An Official Statement on New Claimed Vulnerabilities

BM-2cUkXeXVYt89UJmbSa7LPmNLTTA6K3XPUD
May 15 11:31 [raw]

https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html Over the last few hours, Werner, Andre, and I have been working on an official statement about the Efail paper. Without further ado, here it is. An Official Statement on New Claimed Vulnerabilities == ======== ========= == === ======= =============== by the GnuPG and Gpg4Win teams (This statement is only about the susceptibility of OpenPGP, GnuPG, and Gpg4Win. It does not cover S/MIME.) Recently some security researchers published a paper named "Efail: Breaking S/MIME and OpenPGP Encryption using Exfiltration Channels". The EFF has gone so far as to recommend immediately uninstalling Enigmail. We have three things to say, and then we're going to show you why we're right. 1. This paper is misnamed. 2. This attack targets buggy email clients. 3. The authors made a list of buggy email clients. In 1999 we realized OpenPGP's symmetric cipher mode (a variant of cipher feedback) had a weakness: in some cases an attacker could modify text. As Werner Koch, the founder of GnuPG, put it: "[Phil Zimmermann] and Jon Callas asked me to attend the AES conference in Rome to discuss problems with the CFB mode which were on the horizon. That discussion was in March 1999 and PGP and GnuPG implemented a first version [of our countermeasure] about a month later. According to GnuPG's NEWS file, [our countermeasure] went live in Summer 2000." The countermeasure Werner mentions is called a Modification Detection Code, or MDC. It's been a standard part of GnuPG for almost eighteen years. For almost all that time, any message which does not have an MDC attached has caused GnuPG to throw up big, clear, and obvious warning messages. They look something like this: gpg: encrypted with 256-bit ECDH key, ID 7F3B7ED4319BCCA8, created 2017-01-01 "Werner Koch <wk at gnupg.org>" [GNUPG:] BEGIN_DECRYPTION [GNUPG:] DECRYPTION_INFO 0 7 [GNUPG:] PLAINTEXT 62 1526109594 [GNUPG:] PLAINTEXT_LENGTH 69 There is more to life than increasing its speed. -- Mahatma Gandhi gpg: WARNING: message was not integrity protected [GNUPG:] DECRYPTION_FAILED [GNUPG:] END_DECRYPTION GnuPG also throws large warning messages if an MDC indicates a message has been modified. In both cases, if your email client respects this warning and does the right thing -- namely, not showing you the email -- then you are completely protected from the Efail attack, as it's just a modern spin on something we started defending against almost twenty years ago. If you're worried about the Efail attack, upgrade to the latest version of GnuPG and check with your email plugin vendor to see if they handle MDC errors correctly. Most do. You might be vulnerable if you're running an ancient version of GnuPG (the 1.0 series; the current is 2.2), or if your email plugin doesn't handle GnuPG's warning correctly. You might also have had some exposure in the past if back then you used a pre-2000 version of GnuPG, and/or an email plugin which didn't handle the warning correctly. We made three statements about the Efail attack at the beginning. We're going to repeat them here and give a little explanation. Now that we've explained the situation, we're confident you'll concur in our judgment. 1. This paper is misnamed. It's not an attack on OpenPGP. It's an attack on broken email clients that ignore GnuPG's warnings and do silly things after being warned. 2. This attack targets buggy email clients. Correct use of the MDC completely prevents this attack. GnuPG has had MDC support since the summer of 2000. 3. The authors made a list of buggy email clients. It's worth looking over their list of email clients (found at the very end) to see if yours is vulnerable. But be careful, because it may not be accurate -- for example, Mailpile says they're not vulnerable, but the paper indicates Mailpile has some susceptibility. The authors have done the community a good service by cataloguing buggy email email clients. We're grateful to them for that. We do wish, though, this thing had been handled with a little less hype. A whole lot of people got scared, and over very little.

[chan] general
BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r

Subject Last Count
New Win32 binary snapshot of pybitmessage available Jan 19 19:27 2
Hardware trojans... Jan 19 14:44 1
UK Column News - 18th January 2019 Jan 19 09:38 1
collection #1 --- super fat mega leak bit torrent is live -- join in ! 773 million Jan 19 01:30 6
AyrA still active? Jan 18 15:45 2
Call to murder Angela Merkel, Emmanuel Macron, Petro Poroshenko, Jens Stoltenberg etc. Jan 18 15:42 6
HAPPY NEW YEAR! Jan 18 09:51 15
http://dfilesus7ldn2ab6vitajolxrrf6ynx2fuskpx6bxamttpixvxzz7uqd.onion/uploads/tqMRZJXSOfE.jpg Jan 17 16:05 3
Collection #1 --- raidforums.com has todays mega leak , but not for free Jan 17 15:41 1
FUN Jan 17 14:47 1
Trigger Jan 17 14:17 1
Sex! Jan 17 10:47 11
torIRC server now active Jan 17 09:21 4
UK Column News - 16th January 2019 Jan 17 07:51 1
Suck my dickSuck my dickSuck my dickSuck my dickSuck my dickSuck my dickSuck my dickSuck my dickSuck my dickSuck my dickSuck my dickSuck my dickSuck my dickSuck my dickSuck my dickSuck my dickSuck my Jan 17 00:40 2
Suck my dick Jan 17 00:37 1
(no subject) Jan 17 00:34 2
UK Column News - 14th January 2019 Jan 16 07:34 4
http://dfilesus7ldn2ab6vitajolxrrf6ynx2fuskpx6bxamttpixvxzz7uqd.onion/uploads/Juergen.jpg Jan 15 14:43 1
Bush and Obama were flying over the bayous of Louisiana Jan 15 14:41 1
8F5020047DEF53F2C534685013A32555 Jan 15 13:51 1
How to dispose of the body? Jan 15 08:43 3
Join [chan] alt.anonymous.messages ! Jan 14 12:20 1
Newly Developed Tactical Weapon Jan 14 10:50 1
having some milk Jan 14 10:11 1
Newly Developed Tactical Weapon Jan 14 06:34 3
All this Markov spam -- require short addresses Jan 14 06:31 1
Huawei is a Chinese intelligence front Jan 13 19:27 2
Assange is a Kremlin agent and WikiLeaks is a pawn of Putin Jan 13 19:27 2
test Jan 13 16:56 4
qokeedy keeody dchor qolaiin odaiin tarar qokchey sheor Jan 13 14:10 1
CGAN down, any ideas? Jan 13 09:16 1
UK Column News - 11th January 2019 Jan 12 07:54 1
ULLL 2019 gross leaks index , all major leaks shared in here Jan 12 07:00 1
G0d @ _0rbit -- Doxxing-Adventskalender -- CDU SPD FDP LINKE -- Bundestag-Hackerangriff Jan 12 03:53 1
** hot shit 2019 ** g0d _orbit 6 GB leak about German politicians Jan 11 21:46 3
Hello onion world Jan 10 11:36 1
A girl’s first experience of being caned Jan 10 07:44 3
UK Column News - 9th January 2019 Jan 10 06:52 1
88 Jan 9 15:23 2
Any humans? Or is Bitmessage dead? Jan 9 14:40 5
Help. Jan 8 23:37 3
UK Column News - 7th January 2019 Jan 7 21:03 1
HAPPY NEW PENIS 420 Jan 6 23:26 1
HAPPY NEW PENIS 1036 Jan 6 23:26 1
HAPPY NEW PENIS 407 Jan 6 23:26 1
HAPPY NEW PENIS 1001 Jan 6 23:26 1
HAPPY NEW PENIS 1029 Jan 6 23:26 1
HAPPY NEW PENIS 405 Jan 6 23:26 1
HAPPY NEW PENIS 427 Jan 6 23:26 1
HAPPY NEW PENIS 412 Jan 6 23:26 1
HAPPY NEW PENIS 414 Jan 6 23:26 1
HAPPY NEW PENIS 519 Jan 6 23:26 1
HAPPY NEW PENIS 391 Jan 6 23:26 1
HAPPY NEW PENIS 399 Jan 6 23:26 1
HAPPY NEW PENIS 408 Jan 6 23:26 1
HAPPY NEW PENIS 1018 Jan 6 23:26 1
HAPPY NEW PENIS 393 Jan 6 23:26 1
HAPPY NEW PENIS 523 Jan 6 23:26 1
HAPPY NEW PENIS 396 Jan 6 23:26 1
HAPPY NEW PENIS 1011 Jan 6 23:26 1
HAPPY NEW PENIS 1013 Jan 6 23:26 1
HAPPY NEW PENIS 400 Jan 6 23:26 1
HAPPY NEW PENIS 1007 Jan 6 23:25 1
HAPPY NEW PENIS 1009 Jan 6 23:25 1
HAPPY NEW PENIS 1020 Jan 6 23:25 1
HAPPY NEW PENIS 1006 Jan 6 23:25 1
HAPPY NEW PENIS 1050 Jan 6 23:25 1
HAPPY NEW PENIS 1019 Jan 6 23:25 1
HAPPY NEW PENIS 395 Jan 6 23:25 1
HAPPY NEW PENIS 1010 Jan 6 23:25 1
HAPPY NEW PENIS 402 Jan 6 23:25 1
HAPPY NEW PENIS 419 Jan 6 23:25 1
HAPPY NEW PENIS 1000 Jan 6 23:25 1
HAPPY NEW PENIS 539 Jan 6 23:25 1
HAPPY NEW PENIS 390 Jan 6 23:25 1
HAPPY NEW PENIS 1002 Jan 6 23:25 1
HAPPY NEW PENIS 1005 Jan 6 23:25 1
HAPPY NEW PENIS 487 Jan 6 23:25 1
HAPPY NEW PENIS 1014 Jan 6 23:25 1
HAPPY NEW PENIS 1003 Jan 6 23:25 1
HAPPY NEW PENIS 404 Jan 6 23:25 1
HAPPY NEW PENIS 387 Jan 6 23:15 1
HAPPY NEW PENIS 1015 Jan 6 23:15 1
HAPPY NEW PENIS 411 Jan 6 23:15 1
HAPPY NEW PENIS 398 Jan 6 23:15 1
HAPPY NEW PENIS 538 Jan 6 23:15 1
HAPPY NEW PENIS 401 Jan 6 23:15 1
HAPPY NEW PENIS 389 Jan 6 23:15 1
HAPPY NEW PENIS 406 Jan 6 23:15 1
HAPPY NEW PENIS 385 Jan 6 23:15 1
HAPPY NEW PENIS 47 Jan 6 23:10 1
HAPPY NEW PENIS 52 Jan 6 23:10 1
HAPPY NEW PENIS 161 Jan 6 23:10 1
HAPPY NEW PENIS 137 Jan 6 23:10 1
HAPPY NEW PENIS 218 Jan 6 23:10 1
HAPPY NEW PENIS 1061 Jan 6 23:07 1
HAPPY NEW PENIS 1034 Jan 6 23:07 1
HAPPY NEW PENIS 1039 Jan 6 23:07 1
HAPPY NEW PENIS 1033 Jan 6 23:07 1