Daniel Huigens, the head of Proton’s cryptography team, explains how the latest crypto refresh makes PGP more secure.
You must log in or register to comment.
When Protonmail says “An attacker without access to your secret key should not be able to modify your message without detection,” it’s a bit rich because Protonmail themselves are one possible (and most likely) threat. They can simply push malicious javascript when you login and your browser will automatically trust it. Until they fix that “Modern authenticated (AEAD) encryption” is just security theatre.
It’s a money problem. The fix to get everyone using a open source bridge, but Protonmail wants to sell you their bridge not support a free one like Hydroxide.