PGP: Serious flaw found in secure email tech

    PGP: Serious flaw found in secure email tech


    Posted: 14 May 2018
    A widely used method of encrypting emails has been found to suffer from a serious vulnerability, researchers say.

    PGP (Pretty Good Privacy) is a data encryption method sometimes added to programs that send and receive email.

    Details about the vulnerability were released by the Suddeutsche Zeitung newspaper prior to a scheduled embargo.
    Previously, the Electronic Frontier Foundation (EFF) had advised immediately disabling email tools that automatically decrypted PGP.

    The problem had been investigated by Sebastian Schinzel, at Munster University of Applied Sciences.

    After the embargo on releasing details about the vulnerability was lifted, Mr Schinzel and colleagues published their research revealing how the attack on PGP emails worked.

    A website explaining the issue has also now been made public.


    Read more: PGP: 'Serious' flaw found in secure email tech - BBC News
    Brink's Avatar Posted By: Brink
    14 May 2018



  2. file3456
    Posts : 0
    Windows 7 Ultimate x64
       New #1

    I always thought that PGP wasn't that good of an encryption standard to use. Instead, I think perhaps a one time pad implantation should be used. The only issue is trying to pass the pad securely. Perhaps that part can be done with AES 256 or ECC or something. Perhaps even a cascade of ciphers like AES 256, ECC and Blowfish. But then again, the whole E-mail could use a cascade of ciphers as well. It's just that a one time pad is uncrackable providing it's used correctly and the pad is never reused.

    Perhaps in the corporate environment a digital one time pad can be generated at the office using a type of synchronous USD fob.
      My Computer
    Quote Quote

  4. Alejandro85
    Posts : 2,468
    Windows 7 Ultimate x64
       New #2

    F22 Simpilot said:
    I always thought that PGP wasn't that good of an encryption standard to use. Instead, I think perhaps a one time pad implantation should be used. The only issue is trying to pass the pad securely. Perhaps that part can be done with AES 256 or ECC or something. Perhaps even a cascade of ciphers like AES 256, ECC and Blowfish. But then again, the whole E-mail could use a cascade of ciphers as well. It's just that a one time pad is uncrackable providing it's used correctly and the pad is never reused.
    Most vulnerabilities found aren't actually problems in PGP, but in software rendering the decrypted emails instead. PGP is still the best possible choice.

    One time pad is great and theoretically uncrackeable, but has the problem that it needs as much random key material as plain text, and you must ensure confidenciality of the key. AES is a symetric algorithm, so you also need to ensure key protection by other means, that's what makes them impractical.

    PGP uses those but in addition uses RSA, an asymetric key encryption, that's what makes really possible to have encrypted email without worrying about key distribution. Each one as a private key that's never sent to anyone and a public key that's freely distributed, and that's all.
    Not coincidentally, that's the very same kind of cryptography that powers TLS and therefore HTTPS, and what makes secure browsing possible without having to distribute private things, which makes it practical to use in real life.
      My Computer
    Quote Quote

 

  Related Discussions
Kingston Technology is instructing customers to return certain models of its memory sticks, after the firm discovered a glitch in its DataTraveler Secure flash drives. The company said in a security notice that the models affected were “privacy” editions of the DataTraveler Secure,...
New Security Flaw Found In IE, Best Fire Up FireFox Jan 03 If you’re using Internet Explorer to read this it might be an idea to shut it down now and open up trusty old FireFox instead. Microsoft has today issued an alert to notify users of a critical security flaw in IE.7.0...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 08:11.
Find Us