Tutanota Germany-based encrypted webmail

Discussion in 'privacy technology' started by dogbite, Jul 6, 2014.

  1. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,097
    IMO we need an email provider who implements an entirely different method of authentication. Steve Gibson mentioned the idea in one of his webcasts he also talked about coding something but I haven't seen any mention of it on his website as yet, anyway it would work something like this, when you sign up to the email provider it would probably include a small client app to reside on your device, the app creates a private and a public key, the public key is sent to the email provider.
    The public key can be then used for two purposes.
    1. To log in to your account the email provider encrypts a random string using your public key and sends it to you, your private key decrypts it and sends it back. If the string is correct you are authenticated as the owner. This would all be done over TSL to prevent an attacker intercepting anything.
    2. The email provider uses it to encrypt all non encrypted incoming email.
    There are several advantages to this,
    The email provider cannot be forced to give up your encrypted email by anyone because they never have your private key.
    You cannot be expected to give up your password verbally because it is an encryption key.
    There is no actual password sent over the internet to be intercepted.
    There is no typing of a password involved so no keylogger can grab your password.
    The client app can be portable on an easily destroyable thumb drive.
     
    Last edited: Mar 27, 2015
  2. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,376
    Location:
    UK
    @cb474, @mirimir - I'm kind of guessing that the (planned) PGP support could act as the basis for the interchange between the different providers - effectively, they'd automatically be directories for your PGP public key to allow the secure transmission across the boundary (and keeping their zero knowledge). Of course, that'd mean they'd be able to associate your public key with your account with them (how else could it work?), but you could always mint a new one for the purpose, or else use the one they generated. I don't know what would be done about the subject line, but at least, at no time would that metadata be available to anyone other than the services involved (which would be true for any PGP based mail unless we're looking at new standards they're working on).
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,879
    @RockLobster

    I like that! It's analogous to key-based SSH authentication. You're already hosed if your private key gets compromised, and otherwise authentication is secure.

    @deBoetie

    I've lost track of how many GnuPG key pairs I have. More or less, there's one for each of my main personas.
     
  4. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,097
    I like it too, I have seen the big corporates are going to be pushing biometric authentication which is obviously just an easier way of forcing people to give up their log in authentication, capture them, stick them in front of a scanner and its game over or even scan them covertly you can be sure long range versions of face recognition scanners already exist for breaking that type of biometric authentication. I can imagine people scanning their wives or husbands face while they are asleep to get into the email or whatever lol.
    I believe Steve Gibson named the idea I mentioned above "squirrel" and it could be used for all kinds of web authentication so a single private key can be used for everything or perhaps one for ultra secure stuff and one for everything else. I think overall it is a great idea.
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,879
    Having many, each for specific purpose(s), would be better, I think. Compartmentalization, again :)
     
  6. cb474

    cb474 Registered Member

    Joined:
    May 15, 2012
    Posts:
    340
    By "proprietary crypto" you just mean Tutanota and Protonmail encryption is not compatible outside their own services, correct? Because they are both open source and use open source cryptography. Tutanota uses AES and RSA, Protonmail uses AES, RSA, and OpenPGP. Tutanota has definitely open sourced all of their code. You can get it on github. Protonmail uses Linux for their servers and said they were going to open source all of their code by the end of last summer, once it was done being audited (I can't quite tell if that happened or not). Anyway, I wouldn't want their to be any misunderstandings about in what sense their systems are "closed."
     
  7. cb474

    cb474 Registered Member

    Joined:
    May 15, 2012
    Posts:
    340
    This sounds like a secure system, but I'm not sure how many people are going to want an email account that relies on carrying around a thumb drive or only being able to use it on a specific machine that has the private key. Also if the key was ever lost or corrupted, your email would never be recoverable.

    I'm not saying I don't like the idea, but it's worth keeping in mind that Tutanota and Protonmail are designed to try to bring easy, convenient, encryption to the unsophisticated masses. There are some compromises that go with that, which both providers readily admit. While it's always interesting to think about more secure systems and certain people have real needs for this, making pretty good (as it were) encryption available to everyone is also a laudable goal. There are always compromises between convenience and security. I don't know if anyone has fully overcome that yet.

    I do agree that biometric authentication is crap, though. It sounds super sophisticated, but tends to be surprisingly easy to hack in real world implementations. Certainly the finger print readers on phones are less secure than passwords. Face recognition has also be easy to defeat. Maybe voice recognition is better, I don't know. But as RockLobster points out, there are a lot of ulterior motives to getting people to hand over more and more biometric information.
     
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,879
    Yes, that's what I mean. Neither Tutanota nor Protonmail users can exchange encrypted messages with GnuPG users, or with each other. Countermail, in contrast, is fully compatible with (and probably uses) standard GnuPG.
     
  9. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,376
    Location:
    UK
    Both Tutanota and Protonmail have said they're doing TFA this year (in their paid offering), but both are remarkably light on detail, though Protonmail did reference Yubikey which is what I use in OTP and HMAC-SHA1 form. It's better than a thumbdrive IMO because it's small, waterproof and completely passive.

    I would quite like them to make use of the Fido U2F mechanism, as this does provide per-site and quite privacy friendly key generation/authentication. and the keys are cheap. Sadly, the only major site that implements this right now is Google, it's still Chrome only, and they want your mobile number as "contingency". Ha! I was intrigued by Steve Gibson's Sqrl too, but it doesn't seem to have that much backing, I don't know. The last thing we need is further TFA babel.

    I agree with the comments about biometrics, and the motivations behind their use. For sure, they're not there for the benefit of users, although nominally convenient, their false positive/negative rate is poor, you can't have privacy and they're non-repudiate-able. Awful. The slight inconvenience of needing to have my Yubikey is trivial by comparison.
     
  10. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,097
    You are probably right not everyone would want that kind of security but an email provider could implement it as an option for those who need it.,
     
  11. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,194
    Location:
    EU
    TFA is a plus but when anybody uses a password like this:

    ?:Nq@Pq%r{;rLu>z:~$a49g1:N(v_Zp0>hHCsN3SoJ`5dT}<qN~k/@M~>KDO-<rB%)|@miS'[pU8SmYZ

    Is it really necessary?
     
  12. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,376
    Location:
    UK
    Depends what your assessment is of your vulnerability to KSL or MITB. TFA mitigates against that.

    I think that's why I want TFA for this class of service - being completely reliant on a single factor, implemented in the browser, is somewhat dangerous IMO. Having an OTP which authenticated semi-out-of-band is a distinct advantage.
     
  13. cb474

    cb474 Registered Member

    Joined:
    May 15, 2012
    Posts:
    340
    Yeah, I think man in the middle/browser attacks seem to be becoming more common, especially with the increasingly sad state of SSL/TLS. I don't really know if that's true in practice, but it seems like every week there's a bad vulnerability discovered that would allow these types of attacks. And keystroke loggers are a real problem too, definitely on Windows, propably increasingly on OS X. So I think those are legitimate concerns. (Although I suppose the sort of person aware enough of these issues and proactive enough to use a Yubikey is probably also the sort of person sophisticated enough not to get viruses by willly nilly clicking on attachments and the like.)

    What does OTP stand for, by the way? One time pad? Oh, the preciousness? Onward Trojan People?
     
  14. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,194
    Location:
    EU
    I am testing also the iOS app. Found a couple of flaws: app crashes when going iOS Notification of a new email to inbox (swiping the notification). Also, sometimes new email does not show up in Inbox, I need to log out and log in again. I reported those to Tutanota.
     
  15. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,376
    Location:
    UK
    Enjoyed your TLA speculations! It's One Time Password, generated according to a number of schemes in co-operation with a server.

    I went through the cycle of wrestling with X.509 key fobs, and found them awkward to manage in practice and not all that well supported by applications. By contrast, the Yubikeys are very livable and relatively cheap. They support OTP which I use with Lastpass, and also a local challenge response hashing mechanism (HMAC-SHA1) based on a programmable secret in the key, which is local. This allows windows account authentication with two factor, and also works with Password Safe. Very easy to deal with. There are also variants which support Fido U2F and various forms of certificate including PGP keys.

    So yes, looking forward to seeing what their scheme will be - as long as it's not biometrics or SMS or smartphone apps.
     
  16. cb474

    cb474 Registered Member

    Joined:
    May 15, 2012
    Posts:
    340
    If you use Yubikey with Lastpass, you're getting one time passwords with Lastpass, correct? But then Lastpass is just logging into other sites with a single password. So it doesn't really replace two factor authentication offered by a site that doesn't use Yubikey. You're still stuck with whatever two factor authentication mechanism that site uses (text, app, etc.). Really you're only better protecting your Lastpass account (which, of course, is important) and then getting the benefit of whatever unique complex password Lastpass assigns. But Yubikey can't really add security to a site that does not support it. Am I missing something?
     
  17. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,376
    Location:
    UK
    The Yubikey is there to strengthen the master password for the Lastpass vault, it does nothing about the site password. So even if someone got hold of your Lastpass master password, it wouldn't help them without the key as well. Because the site passwords (stored in the vault) are generated by LastPass to configurable strength and complexity, and is unique to each site, that's really the best you can do for sites which do not natively support two-factor. Of course, I'd much prefer the sites to directly support two-factor, but the current rate of adoption and the TFA standards babel makes that few and far between. Plus I'm not accepting biometric or smartphone/SMS based efforts.
     
  18. cb474

    cb474 Registered Member

    Joined:
    May 15, 2012
    Posts:
    340
    Thanks for the details. That's what I thought.

    Yeah, I don't like smartphone based TFA either. I figure my smartphone is the most likely thing I have that will be lost or stolen, why would I want it to be the key to my bank account? And if I have the bank account app for TFA, now the thief knows what my bank is. For anyone who also does email on their smartphone, a thief may well also have access to the email account used for password resets. It's the dumbest thing ever.

    Even more ridiculous is that a lot of banks have an app that they want you to use to access your account and for the TFA mechanism. What? The whole point is that it should be a physically different device.

    It's a shame that finally TFA is becoming more common, but it's being implemented in such a shoddy way.
     
  19. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,194
    Location:
    EU
    Carry on testing. I must say their support is great, very quick replies.
    A security concern I have is that images are displayed in emails and there is no setting to block them. Support replied that this will be fixed by end of April, with a new webmail release.
     
  20. cb474

    cb474 Registered Member

    Joined:
    May 15, 2012
    Posts:
    340
    Yeah, I've also found the support to be super quick to reply and they really seem to consider comments and suggestions seriously. They don't have every feature one might want yet, but the pace of development is really good.
     
  21. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,448
    Awesome service. I hope they continue to build a great email web mail for users.
     
  22. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,194
    Location:
    EU
  23. SirDrexl

    SirDrexl Registered Member

    Joined:
    Apr 14, 2012
    Posts:
    554
    Location:
    USA
    Has anyone had problems with form fillers not working with Tutanota? Both ChromeIPass and PassIFox (KeePass extensions) will fill the forms, but I get an error when I click on the enter button.

    I also tried KeeFox, and it won't touch the forms at all. Is this due to some security measure? This is the first site I've encountered that will not work with these things.
     
  24. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,194
    Location:
    EU
    I do not know, but FYI Lastpass works perfectly, so I guess ChromeIPass should works as well.
     
  25. SirDrexl

    SirDrexl Registered Member

    Joined:
    Apr 14, 2012
    Posts:
    554
    Location:
    USA
    I'll just have to use the auto-type feature. It works with two-channel obfuscation as well.

    So far, I'm not too impressed with it. While I won't complain about the looks (that's subjective), there doesn't seem to be a way to sort or group anything. I prefer to let messages pile up and then do periodic maintenance, like grouping a few hundred messages from a particular sender and then deleting them at once. But here, I have to delete them one by one. You can create new folders, but even then, you have to move messages one by one and you can't set any rules to automatically direct them there. Unless I'm just missing how to do it, that is.

    This would be okay for an infrequently-used account that you use to talk to a few of your friends or something, but it doesn't seem suitable for an account that gets dozens of messages a day from things like newsletters, alerts, forum notifications, etc. ("bacon").
     
Loading...