Published on May 16, 2018
Hushmail customers are safe from critical vulnerabilities recently discovered in OpenPGP encryption tools and reported in the media.
Hushmail uses OpenPGP, an open source, end-to-end encryption standard used to encrypt emails. The OpenPGP standard protects against attacks like EFAIL by supporting "authenticated encryption.” The problem is, in order to work with very old OpenPGP implementations, some email clients and plugins don't enforce this strictly. EFAIL takes advantage of this vulnerability.
At Hushmail, we made a decision many years ago to not maintain backward compatibility with older implementations, and strictly enforce authenticated encryption. This protects our customers from EFAIL and related attacks.