[liberationtech] Cryptography Leak in Enigmail / GnuPG
Griffin Boyce
griffin at cryptolab.net
Mon Apr 28 04:44:41 PDT 2014
And, whether it's a Thunderbird bug or an Enigmail bug, Gmail emails
have a tendency to be sent (typically unencrypted) during draft
autosave. So that's fun.
Thunderbird makes me think of Mutt's slogan from 1995 - "All email
clients are terrible. This one is just less terrible."
~Griffin
On 2014-04-28 03:25, Fabio Pietrosanti (naif) wrote:
> Il 11/24/13, 2:19 PM, Fabio Pietrosanti (naif) ha scritto:
>
>> I just wanted to notice that the mostly used encryption software
>> like
>> GnuPG and Enigmail, have some privacy leak that in the XKEYSCORE's
>> ages
>> could represent a major risk.
>>
>> a) Enigmail, Thunderbird's PGP plugin, does send
>> "X-Enigmail-Version:"
>> header on ALL email sent, also the unencrypted one.
>>
>> b) GnuPG, following the " -----BEGIN PGP MESSAGE-----", does add
>> version
>> information such as " Version: GnuPG/MacGPG2 v2.0.19 (Darwin)" .
>
> An update on this issue following reports of October '13
More information about the liberationtech
mailing list