ProtonMail - Encrypted Email

Discussion in 'privacy technology' started by rock_man, Apr 28, 2014.

Thread Status:
Not open for further replies.
Page 2 of 2
  1. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,290
    Location:
    EU
    dogbite, Jul 3, 2014
    #26
  2. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,873
    Location:
    Outer space
    BoerenkoolMetWorst, Jul 7, 2014
    #27
  3. Splosh

    Splosh Guest

    Hi Andy, it's nice to be able to communicate with the developers on security issues.

    Forward secrecy:
    No this one is, like said in the thread, transparent. The reason we want to do DH key exchange prior to all connections, is to prevent some active MITM attacks. Otherwise encryption depends on third party. NSA signs a certificate with stolen "Swiss sign" root certificate (huge thanks for not using US-based CA). If it's not already so, please make it possible for user to view all IP addresses from which protonmail has been logged into. This makes active MITM against DH harder.

    Key length
    Please let the user choose it. I wouldn't mind taking a nap while my 16k key generates, clientside generation isn't burden for Protonmail anyway.

    Source code
    If not already, please make the client side software _free_. Charge only for the storage space.

    publishing SHA3 of public key
    This does not increase security since MITM attack against service from which it is viewed from can change content. Security of key authenticity depends on CA in both cases.
     
    Splosh, Jul 8, 2014
    #28
Page 2 of 2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...