The Cybersecurity 202: Security community has its own encryption debate after discovery of new flaw


Keys and padlock on the computer keyboard as a data security concept.

Security experts are at odds over how to respond to new research showing hackers could decrypt emails that were supposed to be protected by a popular encryption tool known as PGP, or Pretty Good Privacy. 

A group of European researchers on Monday revealed a flaw in the way certain email programs handle PGP and S/MIME, a similar encryption protocol commonly used by businesses and other enterprises, as my colleague Brian Fung and I reported yesterday

The discovery of the flaw, dubbed Efail, blew open a rift between defenders of PGP who insist the encryption is sound — and others who say it’s time to move away from the 30-year-old technology in favor of encrypted messaging apps such as Signal.

“This whole PGP infrastructure is kind of a mess and needs to be hardened up and fixed, or we need to start

... read more at: