What “Efail” Tells Us About Email Vulnerabilities and Disclosure (Lawfare article)

2018/05/24: Article on EFAIL vulnerability, email vulnerabilities and the patching of those vulnerabilities. It questions the safety of emails in generalRead more

6/12/2016 - Filippo Valsorda: "I'm giving up on PGP"


Filippo Valsorda's post on the reasons why he decided to dive up on PGP. Among these reasons, we find the lack of people actually using PGP, the usability of the software programs, and, above all, the security of the long term key.
[QUotation style:] "The more
...Read more
GnuPG Flaw in Encryption Tools Lets Attackers Spoof Anyone's Signature (The Hacker News article)

2018/06/15: Article about the SigSpoof vulnerability which makes it possible for attackers to fake digital signaturesRead more

Kommentar: Efail ist ein EFFail (Heise article)

2018/5/16 - two days after the public disclosure, Heise published a commentary about the disclosure process.

PGP ist nicht kaputt. Wenn man allerdings große Teile der Berichterstattung über die Efail-Lücken verfolgt hat, könnte man zu diesem Schluss

...Read more
Enigmail verschickt Krypto-Mails im Klartext (heise security article)

2018/10/03: Heise security article on the Enigmail bug under WindowsRead more

People Are Freaking Out That PGP Is ‘Broken’—But You Shouldn’t Be Using It Anyway (Motherboard article)

2018/5/14 - screenshot of a Motherboard article about EFAIL. The title, as well as the incipit of the article, reveal the skepticism of the author about the crypto protocol.

On Monday, the world was reminded once again that the almost 30-year-old encryption

...Read more
Was the Efail disclosure horribly screwed up? – A Few Thoughts on Cryptographic Engineering (blog post)

2018/05/17: Matthew Green thoughts on the EFAIL vulnerabilities disclosure, its handling and the future of PGPRead more

efail: Outdated Crypto Standards are to blame (Hanno's blog)

2018/05/22: Hanno Böck's thoughts and opinion about the EFAIL vulnerability, OpenPGP and S/MIME,Read more

Negociation as a drawback?

The authors make a bold statement:

If we've learned 3 important things about cryptography design in the last 20 years, at least 2 of them are that negotiation and compatibility

...Read more
SigSpoof: Spoofing signatures in GnuPG, Enigmail, GPGTools and python-gnupg (NeoPG blog post)

2018/06/13: Blog post on the "SigSpoof". Marcus Brinkmann found this vulnerability that allows spoofing “signed” messages that are not actually signed. This post proves the vulnerability and shows the medias' reactionsRead more

Subscribe to OpenPGP