Comment by tialaramex
6 years ago
> Well isn't it? What attack is possible here? What attack was ever possible?
No. Unsurprisingly the result is exactly what you'd expect. Idiots build software that throws away the error result and returns the unauthenticated text. This has always happened, which is why AEAD modes exist now. EFail documents what it names "CFB gadgets" to abuse this in typical HTML-based OpenPGP clients but you could attempt the same fun attacking a human subject directly, in some ways it might be easier because humans tend to just sort of "read past" nonsense in the search for meaning.
Phil Zimmerman didn't have a better option. You do.
> You use the best ones supported by the receiver as listed in their public key
So, you never use anything in the least bit new unless you're communicating with somebody who just minted new keys. For older users, you're stuck with whatever was current in the software version they ran five, ten, twenty years ago.
>For older users, you're stuck with whatever was current in the software version they ran five, ten, twenty years ago.
GPG2 doesn't support V3 keys anymore so old keys just won't work. That point is fairly moot in that pretty much all the ancient encryption is still unbroken.