Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Cryptography Leak in Enigmail / GnuPG

Fabio Pietrosanti (naif) lists at infosecurity.ch
Sun Nov 24 09:10:30 PST 2013


Il 11/24/13, 5:39 PM, Jacob Appelbaum ha scritto:
> When a user uses TorBirdy with Enigmail and Thunderbird, we disable
> those information leaks. We also have a mode (disabled by default due to
> user complaints) to remove the keyid of the recipient from the PGP
> encrypted message itself.
Looking forward for a secure default in all GnuPG based software, i just
opened tickets on most projects:

GnuPG: "Privacy Leak in Version: and Comment: header"
https://bugs.g10code.com/gnupg/issue1572

EnigMail: "Privacy Leak in Version: and Comment: header"
https://sourceforge.net/p/enigmail/bugs/215/

EnigMail: "Privacy Leak in X-EnigMail-Version
https://sourceforge.net/p/enigmail/bugs/216/

GPGTool: "Privacy Leak in Version: and Comment: header"
http://support.gpgtools.org/discussions/everything/13667-privacy-leak-in-version-and-comment-header

Outlook Privacy Plugin: "Privacy Leak in Version: and Comment: header"
https://code.google.com/p/outlook-privacy-plugin/issues/detail?id=124

GPG4Win: "Privacy Leak in Version: and Comment: header"
http://wald.intevation.org/tracker/index.php?func=detail&aid=6470&group_id=11&atid=126

It has been noted that Symantec Desktop Encryption product does leak
"X-PGP-Universal: processed" header, but it's not opensource.

Missing some of them?

-- 
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http://globaleaks.org - http://tor2web.org




More information about the liberationtech mailing list