Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 14 May 2018 16:01:42 +0200
From: Yves-Alexis Perez <corsac@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: PGP/MIME and S/MIME mail clients vulnerabilities

On Mon, 2018-05-14 at 12:29 +0200, Christian Brabandt wrote:
> Looks like details have just been published:
> https://efail.de/

So, as far as I can tell, in that attack scenario (where the attacker has
read/write access to encrypted mails):

- S/MIME is completely broken at the protocol level since it has no way to
defend against blind modification. Only mitigation for the clients are to
prevent HTML mails and/or prevent loading of external resources. There might
be other avenues to exploit the vulnerability in the future though.

- PGP/MIME is a bit safer because the OpenPGP format compresses plaintext
before encryption (which makes it harder for the attacker) and has some kind
of authenticated (symmetric) encryption (the MDC), which helps gnupg detects
modifications to the cyphertext. Most mail clients properly handle gnupg hints
when something went wrong but the external interface is a bit fragile (gnupg
will still output the cleartext, for example). One exception is apparently
Thunderbird with enigmail before 2.0.0, but this is now fixed (I didn't find
the proper commit yet). Again, not displaying HTML mails and not allowing
remote content loading can help, but other “backchannels” might be found in
the future.

I hope this can help other people. I'm no cryptographer so I didn't look
thoroughly to the crypto part of the paper, rather to the mail client
integration. Feel free to correct me if there's anything wrong.

Regards,
-- 
Yves-Alexis
Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ