Yesterday, a news report carrying the hashtag #Efail made headlines around the world; Münster researchers have published exploits for S/MIME-encrypted and PGP-encrypted emails. The NoSpamProxy team has reviewed the available facts for relevance to NoSpamProxy customers and published a press release today.
It is important to understand that the encryption algorithms of S/MIME and PGP have not been cracked. Instead, the email content is decrypted on the computer on which the private key required for decryption is stored. This content is then transmitted to the attacker using a specific technique.
After an inquiry of the Westdeutscher Rundfunk (WDR) we were able to arrange an interview with Peter Hansemann, managing director of NoSpamProxy partner ICN in Dortmund.
Link to last night’s WDR report (in German):
Peter Hansemann concludes: Imperfect encryption is better than no encryption at all.