Security researchers discover critical flaw in PGP encryption that reveals plaintext

Greg S

TS Evangelist

Pretty Good Privacy (PGP) is an encryption tool used to sign emails, documents, directories, and even full hard disks. According to security researcher and professor Sebastian Schninzel of FH Münster, PGP and S/MIME email encryption contains a flaw that allows for the plaintext form to be recovered.

This is a major concern for anyone who is using the encryption to protect sensitive information. Previously encrypted emails may now become available for decryption without having the proper credentials to do so.

Although the research will not be released until Tuesday at 7am UTC (scratch that, it's out already), the Electronic Frontier Foundation was granted access to the full publication ahead of time in an effort to warn the community of the risk. Schninzel and the rest of his team are intentionally warning users ahead of time as part of a responsible disclosure procedure.

Both the researchers involved and the EFF recommend that all users of PGP immediately disable or uninstall the tool they are using until the exact issues are better understood. Alternatives such as Signal are believed to remain secure methods of communication.

Currently, there is no fix that has been developed to fix the flaws found. All we know for right now is that PGP and S/MIME should be avoided until there is more information to determine their future viability.

Permalink to story.

Last edited by a moderator:


TS Evangelist
Conspiracy theory: it seems like someone is trying to get people to stop using encryption - I wonder who?

Just stop your mail client from automatically rendering HTML in messages received from unknown/untrustworthy sources and you're safe.
  • Like
Reactions: Godel


TS Ambassador
The details at disclose mitigations shown here:

  • Short term: No decryption in email client. The best way to prevent EFAIL attacks is to only decrypt S/MIME or PGP emails in a separate application outside of your email client. Start by removing your S/MIME and PGP private keys from your email client, then decrypt incoming encrypted emails by copy&pasting the ciphertext into a separate application that does the decryption for you. That way, the email clients cannot open exfiltration channels. This is currently the safest option with the downside that the process gets more involved.
  • Short term: Disable HTML rendering. The EFAIL attacks abuse active content, mostly in the form of HTML images, styles, etc. Disabling the presentation of incoming HTML emails in your email client will close the most prominent way of attacking EFAIL. Note that there are other possible backchannels in email clients which are not related to HTML but these are more difficult to exploit.


TS Ambassador
Comment on

"If your email client respects this warning and does the right thing - namely, not showing you the email - then you are completely protected from the Efail attack, as it's just a modern spin on something we started defending against almost twenty years ago," writes Robert J. Hansen, chief author of the GnuPG group response.

That EFAIL is a vulnerability that should not have a major impact on a huge population is the consensus in several tweets today from high-profile security experts, such as Dan Guido:

Before anyone freaks out about "efail", realize that using it would be:
1) extremely easy to detect
2) archived in your target's email
As an attacker, I could not care less about this technique. It's intellectually neat, but operationally stupid.
and that means TRIVIAL to discover
Last edited:
  • Like
Reactions: wiyosaya and Godel