Oh please. Of course encrypted e-mail is still secure.

Various media have hyped a recently publicized paper about vulnerabilities of PGP encrypted e-mail, saying things like “e-mail no longer a secure method of communication“.

This is a load of BS.

Werner Koch, author of GNU Privacy Guard (GPG), has stated that such exploits have been known for almost 20 years and countermeasures have long been developed. GPG throws a hard error (since 2015) if the countermeasure is not detected upon decryption.

Enigmail, the Mozilla Thunderbird PGP addon, includes a fix (since February) that prevents any content being rendered to the user if GPG throws this error. This basically fixes the problem.

Claiming that PGP has been broken, the encryption itself has been broken, and telling users to not send encrypted e-mails anymore is WRONG.

I have to wonder if this is some kind of scheme or cyberattack meant to discredit email encryption as a whole. The use of encryption is obviously a thorn in the side of various agencies and third parties who would like you to stop using it.

In short: Use GnuPG and Enigmail, use the latest versions, disable loading third-party content from the web, or disable viewing HTML mails completely (if you’re paranoid, you probably did this already). Don’t panic.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

%d bloggers like this: