Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <83c6b5d6e961fc6c1130e634ab35763b3aaf43b8.camel@debian.org>
Date: Tue, 15 May 2018 10:22:46 +0200
From: Yves-Alexis Perez <corsac@...ian.org>
To: Brian May <brian@...uxpenguins.xyz>, oss-security@...ts.openwall.com
Subject: Re: PGP/MIME and S/MIME mail clients vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Tue, 2018-05-15 at 17:40 +1000, Brian May wrote:
> Have a look at some official statements on this:
> 
> * https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html
> * https://protonmail.com/blog/pgp-vulnerability-efail/
> 
> For the case of PGP it sounds like the only problems occur when mail
> clients ignore the GPG hints.

Thanks for the links (I had already included the information in my summary
though).
> 
> For S/MIME, it does sound like the standard is broken and needs fixing.

That was my understanding as well, thus the mitigations.
> 
> If I understand this correctly, the "Direct Exfiltration" is an attack
> that doesn't require modifying the encrypted data - so presumably the
> MDC in PGP won't help. 

Yes indeed.

> To me this sounds like a email client problem
> (allowing mixing encrypted and encrypted data in the one HTML document
> seems like a very bad idea), but the https://efail.de/ page says the
> standards need to be updated to fix this.

Maybe the fixing the standard will help, but indeed the client can already
sanitize the various chunks of message and not render them as part of one HTML
document. As far as I can tell only Thunderbird was vulnerable to this (in
open-source software), but I can't find a CVE number or a public bug for this.

Regards,
- -- 
Yves-Alexis
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlr6mNYACgkQ3rYcyPpX
RFtn4ggAtq1Ex6jbj0XbMxQt2j9l4/p1OFSoemqJEEXse2E6cgB/UMd4LPBpzeW0
kS1I6glL4j3ODpUrcBKFkWTqUMXwYATayzBGX08HWti5vj+CRtqd+QtpMziymhiC
UzB77gsDi3IBssANPDVrW1YmF/pN5FUvrmBx6F+yEXOd0dQkKwQrbnvgQVskVGBP
TisoHpMDvEAZGToNlHh/HokonliCnnN7vQRp4ZiardcWsFY5oBnmHcvZKYaW1R9G
PG65KWRDSxiU9hB6UGoZNAgM8vlBjZzEk6kgSm8XC5vam2Co/Egg0JQenK0C8YyP
ATG6D5cEDa31XswrNeZLVr5VF035JQ==
=dZri
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.