The guys running this service:
A) Are almost clueless about security / encryption
B) Are scammers
C) Work for a three letter agency who is behind of the service as suggested by Sparky63.
Here is why:
1) They say:
We use only the most secure implementations of AES, RSA, along with OpenPGP.
Which in combination with the webmail thing reads as:
We create a public/private PGP key pair for you.
We will store them both in our servers encrypted using RSA by a password you set.
When you connect to the service and introduce your second password our awesome java script will decrypt the private key and will use it to read and
write new emails.
The catch here is that as of today there are some doubts about RSA... just a random example:
" target="_blank" class="postlink">Exclusive: NSA infiltrated RSA security more
deeply than thought - study
If/when the RSA part of the puzzle is solved, the rest does not matter anymore.
But even if NSA is unable to really break AES-256, there is another problem with it: password length, and the fact that ppl doesn't usually use 32
So the otherwise more secure PGP is rendered insecure by the application of these guys.
Then there are some other buzz words and technology mixup that seem to be there just to impress:
Everything in the systems of these guys in encrypted a lot of times even the HDs of the servers...
Why do they need to encrypt again if the emails are already encrypted by their owner?
Who enters the encryption passwords on the servers?
Why encrypting the hard drive if they are so well protected by the Swiss legislation?
Server side integrity checks...
Those server side security checks, are also checked? I mean if someone would get access to their super encrypted server and modify the open source
code they are using but did not seem to have publish for public review, she would also modify the security checks... wouldn't she?
Swiss SSL... First time I hear of it... I bet it's a lot better than American SSL, and way better than African SSL... The Swiss one, for sure is
invulnerable to things like the The Heartbleed Bug. Wait! SSL is a protocol and being initially developed by Netscape I think it should be called
"Netscapian SSL". Meh.. what do I know, I don't have friends at CERN.
My recommendation for those who want encrypted email is just to read abot OpenPGP, install Thunderbird with the right plugin and enjoy free, secure
emails. On Android you can use K-Mail and APG, both free as well.
The ProtonMail Threat Model
1) Compromised User
OK, nice that they acknowledge this one
2) Man-in-the-Middle (MITM) Attacks
So MITM, is not rare, is a very rare attack... far more attack that can tipically only be executed by a strong adversary... yeah like someone running
a sniffer on the open wifi spot you are using, oh no... the government.
3. Unauthorized backdoor... so you'd think the attacker would try to modify the application to gain user's second password, right? They don't. There
scenario is that he would send "bad encryption code to get unencrypted data". If the attacker had studied the same materials they did I wouldn't worry
too much about him, really.
"The odds of this being successfully executed is indeed quite low."
Indeed... I think they are null.
Ok, they think about everything, they even: "blocked the username email@example.com"
Come on... these guys are a joke.
edit on 23-5-2014 by Torbu because: (no reason given)