top | item 39742980

(no title)

dvon | 1 year ago

How does Tutanota work to make sure that TutaCrypt is indeed unbroken or at least so time consuming to break that it is not worth the effort?

Do you employ cryptographers? Do you have engineers who specialize in security?

And do you have a process set up for a sort of recovery from a failed encryption implementation?

edit: that is to say, what is the plan in the event your encryption is proven faulty and your customer's emails are leaked to the public due to this fault?

discuss

Tutanota|1 year ago

Our core development team are trained to work in applied cryptography and we work directly with the University of Wuppertal cryptographers for cryptanalysis and testing.

To secure our customer's emails we do not only rely on the new post-quantum algorithm but we use a post-quantum Key Encapsulation Mechanism (CRYSTALS-Kyber) in combination with an Elliptic-Curve-Diffie-Hellmann key exchange (x25519). We did choose Kyber for pq encryption because it has been chosen by NIST for standardization. However, we are aware that it still might be broken in the future. In this case our implementation allows us to replace it with a different post-quantum Key Encapsulation Mechanism. Our customer's emails will not be leaked in this case because they are still protected by the state-of-the-art Elliptic-Curve-Diffie-Hellmann key exchange.