Cybersecurity

9 readers

45 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

founded 2 years ago

MODERATORS

[email protected]

Modernizing and improving PGP security | Proton (proton.me)

submitted 1 year ago by [email protected] to c/[email protected]

1 comments fedilink hide all child comments

Daniel Huigens, the head of Proton’s cryptography team, explains how the latest crypto refresh makes PGP more secure.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

When Protonmail says “An attacker without access to your secret key should not be able to modify your message without detection,” it’s a bit rich because Protonmail themselves are one possible (and most likely) threat. They can simply push malicious javascript when you login and your browser will automatically trust it. Until they fix that “Modern authenticated (AEAD) encryption” is just security theatre.

It’s a money problem. The fix to get everyone using a open source bridge, but Protonmail wants to sell you their bridge not support a free one like Hydroxide.