Efail: instructions for using PGP again as safely as is possible for now

Originally published at: https://boingboing.net/2018/05/30/efail-instructions-for-using.html

3 Likes

I have never once done any of this. Is it really worthwhile? In what cases does it justify the hassle?

2 Likes

Are you messaging with your lawyer over sensitive things that need protection? Communicating on the down low with your side squeeze? Political dissident? There are good reasons but for most of us not so much.

1 Like

TIL Thunderbird has developers…(I thought it was dead…)

1 Like

Thunderbird was abandoned by Mozilla because they had a working, stable email client. (No really, they abandoned Thunderbird because it was a mature product which mostly only needed bugfixes.) And so, like Seamonkey (heir to the Mozilla suite proper) it is now “community maintained”, which means that Mozilla expects them to keep up with all the new engine breakage without Mozilla having to actually spend any effort on it :wink:

2 Likes

I guess you could always use plain text and run pgp 2.63? in dos in a virtual box.

Isn’t the main problem that other people who you’re sending mail to might be vulnerable and leak your information? You can update, patch, and use best practices all you like - if the recipient doesn’t, then you’re less secure. Though I suppose that’s always been true of secrets; you can’t control what the other person does with it.

1 Like

My advice is to exchange ascii armoured blocks of encrypted content. Copy and paste into and out of your mailer. Do all your PGP processing in a tool which does that one thing, ideally a tool which uses secure memory which can’t be copied to swap.

1 Like

That’s the impression I got when I initially tried pgp many, many years ago, and stopped because my 20-something brand went ‘process is too complicated’.

This topic was automatically closed after 5 days. New replies are no longer allowed.