An Official Statement on New Claimed Vulnerabilities

BM-2cUkXeXVYt89UJmbSa7LPmNLTTA6K3XPUD
May 15 11:31 [raw]

https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html Over the last few hours, Werner, Andre, and I have been working on an official statement about the Efail paper. Without further ado, here it is. An Official Statement on New Claimed Vulnerabilities == ======== ========= == === ======= =============== by the GnuPG and Gpg4Win teams (This statement is only about the susceptibility of OpenPGP, GnuPG, and Gpg4Win. It does not cover S/MIME.) Recently some security researchers published a paper named "Efail: Breaking S/MIME and OpenPGP Encryption using Exfiltration Channels". The EFF has gone so far as to recommend immediately uninstalling Enigmail. We have three things to say, and then we're going to show you why we're right. 1. This paper is misnamed. 2. This attack targets buggy email clients. 3. The authors made a list of buggy email clients. In 1999 we realized OpenPGP's symmetric cipher mode (a variant of cipher feedback) had a weakness: in some cases an attacker could modify text. As Werner Koch, the founder of GnuPG, put it: "[Phil Zimmermann] and Jon Callas asked me to attend the AES conference in Rome to discuss problems with the CFB mode which were on the horizon. That discussion was in March 1999 and PGP and GnuPG implemented a first version [of our countermeasure] about a month later. According to GnuPG's NEWS file, [our countermeasure] went live in Summer 2000." The countermeasure Werner mentions is called a Modification Detection Code, or MDC. It's been a standard part of GnuPG for almost eighteen years. For almost all that time, any message which does not have an MDC attached has caused GnuPG to throw up big, clear, and obvious warning messages. They look something like this: gpg: encrypted with 256-bit ECDH key, ID 7F3B7ED4319BCCA8, created 2017-01-01 "Werner Koch <wk at gnupg.org>" [GNUPG:] BEGIN_DECRYPTION [GNUPG:] DECRYPTION_INFO 0 7 [GNUPG:] PLAINTEXT 62 1526109594 [GNUPG:] PLAINTEXT_LENGTH 69 There is more to life than increasing its speed. -- Mahatma Gandhi gpg: WARNING: message was not integrity protected [GNUPG:] DECRYPTION_FAILED [GNUPG:] END_DECRYPTION GnuPG also throws large warning messages if an MDC indicates a message has been modified. In both cases, if your email client respects this warning and does the right thing -- namely, not showing you the email -- then you are completely protected from the Efail attack, as it's just a modern spin on something we started defending against almost twenty years ago. If you're worried about the Efail attack, upgrade to the latest version of GnuPG and check with your email plugin vendor to see if they handle MDC errors correctly. Most do. You might be vulnerable if you're running an ancient version of GnuPG (the 1.0 series; the current is 2.2), or if your email plugin doesn't handle GnuPG's warning correctly. You might also have had some exposure in the past if back then you used a pre-2000 version of GnuPG, and/or an email plugin which didn't handle the warning correctly. We made three statements about the Efail attack at the beginning. We're going to repeat them here and give a little explanation. Now that we've explained the situation, we're confident you'll concur in our judgment. 1. This paper is misnamed. It's not an attack on OpenPGP. It's an attack on broken email clients that ignore GnuPG's warnings and do silly things after being warned. 2. This attack targets buggy email clients. Correct use of the MDC completely prevents this attack. GnuPG has had MDC support since the summer of 2000. 3. The authors made a list of buggy email clients. It's worth looking over their list of email clients (found at the very end) to see if yours is vulnerable. But be careful, because it may not be accurate -- for example, Mailpile says they're not vulnerable, but the paper indicates Mailpile has some susceptibility. The authors have done the community a good service by cataloguing buggy email email clients. We're grateful to them for that. We do wish, though, this thing had been handled with a little less hype. A whole lot of people got scared, and over very little.

[chan] general
BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r

Subject Last Count
324C5D3C4C991E69B7E643A5ADBEFEAF May 21 14:58 1
Linux ebooks (unsorted) May 21 11:52 9
Share May 21 11:35 1
Little White Panties May 21 10:13 1
break this too May 21 10:04 2
break this May 21 10:03 2
Why We should not Troll or Insult Others May 21 09:57 2
NSA doesn't joke, folks May 21 09:49 37
NSA - the big, mean bogie man May 21 09:24 4
quam me impii nudus conportabis May 21 09:14 2
disperdam similis invitat incenso in abscondito sociis May 21 09:12 2
yyy May 21 09:00 1
Coded messages May 21 08:16 3
CFD823A85B2F83276EBD0A0E35466B27 May 20 19:06 1
68ED4104F3436B0060E3E85CD2622892 May 20 16:13 1
Vol. 53 No.5, November 1954 Research Paper 2547 May 20 08:47 1
How to create a "send only" bitmessage address May 20 06:34 1
62F9B07E32321937744CA454CA0A7881 May 20 00:45 1
Join [chan] alt.anonymous.messages ! May 20 00:22 22
C1D0B36D1E8F4FDAC64408A76150CC50 May 19 21:52 1
/join #bitmessage on eris.us.ircnet.net :6667 May 19 21:45 1
B35B71FB7BA16303E33B9A63B27F22C7 May 19 17:16 1
💚 Better Than Abortion on Demand: Grilled Fetus on De Man 💚 May 19 16:58 2
qqqq May 19 12:12 4
OTR interception May 19 11:56 29
(no subject) May 19 07:36 6
antivirus could be the ultimate cyberespionage spying tool May 19 07:28 2
NATO-Russia: Setting the Record Straight May 19 07:21 3
Dan Carlin's Hardcore History Podcast May 19 02:45 2
https://www.blackhat.com/docs/us-16/materials/us-16-Ermishkin-Viral-Video-Exploiting-Ssrf-In-Video-Converters.pdf May 19 01:06 4
Grand Master May 19 00:06 1
06d7e73f9e8d66df93cce053475d70da0201b0d3f3cee088cdf879bf May 18 21:36 1
FA8D62DC6E3669C4E6EC8FFA487CDC2C May 18 20:53 1
A Brief Introduction to Holocaust Revisionism May 18 20:13 4
DARKNET DIRECTORY ASSISTANCE May 18 20:04 5
anytime May 18 19:43 3
D9114DA87E23C13616FCCA05ECB24F33 May 18 19:28 1
3EBD07196301F6C66F24DC57B6217B2C May 18 14:09 1
UK Column News - 17th May 2018 May 18 11:33 5
May 18 10:18 2
200 years Karl Marx May 18 10:18 15
2018 : Der junge Karl Marx -- youtube.com/watch?v=AbM76KUm4IM -- 2 hours "Le Jeune Karl Marx" May 18 10:18 2
EFAIL?! OTR safe ? May 17 14:30 4
EFAIL?! May 17 13:54 6
bitmessage tor hidden service May 17 11:10 3
Re: NSA doesn't joke, folks May 17 10:24 7
Poland finds other body parts in coffin of president killed in 2010 crash May 17 08:20 4
New Evidence Shows Russia Played a Role in Plane Crash That Killed Poland’s Top Brass May 17 08:12 2
36B3BE21C26DB681F5449ECB764715FD May 17 07:31 1
May 17 07:00 1
Good evening, fellow Pascalians, looking for help. May 16 21:12 4
[chan] gaslighter <BM-2cWGB2RsRNwLVm8CRoskUKdMgiD1eEy4o8> May 16 20:58 1
Curious May 16 19:33 2
D7DE8B416982CE92936A439AC3A6CAE1 May 16 19:28 7
unspecified vulnerability in GPG May 16 13:36 1
To NSA fuckers running quzwelsuziwqgpt2.onion:8444 May 16 08:16 3
Introducing DreamLab May 16 08:06 2
Python ebooks (just copy pasting from elsewhere) May 16 08:00 1
UK Column News - 15th May 2018 May 16 07:50 2
unspecified vulnerability in GPG May 16 00:29 7
This shit world May 16 00:17 15
nothing wrong with suicide these days May 16 00:17 14
Pascal on the rise May 15 18:23 4
Help solve this problem May 15 18:16 7
The ruler May 15 18:02 2
Star Wars May 15 17:46 4
The FORCE behind ALL ad spam May 15 16:46 2
I'm sorry May 15 11:37 9
Fortnite May 15 11:31 3
An Official Statement on New Claimed Vulnerabilities May 15 11:31 1
ascii goatse May 15 09:33 1
I finally found time to take a closer look at the encryption algorithm May 15 08:40 3
Latest chans? May 14 23:26 4
CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer May 14 23:26 2
A small number of exits gives you a better anonymity set May 14 23:26 2
How to Make TNT May 14 23:26 8
7B18C5AC8AB8D962FA291C94CCB0050A May 14 18:48 1
Tor Browser is not fully compatible with Windows 10 May 14 16:38 1
SPOUSE PHONE May 14 14:58 2
N.S.A. May Have Hit Internet Companies May 14 14:13 1
In need of muliplatform commandline file encryption tool May 14 11:10 64
Answer this question. May 14 10:51 6
Good jokes May 14 10:22 7
Truth about Islam May 14 08:28 1
hmm.. May 14 08:04 5
B226F79602253B5037FD5874C46D156C May 14 07:36 1
COOL May 14 06:55 5
phagg maison May 14 06:55 2
UK Column News - 9th May 2018 May 14 05:40 3
AEDC0EA4906518F90FACCB1697108202 May 13 16:56 1
C9C0239619655A566540017148A4DCB1 May 13 12:17 1
VDCM May 13 07:32 1
Mr. Know-it-all Smarty Pants May 13 07:26 2
4 May 13 06:36 1
2 May 13 06:35 1
3 May 13 06:35 1
1 May 13 06:31 1
Alternative Bitmessage Chans May 13 06:06 1
D3AA5A04499B17C98A200A7A731CA002 May 12 19:45 1
Julia Kristeva - collaboration with the Communist Regime in Bulgaria May 12 17:15 2