Attacking end-to-end email encryption

Cite

Related Material

Chaos Computer Club e.V.

Schinzel, Sebastian

Formal Metadata

Title

Attacking end-to-end email encryption

Subtitle

Efail, other attacks and lessons learned.

Title of Series

35C3 Refreshing Memories

Number of Parts

165

Author

Schinzel, Sebastian

License

CC Attribution 4.0 International:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/39349 (DOI)

Publisher

Chaos Computer Club e.V.

Release Date

2018

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

In this talk, I’ll present several attacks that leak the plaintext of OpenPGP or S/MIME encrypted emails to an attacker. Some of the attacks are technically interesting, i.e. the two different efail attacks, some are somewhat silly, yet effective. Some abuse HTML emails, some also work with plain ASCII emails. Furthermore, I’ll discuss our lessons learned and describe the efail-related changes to mail clients and the OpenPGP and S/MIME standards.

Keywords

Security