2
submitted 1 year ago by Canard@fedia.io to c/cybersecurity@fedia.io

Daniel Huigens, the head of Proton’s cryptography team, explains how the latest crypto refresh makes PGP more secure.

you are viewing a single comment's thread
view the rest of the comments
[-] ciferecaNinjo@fedia.io 2 points 1 year ago* (last edited 1 year ago)

When Protonmail says “An attacker without access to your secret key should not be able to modify your message without detection,” it’s a bit rich because Protonmail themselves are one possible (and most likely) threat. They can simply push malicious javascript when you login and your browser will automatically trust it. Until they fix that “Modern authenticated (AEAD) encryption” is just security theatre.

It’s a money problem. The fix to get everyone using a open source bridge, but Protonmail wants to sell you their bridge not support a free one like Hydroxide.

this post was submitted on 06 Sep 2023
2 points (100.0% liked)

Cybersecurity

2 readers
1 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

founded 1 year ago
MODERATORS