#efail and PGP - What should I do?

News & Analysis
We found the above image here.


Email is hard to secure. For years we've been trying to build security on top of email, such as through technologies like Pretty Good Privacy (PGP) and the open source implementation: GnuPG (GPG).

What happened

In the past 48 hours, there have been very scary looking reports recommending people switch off PGP in their email clients.

The TL;DR version of this post is:

  • PGP is not broken by this attack
  • You absolutely should not stop using PGP with your email
  • This can only be exploited by someone who already has access to your emails, and an extremely high level of expertise.

If you're worried about this attack being used against you:

  • Make sure your email client of choice doesn't allow remote content in messages (this is the default setting in Thunderbird)
  • Make sure your email client of choice renders all emails as PLAIN TEXT, not HTML.

A slightly more in-depth explanation for those interested follows below, and if you wish to see the discussion between the developers of GPG you can view it on their mailing list here.

What PI advocates

When giving training on Risk or Threat Modelling, we use slides similar to the ones shown below:


It's important to remember that there's no such thing as perfect security. Security is all about driving up the cost of attack - a sufficiently motivated attacker, with sufficient resources (including time, expertise, and money) will always get you eventually.

How it works

The way the recently-revealed attack works is set out in the below image


As you can see, not only does someone require access to your emails, but they also need to be able to change the ciphertext of that email so that when decrypted it follows a link to external content.  There are several prerequisites for this attack to work:

  • Your attacker must have access to an encrypted email of yours
  • Your attacker must be sufficiently skilled that they are able to change an encrypted email in a specific way, whilst making sure it's still decryptable
  • Your email client must ignore decryption errors
  • Your email client must render emails as HTML
  • Your email client must load remote content by default

This attack is incredibly "noisy", relies on a non-standard setup of your email client, and requires some interaction from the user to even work.  There are a couple of simple mitigations I have outlined above (turn off HTML rendering, make sure your client doesn't load remote content by default).

By the time we see this being actively exploited in the wild, there will already be patches.  Keep an eye for updates, and install them as soon as they are released.

Why this is important

The suggested mitigation of "turning off PGP in your email client" forces you and anyone else you're talking with to converse in clear text, which is an infinitely higher risk than such a highly targeted attack as described in this paper.

We at PI, our network of partners, and the wider human rights sphere make heavy use of PGP encrypted emails in order to do our jobs, and to communicate safely with people in vulnerable situations where they may be subject to arrest or worse based on what they do.  Recommending they stop using one of the fundamental security underpinnings of their jobs based on a complex edge case is reckless at best.

We won't be changing a single thing about our use of PGP - and we suggest that you don't either.