Hacker News new | ask | show | jobs
by tptacek 2537 days ago
S/MIME is even worse than PGP.
1 comments
Avamander 2537 days ago
S/MIME has better e-mail client support and has massive deployment (use, not that much) in Estonia. I think it already beats PGP in two major aspects with that.
link
tptacek 2537 days ago
S/MIME manages the feat of being even less secure than PGP-encrypted email, which was, again, a low bar to trip over.
link
Avamander 2537 days ago
Please elaborate.
link
wolf550e 2536 days ago
I think efail showed S/MIME was even more susceptible.
link
Avamander 2536 days ago
That vulnerability has been largely mitigated, hasn't it? I'm really curious how GPG is more secure than S/MIME right now.
link
wolf550e 2536 days ago
"8.2 Countering malleability gadget attacks" in the efail paper says: "The S/MIME standard does not provide any effective security measures countering our attacks" and "Although CMS defines an AuthenticatedData type [29], S/MIME’s current specification does not."

If the S/MIME spec does not enforce (and it seems it doesn't even allow, not just does't enforce) Authenticated Encryption, then it violates "the cryptographic doom principle" and should not be used for anything except CTFs and cryptopals exercises.

link