[kwlug-disc] EFail: S/MIME & GPG
Mikalai Birukou
mb at 3nsoft.com
Mon May 14 11:13:57 EDT 2018
Random thoughts about efail.
1) Verbatim quote: "In its simplest form, an email is a text
message conforming to the Internet Message Format (IMF) [26]. As the
IMF lacks features that are required in the modern Internet, such as
the transmission of binary data ..."
Highlight "lacks features that are required in the modern Internet".
2) We have a mix of parsing contexts here: img tag with direct
replacement of base64-encoded cyphertext with a plain text.
3) Use of malleable encryption, especially in historical context. Quote:
" Malleability of these two encryption modes is well-known and has been
exploited in many attacks on network protocols like TLS, IPsec, or SSH
[14–25], but it has not been exploited in plaintext-recovery attacks on
email standards."
Reminds me Corry Doctorow's words at PI talk. Something like a rate of
independent bug rediscovery is 20% a year. APTs, anyone?
Nonetheless, cheer up.
On 2018-05-14 11:00 AM, Mikalai Birukou via kwlug-disc wrote:
> May be you've heard about efail paper:
> https://efail.de/efail-attack-paper.pdf
>
> Checkout Table 4, on page 11, to see if your setup is affected.
>
> Partial mitigation is to turn auto-decrypt. Messages can be decrypted,
> opened and viewed only when your detached from the net.
>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
More information about the kwlug-disc
mailing list