< Forrrige nyheter Neste nyheter >
How to break PGP if you had an

How to break PGP if you had an "F" in math

Tirsdag 19, November

– Tales on email end-to-end encryption in practice.


OpenPGP and S/MIME are the two major standards to encrypt and digitally sign emails. We show practical attacks against both crypto schemes in the context of email. This talk is a "lessons learned" on what can possibly go wrong when developers implement crypto – and how hard it is to build effective security on top of email. There will be no math involved, lean back and enjoy.

Instead of targeting the underlying cryptographic primitives, our attacks abuse legitimate features of the MIME standard and HTML email, as supported by modern mail clients, to deceive the user regarding the actual message content. We demonstrate how nation-state actors can abuse an unknowing victim as a decryption oracle by replying to an unsuspicious looking email. Using this technique, the plaintext of hundreds of encrypted emails can be leaked at once.


Moreover, we show how users can be tricked into signing arbitrary text by replying to emails containing CSS conditional rules, as well as further, practical signature forgery attacks against various PGP and S/MIME implementations. An evaluation shows that all major email clients are vulnerable to at least one attack. Finally, we provide different countermeasures and discuss their advantages and disadvantages.


Presentation will be held by Jens Müller. Jens is a PhD student at the Chair for Network and Data Security, Ruhr University Bochum, Germany. His research interests are legacy protocols and data formats, for which he loves to investigate what could possibly go wrong in a modern world. He has experience as a speaker on international security conferences (Black Hat, DEF CON, USENIX, OWASP, IEEE S&P) and as a freelancer in network penetration testing and security auditing. In his spare time, he develops free open source software, for example tools related to network printer exploitation.


Hvis du trodde at du var sikker når du krypterte dine e-poster - da må du tro om igjen! Dette foredraget må du ikke gå glipp av hvis du ønsker og sikre dine e-poster!