15 Years of Broken Encrypted Emails... and We're Still Doing It Wrong

March 3, 2017

Alfredo Pironti


15 Years of Broken Encrypted Emails... and We're Still Doing It Wrong

Time:   11:00am
Location:   Meeting room 302 (Mountain View), level 3

Starting from a research paper of 2001, we show how OpenPGP encryption of emails is fundamentally broken. We show how an attacker can get hold of sensitive email content by tampering with email data that the user would expect to be protected. We apply this attack against PGP-enabled email addresses used to report vulnerabilities to software vendors – and we get more than 50% of the submitted reports. Based on currently available information, we believe that recent End-to-End secure email projects still suffer from these same known issues.