Douglas Crawford

Douglas Crawford

May 14, 2018

Security researchers, backed up the EFF, have issued a warning over PGP and S/MIME encryption. You should stop using these standards to secure your emails immediately.

PGP has long been considered the gold standard for sending secure encrypted emails. It does not encrypt metadata and is very far from easy to use, but it is nevertheless widely regarded as by far the safest way to send secure emails.

Professor of computer security at Münster University of Applied Sciences, Sebastian Schinzel, however, tweeted on Sunday 14 May that:

We’ll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past.”

Professor Schinzel is a member of a research team consisting of a long list of respected security researchers, and which has been responsible for uncovering a number of cryptographic vulnerabilities. The most notable of these is the 2016 DROWN attack which put 33% of all HTTPS servers in the world at risk.

The Electronic Frontier Association (EFF) has confirmed the vulnerability:

A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.”

BestVPN advice: Uninstall PGP immediately (at least for now)!

In line with all expert cryptographic advice to date, BestVPN.com recommends the use of PGP in a number of our core articles. Given that this warning is backed by the EFF, however, we strongly recommend following the EFF’s advice:

Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email.”

The article then provides links to guides on how to temporally disable PGP plug-ins in Thunderbird with Enigmail, Apple Mail with GPGTools, and Outlook with Gpg4win.

No mention is made of removing stand-alone PGP apps such as Gpg4win or PGP browser add-ons such as Mailvelope.

It is probably safe to assume that once more details about the vulnerability are disclosed, the enthusiastic open source PGP community will work hard to patch the problem in as short a time as possible. BestVPN.com is monitoring the situation and will update articles that recommend using PGP if and as necessary.

S/MIME

All advice published so far concentrates on PGP. This is not surprising as PGP encryption has so far been considered rock solid.  That the vulnerability also affects S/MIME, however, may be more significant because S/MIME is much more widely deployed by businesses to secure their email communications.

S/MIME is very similar to PGP except that instead of users defining their own encryption methods and web of trust (how to share their private encryption keys), S/MIME uses predefined encryption standards and public-private keypairs distributed by a trusted authority.

This makes S/MIME much more transparent in use and easier for companies to deploy. Its reliance on a “trusted authority” to distribute the encryption keys is why privacy fanatics prefer PGP.

Conclusion

Until this issue is fully understood and (hopefully) fixed, you should avoid using PGP and S/MIME to encrypt emails. To communicate securely and privately over the internet, use Signal instead.

Image credit: By arka38/Shutterstock.

Image credit: xaedes & jfreax & AcdxPGP diagramCC BY-SA 3.0.

Douglas Crawford
May 14th, 2018

I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. You can now follow me on Twitter - @douglasjcrawf.

6 responses to “Security Alert: Stop using PGP and S/MIME now!

  1. From what I read. PGP can be still be safely used with the Command Line. The problems are with doing auto encrypting and decrypting with things like Email Clients. I don’t see any description of whether Kleopatra is thought to be defective itself.

    I don’t think I should use Signal, as I have a ZTE phone. I am required to get the app Signal from the Google Play store.

    I notice that the phone does these downloads of info related to keyboard. I am guessing it is updating the spelling dictionary according to my use of it. Which would indicate, not very secure. As I don’t have Signal on the phone any more, I wonder if it still does the same if I still had Signal. Personally I do not know a single person who is interested in doing encryption. No matter how easy it is.

    Easier might seem to be, using an email like Proton Mail or Tutanota.com. However I see Proton uses Captcha, which I guess is necessary from their standpoint. Also some of the sites of places which say they are concerned about Privacy, used to have a public PGP key, or a phone number with Signal beside it. Some of them Canvas the people who log in. I think one would prefer a site where, if I closed off all the options on TOR, for things like Java Script that the site still function. Is that even possible?

    1. Hi Woried,

      I was waiting a little for the dust to settle and consensus to be reached about what is and what is not safe before updating this article

      Signal is very secure, even if downloaded from the Play Store. Why does having a ZTE phone prevent you from downloading the .apk directly, though? If you are worried about your keyboard (a valid worry) then AnySoftKeyboard is an open-source keyboard app that doesn’t ask for any internet permissions. You can download it for many languages from F-Droid.

      Services such as ProtonMail and Tutanota are great for what they are, but browser-based cryptography is always going to be inherently insecure.

    1. Hi ibnishak,

      Yes, I do review open source encryption products like Passlok. I can’t promise a timescale, but I will get round to it. One thing I will say off the bat, though, is that browser/Javascript-based cryptography (which Passlok appears to be) is not regarded as very secure. Please see Secure Privacy Email Options for more discussion on this.

    1. Hi Wnerwiony,

      No it’s not. But with PGP not being secure for now, it is a way to communicate very privately and securely. Our Secure Privacy Email Options article lists some good privacy-oriented email services, but none of these are anywhere near as secure as Signal (or as PGP has always been seen to be). The bottom line is that, without PGP not being an option, there is no such thing as highly secure email. Period.

Leave a Reply

Your email address will not be published. Required fields are marked *