Do you think that the encrypted e-mail is safe?
-
Well, it is not
#EFAIL vulnerability: What PGP and S/MIME users need to do right now
A team of European researchers claim to have found critical vulnerabilities in PGP/GPG and S/MIME. PGP, which stands for Pretty Good Privacy, is code used to encrypt communications, commonly email. S/MIME, which stands for Secure/Multipurpose Internet Mail Extension, is a way to sign and encrypt modern email and all the extended character sets, attachments, and content it contains. If you want the same level of security in email as you have in end-to-end encrypted messaging, it's likely you're using PGP / S/MIME. And, right now, they may be vulnerable to hacks.....
-
That article quotes someone explicitly stating that the issue is not with PGP. The problem is how mail clients handle HTML alongside PGP.
If you don't use HTML mail that's encrypted, or a client that isn't vulnerable, you're fine.
The real problem with PGP is that it's such a hassle to manage, especially when compared the level of difficulty of one-click-you're-encrypted messaging apps like Signal.
-
Email should be forgetten as an idea at all and converted to Bitmessage like easy to use aplication. That must be a standart in comunication acording to fundamental law to privacy and feeling secure doing buissness.
-
@lonm It could be really easy for mail too - even some webmail providers provide stuff like https://www.mailvelope.com/en built in in their portal - and every mail client which uses the browser rendering engine and can perform own JavaScripts could integrate it too ...
... you only need to make really sure, that you don't interpret stuff inside and display plain-text-only.
-
This post is deleted! -
This post is deleted! -