back

Attacking end-to-end email encryption

Efail, other attacks and lessons learned.

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
01:00:57
Language
English
Abstract
In this talk, I’ll present several attacks that leak the plaintext of OpenPGP or S/MIME encrypted emails to an attacker. Some of the attacks are technically interesting, i.e. the two different efail attacks, some are somewhat silly, yet effective. Some abuse HTML emails, some also work with plain ASCII emails. Furthermore, I’ll discuss our lessons learned and describe the efail-related changes to mail clients and the OpenPGP and S/MIME standards.

Email remains the least common denominator when two or more people communicate over the Internet. While many modern messengers use end-to-end (e2e) encryption by default, email relies on transport encryption among email servers, which offers a much weaker protection.

OpenPGP and S/MIME are two competing standards that bring e2e encrypted communication to email. While S/MIME is mostly used in corporate environments and built into many of the widely used email clients, OpenPGP often requires that users install additional software and plugins. Both technologies never reached large deployment, mostly because both suffer from a range of usability issues. However, it is commonly assumed that if one manages to use OpenPGP or S/MIME to encrypt emails, it is very secure.

In this talk, I’ll discuss several attacks that leak the plaintext of OpenPGP or S/MIME encrypted emails to an attacker. Some of the attacks are technically interesting, i.e. the two different efail attacks, some are somewhat silly, yet effective. Some abuse HTML emails, some also work with plain ASCII emails.

The disclosure of the efail vulnerabilities caused a lot of stir in the press and the community, which also led to confusion about how the vulnerabilities work, about the mitigations and about the consequences for the OpenPGP and S/MIME standards. I’ll discuss our lessons learned and describe the efail-related changes to mail clients and the OpenPGP and S/MIME standards.

Talk ID
9463
Event:
35c3
Day
2
Room
Adams
Start
8:50 p.m.
Duration
01:00:00
Track
Security
Type of
lecture
Speaker
Sebastian Schinzel
Talk Slug & media link
35c3-9463-attacking_end-to-end_email_encryption

Talk & Speaker speed statistics

Very rough underestimation:
161.2 wpm
858.5 spm
100.0% Checking done100.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
0.0% Nothing done yet0.0%
  

Work on this video on Amara!

Talk & Speaker speed statistics with word clouds

Whole talk:
161.2 wpm
858.5 spm
peopleemaile-mailpgps/mimeciphertextbasicallymessagemdcsebastianplaintextmicrophonehtmlexamplemailtextgoodclientsclientkeyencryptedplainattackproblemtalkopenpgpuserbitencryptionencryptdisclosurequestionthingblockmimesecureattackerthunderbirdchangepapersupporte-mailsclickworkinterestingopenstuffprettygnupgrandom