[Cryptography] Vulnerability found in badly broken email apps that use PGP and S/MIME
Werner Koch
wk at gnupg.org
Tue May 15 05:03:59 EDT 2018
On Tue, 15 May 2018 03:08, pgut001 at cs.auckland.ac.nz said:
> Unless your S/MIME implementation does authenticated encryption from 10+ years
> ago, RFC 5083, in which case the gadget attack just bounces off.
Do you know such a mailer or do you have at least test mails?
> Mind you, a mailer broken enough to auto-fetch images/auto-render HTML content
> will also implement authenticated encryption as "Message tampering detected,
> continue anyway?", default = Yes.
People are always curious to see how attacks work - let's help them ;-)
Salam-Shalom,
Werner
--
# Please read: Daniel Ellsberg - The Doomsday Machine #
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180515/4b2435e2/attachment.sig>
More information about the cryptography
mailing list