Hi all, you probably read about the recently released paper “Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels” <https://efail.de/efail-attack-paper.pdf>. Just to summarise what I learned from reading the paper: * OpenPGP and S/MIME are *not* broken. The standards could be improved, but there is no reason not to encrypt messages. * The attacker must have access to the transport channel, the mail server (MTA) or the mailbox. * The exfiltration of the decrypted plaintext requires HTML. If you want to be absolutely sure, just build Balsa without HTML support. If you want to keep HTML support, you should at lest in the settings choose to prefer plain text over HTML. * However, recall that your communication partner /may/ use an insecure mail client. I. e. although your system is safe, the attacker /may/ able to exfiltrate decrypted messages from your partner's machine. I am not sure if the HTML widgets used in Balsa are configured to reject all backchannels. At least, libwebkit2gtk asks for loading external images (which you should *never* do!), but the paper lists (in appendix D) a multitude of possibilities. I will check them for libwebkit2gtk (which will take some time), it would be great if someone could have a look at the other widgets. Again, the findings made in the paper do *not* justify *not* to encrypt messages! Cheers, Albrecht.
Attachment:
pgpWBCYfMGbPt.pgp
Description: PGP signature