Sequoia: A New OpenPGP Implementation in Rust
The topic of that paper is that HTML is used as a back channel to create
an oracle for modified encrypted mails. It is long known that HTML
mails and in particular external links like <img href="tla.org/TAG"/>
are evil if the MUA actually honors them (which many meanwhile seem to
do again; see all these newsletters). Due to broken MIME parsers a
bunch of MUAs seem to concatenate decrypted HTML mime parts which makes
it easy to plant such HTML snippets.
There are two ways to mitigate this attack
- Don't use HTML mails. Or if you really need to read them use a
proper MIME parser and disallow any access to external links.
- Use authenticated encryption.
Efail: Was Sie jetzt beachten müssen, um sicher E-Mails zu verschicken
is an #application
for viewing and editing symmetrically encrypted text. Using a simple and convenient graphical and command line interface, EncryptPad provides a tool for #encrypt
and decrypting binary files on disk while offering effective measures for protecting information, and it uses the most widely chosen quality file format OpenPGP RFC 4880. Unlike other #OpenPGP
software which main purpose is asymmetric encryption, the primary focus of EncryptPad is #symmetricencryption
. #gpg #tocheck
The Monkeysphere project's goal is to extend OpenPGP's web of
trust to new areas of the Internet to help us securely identify
servers we connect to, as well as each other while we work online.
The suite of Monkeysphere utilities provides a framework to
transparently leverage the web of trust for authentication of
TLS/SSL communications through the normal use of tools you are
familiar with, such as your web browser0 or secure shell.