|
|
|
|
|
|
by Andrew_nenakhov
1776 days ago
|
|
|
The most likely attacker against proton mail are various law enforcement or intelligence agencies. Such agency can force PM to modify login process to derive password from submitted form, or to just switch private keys for non-encrypred ones, because the user won't even notice it. Truly secure entity just wouldn't have private keys on a server at all. Users would have to go through an an uncomfortable process of generating and uploading keys to clients, but they would be truly safe. To sum it up, you can't really have security and convenience at once. besides skipping a proper key management process, PM also mail skips such important steps as verification of email partner identify and key verification, so you have to trust PM that you are really talking to a person you think you are talking. |
|
|
They don't. They have your encrypted private key, but there's no need to keep that secret. (The decryption key is derived from your password, so the password needs to be strong and secret.)
> Such agency can force PM to modify login process to derive password from submitted form, or to just switch private keys for non-encrypred ones, because the user won't even notice it.
Yes, definitely. It's hard to trust self-updating software (like JavaScript in the browser), particularly if you're concerned about targeted attacks. But creating your own private keys and then entering them in the browser wouldn't help you at all against that sort of attack. You would instead need a different type of client that could be trusted somehow not to leak your private key.
It's not uncommon for services like this to offer a downloadable version of the web client so you can pin a version and audit the code as needed. I think maybe https://github.com/ProtonMail/WebClient is that for ProtonMail? If so, you should be able to verify that code and then use that. The fact that an encrypted copy of your private key will live on ProtonMail's servers shouldn't bother you.