Ready to Start Your Career?

The PGP key Panic: Safety 101

Joeri Jungschlager's profile image

By: Joeri Jungschlager

May 14, 2018

Most of us have been using PGP for at least 5 years, some even more than 10 or 20. Nothing could be more stressful than our users and more our selves with the safety of PGP,  the Asymmetric key standard for encryption of emails and files. So the article:  Attention PGP Users: New Vulnerabilities Require You To Take Action Now means we are in for a bumpy ride or are we?Don't panic!The paper that is announced to release tomorrow with the following statement in the announcement "The full details will be published in a paper on Tuesday the 15th of may 2018 at 07:00 AM UTC (3:00 AM Eastern, midnight Pacific). In order to reduce the short-term risk, we and the researchers have agreed to warn the wider PGP user community in advance of its full publication." is replied with by the reaction do not panic by Robert J. Hansen from the GNUPGP project which already saw the paper ahead. You can find his full reaction here.E-Mail Safety 101:And this already gives away some off the topic of the paper. s/MIME and email. OpenPGP is known to be more secure. You can read the full response here.
The topic of that paper is that HTML is used as a back channel to create an oracle for modified encrypted mails.  It is long known that HTML mails and in particular external links like <img href=""/> are evil if the MUA actually honors them (which many meanwhile seem to do again; see all these newsletters).  Due to broken MIME parsers a bunch of MUAs seem to concatenate decrypted HTML mime parts which makes it easy to plant such HTML snippets.There are two ways to mitigate this attack:
  1. Don't use HTML mails.  Or if you really need to read them use a proper MIME parser and disallow any access to external links.
  2. Use authenticated encryption.
The latter is actually easy for OpenPGP because we started to use authenticated encryption (AE) since 2000 or 2001.  Our AE is called MDC (Modification detection code) and was back then introduced for a very similar attack. Unfortunately, some OpenPGP implementations were late to introduce MDC and thus GPG could not fail hard on receiving a mail without an MDC.  However, an error is returned during decrypting and no MDC is used:"
What do now?
  • Disable the usage of HTML in e-mails.
  • Use authenticated encryption.
  • Look for what clients and plugins are being used in your company.
If they contain the following:
  • Thunderbird with Enigmail
  • Apple Mail with GPGTools
  • Outlook with Gpg4win
consider migration to OpenPGP as an emergency solution and wait for the paper results. List of Sources:
Schedule Demo