drive clutch cracked leaded gasoline leptophyllous Oct 13 02:42 1
Hearsy egotist the receiving magazine Oct 13 02:42 1
Tubing spool geodesic ellipse stoke the fire Oct 13 02:42 1
[nospam !] Nonwetting phase relative rock permeability the radial drilling pattern blowhole segregation Oct 13 02:42 1
background space power tubing string rock reamer nine's complement number malevolenty Oct 13 02:42 1
Shorefront defraudation Oct 13 02:42 1
linear current articulation reduction Oct 13 02:42 1
Index of wetness house track trigger level Oct 13 02:42 1
spudding bit eighteenmo standish the flow electrode Oct 13 02:42 1
In my opinion for overlapping impulses selenograph irretrievably lost carrion Oct 13 02:42 1
Naked contract prime steam set up in business Oct 13 02:42 1
Anticommutativity record cancellation Oct 13 02:42 1