
No, PGP is not broken, not even with the Efail vulnerabilities - dsr12
https://protonmail.com/blog/pgp-vulnerability-efail/
======
georgyo
Finally, a company not using this attack as a way to say PGP is fully broken
and you should be using their walled garden instead of PGP.

I don't even understand why efail is getting so much publicity. The attack
requires privileges access to your computer or your mail server in order to
modify your existing messages. Or the ability to intercept messages in flight.
That is a huge barrier, and if they had that access, all your plain text email
is compromised as well.

I don't understand why people are uninstalling gnupg because of this "attack".
I am extremely upset at the email keybase sent me, basically telling me that
to be secure I should unregistered my PGP key; complete with instructions on
how to do so. Accourding to them, I should be only using keybase's home grown
encryption tools.

This whole exploit just seems like a marketing attack.

~~~
ianstormtaylor
Your own comment equates the level of protection PGP provides to that of
plaintext. Which sounds to me like another way of saying, “PGP is broken”.

~~~
Bartweiss
I agree that this is the wording of the comment - if having a PGP-encrypted
message intercepted in transit compromises it, something has gone horribly
wrong.

Fortunately, it's not true; the situation is actually much better than the
comment suggests. As the Protonmail rundown points out, the better PGP clients
should be unaffected, and secure even with in-transit interception.

~~~
mtremsal
Unless another recipient uses a flawed client, which is pretty hard to check.

~~~
Bartweiss
If securing the contents of the message are the issue, then this is true but
it's an opsec problem - no different than corresponding with someone who's
downloaded malware.

But "another recipient leaked the data" isn't actually the same security
breach as "my data was observed". If the message was sent twice to different
people, no one even has reason to believe I was sent the data. If the message
was sent with multiple recipients, GPG encrypts it symmetrically, then
provides an encrypted copy of that key to each user - which means there's no
way to check that I actually received a valid copy of the message.

It's a good point, though, that if you're planning the Arab Spring by group
email or something, you should currently treat messages as at higher risk even
if you use Protonmail.

------
Analemma_
If one or two clients don't implement the standard correctly, the clients are
broken. If _all but_ one or two clients don't implement the standard
correctly, the standard is broken. Part of what makes good standard design is
knowing how to avoid pitfalls in client implementation.

~~~
zokier
Most clients do not implement (correctly or incorrectly) PGP at all. Instead
they delegate the PGP parts to GnuPG, and failed to handle the warnings that
GPG emitted. So your logic could be applied to GPG and argued that it is
broken.

~~~
TooBrokeToBeg
> So your logic could be applied to GPG and argued that it is broken.

That's a pretty common claim and has been for a long time. It's not just
verification of identity, but verification of integrity that the encryption is
supposed to enforce. Instead, it throws a warning for one case and will not
decrypt for another. The binary client is broken, as a security tool (insofar
as it fails to provide the security it claims). If the integrity of the
message is compromised, why show a version of the decrypted message at all?
There's no guarantee that's correct and has led to this.

------
StreamBright
Well there is more to it though:

[https://secushare.org/PGP](https://secushare.org/PGP)

[https://www.ctrlc.hu/~stef/blog/posts/on_pgp.html](https://www.ctrlc.hu/~stef/blog/posts/on_pgp.html)

~~~
dvdgsng
That first link is just a list of known short comings of PGP (wrong usage,
infrastructure, metadata, etc), but none of them is a reason to not use PGP at
all. PGP might not be encryption for the masses, but at least encryption that
works.

------
beders
MIME parsers are broken. End of story.

