[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] gpg security flaw

To: list@xxxxxxxxxxxx
Subject: Re: [LUG] gpg security flaw
From: Paul Sutton <zleap@xxxxxxxxx>
Date: Mon, 14 May 2018 20:56:59 +0100
Content-language: en-US
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dclug.org.uk; s=1523264761; h=Sender:Content-Transfer-Encoding:Content-Type :Reply-To:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Subject :In-Reply-To:MIME-Version:Date:Message-ID:From:References:To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner:List-Archive; bh=+IWIVWkBo2K4EFiBZ+OlsMr6Yuuz3uSBvIu3s4ZLT6Q=; b=aEDHokFZylD59Zx3Uu8VokbrI0 vt6PpQTi9pnvIts7FLUQcRl4ny/Lzy/rukccJAkdh4PFFoAzngdqzTaZiCkuJHIvjy464vmLFO8i4 auKRJl10+TiTWBDIo7FfUxrLe80HzOBa/zvyc6FTAsL/dS+S2EOU3BfjmRSCXpGmnqwg=;

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cool thanks,  I mainly use enigmail to sign e-mails, I don't see the
need to encrypt everything.

I do use protonmail too but not generally for anything sensitive.

Paul

On 14/05/18 20:46, Martijn Grooten wrote:
> On Mon, May 14, 2018 at 07:16:25PM +0100, Paul Sutton wrote:
>> is GnuPG affected by this too or is it just pgp ?
> 
> There are two vulnerabilities and one of them is really a mail
> client issue, so that affects GnuPG as well. The other one is more
> of a cryptography flaw and there has been some confusion on whether
> GnuPG is affected.
> 
> The TL;DR of this is that if you use PGP etc. for vanity reasons, 
> because you think encryption is a worthy goal, then you shouldn't
> worry too much, as an adversary would have to take some active
> steps to decrypt emails that they would have previously stored.
> 
> If you're using it to handle sensitive data you should probably
> consider using something else (Signal!), though more because PGP is
> pretty broken in general. This one can be mitigated by making sure
> your mail client doesn't download external content, such as
> images.
> 
> Martijn.
> 
> 

- -- 
http://www.zleap.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJa+eoJAAoJEPCGVTfQZjAtAtsP/14Yn7j3ZIDEOii6FTJyTS+w
6qnJNXNZ9czl/H+QiWjVI4ire1p+D0Gio+lQAsmyvjq6zbqvGP9r1azLwuvwFYcE
hc1HzU6gcOrnDZHw/HJ3KIAN2Zrz7y8kcQZ4kScJLVQzJ8edy+aNXMZCFCELFsUw
8AeX4ETLv2hpfHqawlNvGYYvBWCeW9Zs4CT0vpEoQUb+MSZnLOTtGssmuvdrxIfT
TM6rAZ5GWcWjzTjlTISJ0cZofyZzPco8IqUknU0xL2BJL+5xPqtv8+UdU5i3Dl+G
Jb3BDWWlTB1DadfQJV9AxvsTJSEABIGJqk+w/64fQZlBn4ohWeQqHFUn8eJPuOxK
UvGUYY2TRMcARxQoeD4/2Wf51mKu1K4If1Z7Yahw22vwe/U7rcJ29WNx1hd1nayO
K1qIo8J1vYWHTSMys6j2i7wLtXAWfrKKnyLEl8QTLfWHiXt6ubNjYuoQjONl7HUC
OpxwuA6W9xYXy1qT9MISJaWLccgVqh3yliJrzBAa+3owxx+8c1q72ZkeMRUHZntg
3BSIDb4lPuBjjaYmtos648TNZjWLxc8OAR3dpVtSGlVEhdSHpc0RA8JX9HPaEViC
y18myW4yYW1FbtqmwqiXShSDod2uai9WllTrJm3fLq7iAJYFrAYtu9l4WIAqU6jy
e+6R5XH9Pl/Vy1jHDzjb
=Yzaa
-----END PGP SIGNATURE-----

-- 
The Mailing List for the Devon & Cornwall LUG
https://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

References:
- [LUG] gpg security flaw
  - From: Paul Sutton
- Re: [LUG] gpg security flaw
  - From: Martijn Grooten

Prev by Date: Re: [LUG] gpg security flaw
Next by Date: Re: [LUG] Problem in use of VirtualBox to demonstrate a server based software locally on my machine
Previous by thread: Re: [LUG] gpg security flaw
Next by thread: Re: [LUG] gpg security flaw
Index(es):
- Date
- Thread