this post was submitted on 06 Sep 2023
2 points (100.0% liked)

Cybersecurity

14 readers
8 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

founded 1 year ago
MODERATORS
 

Daniel Huigens, the head of Proton’s cryptography team, explains how the latest crypto refresh makes PGP more secure.

top 1 comments
sorted by: hot top controversial new old
[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

When Protonmail says “An attacker without access to your secret key should not be able to modify your message without detection,” it’s a bit rich because Protonmail themselves are one possible (and most likely) threat. They can simply push malicious javascript when you login and your browser will automatically trust it. Until they fix that “Modern authenticated (AEAD) encryption” is just security theatre.

It’s a money problem. The fix to get everyone using a open source bridge, but Protonmail wants to sell you their bridge not support a free one like Hydroxide.