Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Cryptography Leak in Enigmail / GnuPG

Griffin Boyce griffin at cryptolab.net
Mon Apr 28 04:44:41 PDT 2014


   And, whether it's a Thunderbird bug or an Enigmail bug, Gmail emails 
have a tendency to be sent (typically unencrypted) during draft 
autosave.  So that's fun.

   Thunderbird makes me think of Mutt's slogan from 1995 - "All email 
clients are terrible. This one is just less terrible."

~Griffin

On 2014-04-28 03:25, Fabio Pietrosanti (naif) wrote:
> Il 11/24/13, 2:19 PM, Fabio Pietrosanti (naif) ha scritto:
> 
>> I just wanted to notice that the mostly used encryption software
>> like
>> GnuPG and Enigmail, have some privacy leak that in the XKEYSCORE's
>> ages
>> could represent a major risk.
>> 
>> a) Enigmail, Thunderbird's PGP plugin, does send
>> "X-Enigmail-Version:"
>> header on ALL email sent, also the unencrypted one.
>> 
>> b) GnuPG, following the " -----BEGIN PGP MESSAGE-----", does add
>> version
>> information such as " Version: GnuPG/MacGPG2 v2.0.19 (Darwin)" .
> 
>  An update on this issue following reports of October '13



More information about the liberationtech mailing list