Re: PGP/MIME and S/MIME mail clients vulnerabilities

[Leo Gaspard <oss-security@leo.gaspard.ninja>]

On 05/14/2018 04:01 PM, Yves-Alexis Perez wrote:> - PGP/MIME is a bit
safer because the OpenPGP format compresses plaintext
> before encryption (which makes it harder for the attacker) and has some kind
> of authenticated (symmetric) encryption (the MDC), which helps gnupg detects
> modifications to the cyphertext. Most mail clients properly handle gnupg hints
> when something went wrong but the external interface is a bit fragile (gnupg
> will still output the cleartext, for example). One exception is apparently
> Thunderbird with enigmail before 2.0.0, but this is now fixed (I didn't find
> the proper commit yet). Again, not displaying HTML mails and not allowing
> remote content loading can help, but other “backchannels” might be found in
> the future.

Just to add in about Thunderbird with Enigmail after 2.0.0:

https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060325.html
https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060327.html
https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060329.html

So it looks like data encrypted with CAST5 (and possibly 3DES?) may be
at risk even with Enigmail 2.0.0, with what I guess is latest GnuPG
(don't know whether it is with 1.4, 2.2 or both, though), likely due to
a GnuPG bug.