OpenPGP broken, EFF recommends abandoning it

How retard. The problem is people parsing complex HTML with 20+mio LOC web engines, of course there are vulnerabilities. Maybe they should execute JS too to have apps in mails??

Signal as been honeypot since the beginning (notably because the went full retard/being very aggressive because of libre signal).

It's not GPG or PGP that is broken it's email clients and not all of them are affected.
It's clearly explained here in the papers:
efail.de/
Archive to avoid cloudflare tor block
web.archive.org/web/20180514100313/https://efail.de/
It's a bit more than a HTML flaw but it can be mitigated via deactivating HTML email creation and HTML rendering. To be honest it was always bloat.
For those who are wondering who added HTML in emails long ago it was Microsoft in their Outlook "solution". For the sysadmins of that time you will remember the nightmare that it was for filtering these pieces of trash that nobody asked for.

I was already suspicious because of some their posts but now the EFF is to be attentively observed and dissected for the months to come.

That picture captures my reaction to this thread as well.

Who cares really ? Be a proud goyim. Stop using PGP.

That's just clickbait from the EFF also it's pretty old news by now. The vulnerability, efail, is related to the plugins which decrypt PGP encrypted messages and clients rendering html mails, but not PGP itself. Additionally, this attack requires the attacker to be able to MITM AND capture the email he wishes to capture. In addition to this, when the user would open this email, it would be apparent something had happened because the whole message would be empty.

Looks like emacs isn't vulnerable. Here're some quotes from RMS following efail. If you allow a mail user agent to render HTML for you, you exposeyourself to various kinds of surveillance and swindles. Now, it seems,one of those might be a decryption exploit.Referring to any external elements from HTML in an emailexposes the user to various forms of mistreatment.Security in an MUA includes protecting the user from all that. > > (And private/secret correspondence shouldn't include such external > > references in the first place, IMHO.) > Sadly, most people don't care enough.It's often not "people". Many companies systematically use thissecurity hole to track users. I am very glad that nobody cantell whether I have read a message -- because I do it in Emacs.>>916238
What is a flaw you see with it? There's not much wrong with PGP minus not having forward security (which is hard to pull of in something like email in which you might not be able to afford to send multiple messages between the receiver and yourself).
Also shame on you for just copy pasting a news article for a thread. You should provide your own commentary about the topic since most everyone has seen it by now. You didn't even name the vulnerability by name, nor did you link to it's site explaining itself.

You should kill yourself immediately for that utter lie of a subject line, you useless turd.

Just use GPG they said. You don't need LUKS or any other kind of encryption they said.

If you can't discover a decent vanity trip, you shouldn't be tripfagging OP!
Here's a bitNickel, kid. Buy yourself a better tripcode.

LUKS? How is it related to email/text encryption?

GPG and OpenPGP are fine. It's clients that are leaking that shit though HTML referrals.

Just accept that internet is insecure. Face-to-face communication is the only option.

Mhm. Who said that?

Face-to-face communication isn't secure, either. Eavesdroppers, regular mics, laser mics, tiny NSA agents hiding in your ear canal.

Shut the fuck up, this only applies to nigger clients like Thunderbird. There is no vulnerability if you just use a plain implementation like GnuPG. I could barely read this stupid web page, I'm fucking sick of hearing about new vulnerabilities with a full marketing campaign behind them, which time and time again are nothing new. The only reason I read this is because i'm interested in making/breaking PGP. This is your typical attack on webshit. Webshit (including Email, which is just webshit on a slightly different protocol) is an entire misconception in itself, and is always implemented by people who have no clue about anything.

Wow, it's like it's fucking nothing.

Attached: 2e42b7dcdf903e9a689d2c28f72599a9ab2354b01c0aa63479cf09bfe546f9c4.png (270x400, 147.86K)

I use GNUMail.

All you faggots said GNUSTEP looked "bad", who's laughing now?

Still us. GNUFail isn't the only email client that's not vulnerable to this attack.

Encryption noob here, can someone explain why this is?, somehow having the copy of a single encrypted mail means you can decrypt any other mail encrypted with the same key?, without the private key???, what??.

This poor level of discourse is the standard in the imageboards. It's botnet this and botnet that and if you ever question people's opinions/conjecture/narrative that are not matters of fact, they'll accuse you of being a shill of some kind. It's quite annoying.

Wait, I'm confused. Why do they say this?
eff.org/deeplinks/2018/05/pgp-and-efail-frequently-asked-questions#html

>Is disabling HTML sufficient?

I'm confused. Does this mean even if you don't send an html email, that the contents of the mail could still be decrypted by the person receiving your email if they have a shitty client?

Nevermind, I misinterpreted.

This is false. Imagine how easy it would be break. Just guess when someone sent a message containing "Hello" and then boom you can decrypt all their messages. It just doesn't work that way.

This isn't your gender studies seminar, go back to Tumblr.

This was never about sending an html email. The attacker MITM the message and modify it by adding an html into it.

because the email client is written by retarded niggers who basically copy and paste code everywhere.

Why do you need encryption if you have nothing to hide?

who said that

So what? Most email clients don't render html by default.

terrible advice by EFF

what did you expect from a tripfag

all part of the conspiracy to discredit PGP and ensure it doesn't ever catch on, because it hasn't been compromised and has no built-in backdoor.

Except outputting decrypted ciphertext that failed the authenticity check.
It's ok though because gpg printed a warning to stderr :^)

OMG im so sorry!
I didnt realize this might have been html-only. theres some parts of it that still raise some concern like but it sounds like it mostly was FUD basically.
Im a baka -_-

the real question now, assuming everyone in this thread is right, is what's going on at the EFF? Normally they're fairly accurate about stuff, so how did they get this so wrong??

Attached: tumblr_n58yznzf2z1tobs6to1_500.gif (500x482, 195.22K)

ayy lmao what the fuck

tehy r whamen
eff.org/about/staff

...

this means the EFF is scaremongering.
Do not send HTML emails and everything is fine.

If you simply turn off viewing HTML inside of the email, and instead change the setting to view the html email in plaintext, then your fine, but the next person you send it to may not have it turned off and will still get fucked.

So the moral of the story is don't send the fucking HTML email in the firstplace, just use plaintext.

The way this seems to be is this:
-Kike A sends trojan email to Goy B.
-Goy B is smart and disables html viewing so does not get fucked and dump his keys when the email is decrypted and his client fucks him.
-Goy B then forwards the email to his Goy buddies C, D, and E.
-C D and E do not have html viewing disabled, so they all get fucked.

actually reading it your private keys are never dumped. only the content of the message is leaked, and an attacker still needs to have the encrypted message.
-Kike A captures cipher email from Goy B.
-Kike A adds this html cancer to the email, and includes the original ciphertext, and sends it to Goy B, the original ciphertext is still not decrypted.
-Goy B opens the email, and the stupid client decryptes the modified message, then decrypts the original message that Kike A captures too, and then the html cancer sends the decrypted message back to him.

Attached: husbandissaying_4.jpg (1280x720, 58.72K)

you don't even need real MITM, if you have access to a server you can just copy the messages off to get the ciphertexts and start exploiting people. MITM usually means actually setting up a live wiretap on someone or on a router

no. there's northing that raises any concern. the website is pure clickbait like most "security research". even before naming vulns was a fad, disclosures were still mostly clickbait just it took a higher level of intellegence to be baited

yeah that can probably happen if Kike A added payloads specifically made for C, D, and E, however this is not an issue. this is C, D, and E's faults for using a retarded email client with a web browser built in

no, neither of those are in use here. the retarded email client goes to malicious-server.com/hello%20anon%0di%20have%20a%20secret%0di%20am%20gay
fixed

...

Efail press release
lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html

Robert J. Hansen rjh at sixdemonbag.org
Mon May 14 14:27:44 CEST 2018
Over the last few hours, Werner, Andre, and I have been working on anofficial statement about the Efail paper. Without further ado, here it is.An Official Statement on New Claimed Vulnerabilities== ======== ========= == === ======= ===============by the GnuPG and Gpg4Win teams(This statement is only about the susceptibility of OpenPGP, GnuPG, andGpg4Win. It does not cover S/MIME.)Recently some security researchers published a paper named "Efail:Breaking S/MIME and OpenPGP Encryption using Exfiltration Channels".The EFF has gone so far as to recommend immediately uninstallingEnigmail. We have three things to say, and then we're going to show youwhy we're right.1. This paper is misnamed.2. This attack targets buggy email clients.3. The authors made a list of buggy email clients.In 1999 we realized OpenPGP's symmetric cipher mode (a variant of cipherfeedback) had a weakness: in some cases an attacker could modify text.As Werner Koch, the founder of GnuPG, put it: "[Phil Zimmermann] and JonCallas asked me to attend the AES conference in Rome to discuss problemswith the CFB mode which were on the horizon. That discussion was inMarch 1999 and PGP and GnuPG implemented a first version [of ourcountermeasure] about a month later. According to GnuPG's NEWS file,[our countermeasure] went live in Summer 2000."The countermeasure Werner mentions is called a Modification DetectionCode, or MDC. It's been a standard part of GnuPG for almost eighteenyears. For almost all that time, any message which does not have an MDCattached has caused GnuPG to throw up big, clear, and obvious warningmessages. They look something like this: gpg: encrypted with 256-bit ECDH key, ID 7F3B7ED4319BCCA8, created2017-01-01 "Werner Koch " [GNUPG:] BEGIN_DECRYPTION [GNUPG:] DECRYPTION_INFO 0 7 [GNUPG:] PLAINTEXT 62 1526109594 [GNUPG:] PLAINTEXT_LENGTH 69 There is more to life than increasing its speed. -- Mahatma Gandhi gpg: WARNING: message was not integrity protected [GNUPG:] DECRYPTION_FAILED [GNUPG:] END_DECRYPTIONGnuPG also throws large warning messages if an MDC indicates a messagehas been modified. In both cases, if your email client respects thiswarning and does the right thing -- namely, not showing you the email --then you are completely protected from the Efail attack, as it's just amodern spin on something we started defending against almost twentyyears ago.If you're worried about the Efail attack, upgrade to the latest versionof GnuPG and check with your email plugin vendor to see if they handleMDC errors correctly. Most do.You might be vulnerable if you're running an ancient version of GnuPG(the 1.0 series; the current is 2.2), or if your email plugin doesn'thandle GnuPG's warning correctly. You might also have had some exposurein the past if back then you used a pre-2000 version of GnuPG, and/or anemail plugin which didn't handle the warning correctly.We made three statements about the Efail attack at the beginning. We'regoing to repeat them here and give a little explanation. Now that we'veexplained the situation, we're confident you'll concur in our judgment.1. This paper is misnamed. It's not an attack on OpenPGP. It's anattack on broken email clients that ignore GnuPG's warnings and do sillythings after being warned.2. This attack targets buggy email clients. Correct use of the MDCcompletely prevents this attack. GnuPG has had MDC support since thesummer of 2000.3. The authors made a list of buggy email clients. It's worth lookingover their list of email clients (found at the very end) to see if yoursis vulnerable. But be careful, because it may not be accurate -- forexample, Mailpile says they're not vulnerable, but the paper indicatesMailpile has some susceptibility.The authors have done the community a good service by cataloguing buggyemail email clients. We're grateful to them for that. We do wish,though, this thing had been handled with a little less hype. A wholelot of people got scared, and over very little.

tl;dr: This should be called EFFail, not Efail. Don't render html mail, and you should be fine. Also read the gnupg-users thread from lists.gnupg.org/pipermail/gnupg-users/2018-May/date.html#60316 and onwards.

Attached: logo-gnupg-light-purple-bg.png (356x120, 11.09K)

tripfags should commit suicide as soon as possible

Also fuck the EFF for telling people to stop using PGP untill we can figure out what's going on. Like Mark H. Wood wrote[1]

I think they're wrong. MDC shouldn't apply in any way to the first attack vector listed on efail.de ("Direct Exfiltration").

They've been shilling for Signal for a while now. This is probably part of that. Signal and PGP are very different from each other and have different use cases. PGP is very useful when you don't know who the receiver of your message is going to be. It's also useful if you are only able to send a single message to someone and don't have time to do a whole handshake with the other party. I personally don't use Signal and don't plan on doing so for at least a good period of time. Literally between EFFs post on this and now new remote code execution bugs with signal have been published. I'm personally sticking with trusted and true solutions which are proven to work (assuming you don't use command line flags to intentionally make your security worse).

The point about MDC was only about the 2nd vulnerability which is an actual concern about the cryptographic quality of PGP. The first vulnerability is just a problem with email clients themselves (which they describe in the announcement) and not with PGP.

fucking security (((researchers))) once again trying to fearmonger and bloat up their own resume.
Here are the researchers:
Damian Poddebniak,
Christian Dresen,
Jens Müller,
Fabian Ising,
Sebastian (((Schinzel))),
Simon (((Friedberger))),
Juraj Somorovsky,
Jörg Schwenk.

I wonder what can be found of these upstanding world citizens.

here's Sebastian (((Schinzel)))
shilling stickers for his efail brand

Attached: shilling.png (612x737, 558.13K)

twitter.com/seecurity

STOP HURTING OUR BRAND GOYIM

Attached: OYVEY.png (639x419, 42.17K)

This guy dumped all the twitters
twitter.com/kurtopsahl/status/995908637036920832

Christian Dresen
twitter.com/dr4ys3n

Sebastian (((Schinzel)))
twitter.com/seecurity

Jens Müller
twitter.com/jensvoid

Fabian Ising
twitter.com/Murgi

Simon (((Friedberger)))
twitter.com/cryptosorcerer

Juraj Somorovsky
twitter.com/jurajsomorovsky

Attached: twitter_security_fans.png (617x462, 91.26K)

EFF didn't come up with the "STOP USING GPG NOW!!!" fearmongering
Sebastian (((Schinzel)))
was shilling it on the day of the release.

Attached: shilling2.png (657x678, 115.26K)

oyvey why are they ignoring our shilling and give us flack

Attached: oyvey3.png (609x918, 154.88K)

I dont get Signal. I dont want to have my phone number attached to these private chats, and I dont like that its connected to a centralized server. It needs to be an open standard like email, jabber, irc, matrix, etc.

ok so some people that are being retweeted are claiming theres an exploit that works on plaintext stuff too. legit, or just some jewish trick? idk anymore.

Attached: ClipboardImage.png (585x125, 28.49K)

that's the entire point with this fearmongering kikery. erode trust in GPG so people stop using it and instead send all their shit in plaintext so it can be easily read by Isreal.

well no they dont want it to be in cleartext they want everybody on Signal, which as I said I dont trust or think is a good idea conceptually. You can't self-host it I don't think, and theres the phone number thing.

The infosec people like to shill Signal because they are only concerned with normies/tech illiterate adoption rates. They want ease of use and privacy by default. Normal people will not use PGP and will fuck up trying.

PGP is indeed not user-friendly in the slightest, but OwO whats this?
conversations.im/omemo/
braindead simple to use, but decentralized as it is XMPP. Ive used it and it just werks. Why dont they shill this instead? seems shady.
Like, having a (((service))) that is hardcoded to a centralized server owned by a specific app maker doesnt sound very much in the spirit of Free Software does it?

It doesn't need to be anything at all. Just use OMEMO with XMPP.

...

see i just mentioned it, silly! ^.^
btw if you guys want to use it check this for the right client.
omemo.top/
its kinda off because chatsecure supports it now, but should give you an idea.

Secure by default is what law enforcement are scared of as well. LEA accept that a very small percentage of nerds will have strong security, but they don't won't a dumbass drug dealer to accidently have privacy/security because it's the default.

If someone can convert a plaintext email to html like says, then this is bigger problem. Because even if you do the right action and don't use a shitty client with html enabled, you have to rely on other people who either get the same messages as you or who you're speaking to not fucking this up either.

But yeah, the title is very clickbaity. It's similar to how people say Tor is broken when it's actually a browser exploit.

Funnily enough, PGP is the solution to that problem.

that's why they arrested those spic's that were selling the secure phone's with gps soldered off to drug cartels.

should be able to immediately get around this by putting the text in a zip file. other retarded people who have this html cancer turned on will not dump your secrets

What happens if the attacker decompresses it, injects the image tag around the encrypted data, and then recompresses it.
Regardless, allowing network connections from your html renderer for email is the root of the problem.

if it's in a zip file don't open the text in the zip in a fucking browser

the root of this problem is once again web5.0 nuweb cancer bloat

This is why I hate humans.

you stupid niggers, this is a thread about how using a bloated email client breaks encryption. the _exact same thing_ will happen on XMPP, I guarantee you. XMPP clients have all kinds of weird extensions and media they support. last time i checked, well established clients get memory corruption to the point where the screen looks all jumbled just because I entered an tag by hand into a group conversation (and not even being malicious, i was just trying to display an image in the conversation, seeing as it has HTML support)

the root of the problem is web 1.0 cancer (subsequent versions are even more cancerous). this exact same bullshit existed the moment the web and email came out

if i was building a protocol to send encrypted messages to people, i would make it so the entire message is encrypted in one go, then the plaintext can be interpreted as usual (as bytes representing text, or as something else). it could even have HTML-like elements in it, and it would be no problem. the problem with these email clients is that you can put some stuff in the middle of the plaintext which will be decrypted and concatenated to some script and fed into the browser/renderer. it's not even a viable approach to any real problem, it's just webshit. no sane person would allow markup in such a way

This, the EFF is really shifty lately. Did the glowdarks infiltrate it?

The founder of the EFF died a few months ago. Maybe that has something to do with it......

Died or """(((died)))""" is the question, innit?

Well the official story is that he died peacefully in his sleep at age 70.

read a book

found the jew

We should all move to centralized communication platforms such as Facebook, Discord and WhatsApp.
Our information is not safe in our own hands, obviously.

E-mail has to go.

Please read Efail: A Postmortem by Robert Hansen medium.com/@cipherpunk/efail-a-postmortem-4bef2cea4c08
Also read this thread lists.gnupg.org/pipermail/gnupg-users/2018-May/060462.html .

*giggles*
is he talking about us?

Attached: 2861431578_9c3aa89323.jpg (800x800 23.52 KB, 150.12K)

I think he means (((Signal shills))), not 8channers who consider this more of an EFFail than Efail.

kms

There is no "us" you gasworthy tripfaggot. You're an outsider here.

TRIPFAGS OUT
RRRRRRREEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE

umm no Danny is the guy who wrote at least one of the EFF articles shilling signal and telling everyone to stop using PGP.
I think he's referring to anons posting about glow-in-the-darks.

I love triggering you lovely people uwu

I love sucking dicks owo

The EFF was taken over by SJWs a long time ago. They're the Jewish agenda, now.

Pretty sorry state of affairs, SJWs infect non-profits massively.