Sebastian Schinzel Profile picture
Husband, dad, mountain biker, professor of computer security @fh_muenster. Private account.
Nov 3, 2020 7 tweets 4 min read
New paper on how to fix #efail style attacks against e2e encrypted email, including OpenPGP and S/MIME. Joint work with @JoergSchwenk @lambdafu @dues__ @jensvoid @jurajsomorovsky @seecurity. To be presented at @acm_ccs 2020. Thread: One central problem of email e2ee is that neither MIME structure nor header fields are protected from modification. Attackers can send modified ciphertexts, can send ciphertexts with crafted MIME structures or can add or remove headers such as FROM, RCPT TO or SUBJECT at will.
Sep 30, 2019 9 tweets 16 min read
New Paper: “Practical Decryption exFiltration: Breaking PDF Encryption“ describing new attacks that uncover the plaintext of encrypted PDFs. To be presented at @acm_ccs and joint work with @jensvoid @Murgi @v_mladenov @CheariX @JoergSchwenk. #PDFex 1/n @acm_ccs @jensvoid @Murgi @v_mladenov @CheariX @JoergSchwenk Do you remember the efail.de attacks against S/MIME and OpenPGP encrypted emails? It’s basically that but against encrypted PDFs. Paper: pdf-insecurity.org. #PDFex 2/n
May 14, 2018 4 tweets 5 min read
We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. #efail 1/4 There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now. Also read @EFF’s blog post on this issue: eff.org/deeplinks/2018… #efail 2/4