D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] gpg security flaw

 

On Mon, May 14, 2018 at 07:16:25PM +0100, Paul Sutton wrote:
> is GnuPG affected by this too or is it just pgp ?     

There are two vulnerabilities and one of them is really a mail client
issue, so that affects GnuPG as well. The other one is more of a
cryptography flaw and there has been some confusion on whether GnuPG is
affected.

The TL;DR of this is that if you use PGP etc. for vanity reasons,
because you think encryption is a worthy goal, then you shouldn't worry
too much, as an adversary would have to take some active steps to
decrypt emails that they would have previously stored.

If you're using it to handle sensitive data you should probably consider
using something else (Signal!), though more because PGP is pretty broken
in general. This one can be mitigated by making sure your mail client
doesn't download external content, such as images.

Martijn.


-- 
The Mailing List for the Devon & Cornwall LUG
https://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq