[Cryptography] Vulnerability found in badly broken email apps that use PGP and S/MIME

[Peter Gutmann]

Ray Dillinger <bear at sonic.net> writes:

>S/MIME's capability to cut and join messages at arbitrary boundaries after
>applying processing (including decryption) to selected substrings makes it
>worse.

Unless your S/MIME implementation does authenticated encryption from 10+ years
ago, RFC 5083, in which case the gadget attack just bounces off.

Mind you, a mailer broken enough to auto-fetch images/auto-render HTML content
will also implement authenticated encryption as "Message tampering detected,
continue anyway?", default = Yes.

Peter.