Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Cryptography Leak in Enigmail / GnuPG

Fabio Pietrosanti (naif) lists at
Mon Jun 2 06:59:43 PDT 2014

Il 4/28/14, 9:25 AM, Fabio Pietrosanti (naif) ha scritto:
> Il 11/24/13, 2:19 PM, Fabio Pietrosanti (naif) ha scritto:
>> I just wanted to notice that the mostly used encryption software like
>> GnuPG and Enigmail, have some privacy leak that in the XKEYSCORE's ages
>> could represent a major risk.
>> a) Enigmail, Thunderbird's PGP plugin, does send "X-Enigmail-Version:"
>> header on ALL email sent, also the unencrypted one.
>> b) GnuPG, following the " -----BEGIN PGP MESSAGE-----", does add version
>> information such as " Version: GnuPG/MacGPG2 v2.0.19 (Darwin)" .

An update on this issue following intermediate reports of April '14
(following initial report of October '13).

- GnuPG
- EnigMail

- Outlook Privacy Plugin

- GPG4Win: "Privacy Leak in Version: and Comment: header"

Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights - -

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list