top | item 24516989 (no title) ifmpx | 5 years ago What do you mean by PGP "not [being] as secure as the people using it thought that it was"? Can you mention something specific? discuss order hn newest btilly|5 years ago Here is something specific.Due to the complexity of the PGP system, there are a plethora of downgrade attacks. Where something that was supposed to be at one level of security can be tricked into doing something much less secure. See https://twitter.com/xmppwocky/status/1291144278953955328, https://mailarchive.ietf.org/arch/msg/openpgp/JLn7sL6TqikUf-..., and https://www.eff.org/deeplinks/2018/05/pgp-and-efail-frequent... for three different examples of such attacks against PGP in recent years. upofadown|5 years ago The first one appears to be some sort of joke.The second one is just yet another person discovering that the MDC check can be stripped off a message.The third one seems to be just EFAIL which is not a downgrade or any attack really against PGP.
btilly|5 years ago Here is something specific.Due to the complexity of the PGP system, there are a plethora of downgrade attacks. Where something that was supposed to be at one level of security can be tricked into doing something much less secure. See https://twitter.com/xmppwocky/status/1291144278953955328, https://mailarchive.ietf.org/arch/msg/openpgp/JLn7sL6TqikUf-..., and https://www.eff.org/deeplinks/2018/05/pgp-and-efail-frequent... for three different examples of such attacks against PGP in recent years. upofadown|5 years ago The first one appears to be some sort of joke.The second one is just yet another person discovering that the MDC check can be stripped off a message.The third one seems to be just EFAIL which is not a downgrade or any attack really against PGP.
upofadown|5 years ago The first one appears to be some sort of joke.The second one is just yet another person discovering that the MDC check can be stripped off a message.The third one seems to be just EFAIL which is not a downgrade or any attack really against PGP.
btilly|5 years ago
Due to the complexity of the PGP system, there are a plethora of downgrade attacks. Where something that was supposed to be at one level of security can be tricked into doing something much less secure. See https://twitter.com/xmppwocky/status/1291144278953955328, https://mailarchive.ietf.org/arch/msg/openpgp/JLn7sL6TqikUf-..., and https://www.eff.org/deeplinks/2018/05/pgp-and-efail-frequent... for three different examples of such attacks against PGP in recent years.
upofadown|5 years ago
The second one is just yet another person discovering that the MDC check can be stripped off a message.
The third one seems to be just EFAIL which is not a downgrade or any attack really against PGP.