11 bookmarks. First posted by krisnelson 11 days ago.
Schinzel referred people this blog post published late Sunday night by the Electronic Frontier Foundation. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email. Both Schinzel and the EFF blog post said they will be disclosed late Monday night California time in a paper written by a team of European security researchers. The research team members have been behind a variety of other important cryptographic attacks, including one from 2016 called Drown , which decrypted communications protected by the transport layer security protocol. Given the track record of the researchers and the confirmation from EFF, it's worth heeding the advice to disable PGP and S/MIME in e-mail clients while waiting for more details to be released Monday night.11 days ago by sechilds