The EFAIL Hype Draws a Lot of Attention to Known Bugs. This Will Enhance Everybody's Security.

EFAIL describes potential attack vectors on PGP and S/MIME encrypted emails exploitable in several mail clients. While some argue that the publication of EFAIL and the recommendation by EFF to disable PGP for now are an exaggeration, raising this issue in such a dramatic way will actually help to improve PGP and S/MIME security in the long-run. Some of the attack vectors have been known for decades, yet, several mail clients are not patched to date. Because of the 'hype' created by the authors of EFAIL and by the EFF, this will finally change.


What is EFAIL

In a nutshell, the EFAIL attack exploits active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs. With this exfiltration attack, the attacker can get hold of the plaintext email. The EFAIL paper explains the possible attack vectors in detail.

EFF issued warning to uninstall PGP tool in all mail clients

The Electronic Frontier Foundation has published a warning to disable and/or uninstall tools that automatically decrypt PGP-encrypted emails.

EFF warning has been strongly criticized

This warning by the EFF has been strongly criticized by some as being an exaggerated measure. The cryptography community has been widely divided on this for understandable reasons. In a nutshell, these are the arguments of the Pro warning party and of the Contra warning party:

  • Pro: The attack vector is real. We must stop using PGP so that it can’t be exploited.

  • Contra: If I am disabling HTML, the attack vector is gone. If I am using an unaffected mail client, my encrypted emails are safe.

  • Pro: It does not matter if you are turning off HTML or using a not-affected mail client because the other part in the conversation might be vulnerable.

  • Contra: I can make sure that the other part uses an unaffected mail client as well.

  • Pro: If you keep sending PGP-encrypted emails, you encourage others to read them with their potentially vulnerable clients.

And here is where they start going around in circles.

Both sides are right

The truth is, both sides are right.

For many (tech-savvy) PGP users, this exfiltration attack can be mitigated by making sure both sides use unaffected mail clients. On top of that, the risk for most people should an email be targeted with the EFAIL exploit is relatively low so that this might not lead to severe consequences for them. If the alternative to PGP emails are plaintext emails, these people would be much better off encrypting their emails with PGP.

However, for whistleblowers, human rights activists, and others, the threat model is very different. Failure to protect their private communication might be a matter of life and death for them. Thus, potential failure must be prevented at all costs, and disabling PGP in the mail client is the right step for them.

The EFF has a very good write-up on how to assess your own threat model.

The EFAIL hype will lead to mail clients being fixed

Thus, it is time to stop the discussion about who is right and who is not. Following the massive media attention that EFAIL has gained, affected mail clients will finally start working on patches.

Let’s remember: Some of the flaws being described by EFAIL have been known for decades. Yet, they can still be exploited in several mail clients. Maybe such a ‘hype’ is necessary to get everybody’s attention on how important these patches really are. If that it the case, the authors of EFAIL and the EFF have done all of us a favour by issuing such a drastic warning.

Tutanota is not affected by EFAIL

Tutanota is a secure email client that encrypts the entire mailbox - all emails and contacts - automatically end-to-end. Tutanota uses asymmetric encryption algorithms (AES/RSA) to encrypt all emails between Tutanota users end-to-end by default.

Tutanota is not affected by EFAIL because it does not use PGP or S/MIME for the built-in end-to-end encryption.

When we started building Tutanota, we have decided not to use PGP because we believe it is important to encrypt the subject line, content and all attachments automatically. Not using PGP also makes the system more flexible as this makes it easier to add more encrypted features such as a free calendar or to update the encryption algorithms should quantum computers gain the ability to break AES/RSA encryption.

We believe that an encrypted solution must be as easy to use as possible because only ease-of-use can mitigate the risk of human error.

Tutanota fights for privacy and freedom of speech online, enabling everybody to send encrypted emails on desktop and mobile. Register your free mail account today.