"Post quantum" or "quantum resistance" are common terms used to describe crypto that is harder to crack by quantum computers. I don't see any snake oil here.
Post quantum - as in designed to resist quantum computer based attacks under which rsa would quickly crumble. Why do you associate this with snake oil?
It does sound a bit like the famous "military grade encryption" and it's equally (ab)used by snake oil salesmen.
I can't say anything about TutaCrypt's long-term effectiveness except that CRYSTALS-Kyber is touted as being at the forefront of post-quantum cryptography.
I wouldn't call it snake oil, but right now it appears quantum encryption cracking is only theoretical. I'm not sure how anyone can promise to mitigate attacks that haven't yet arrived.
Global Risk Institute... found that the majority of cryptography experts it surveyed believe quantum computers, more broadly, will be able to break anything encrypted with RSA-2048 within 24 hours within the next 30 years.
Most cryptography experts are probably not experts in quantum computers as well.
We already know the algorithm to break RSA with a quantum computer. We just don't have the hardware yet. Nobody knows when the hardware will be available but a lot of entities are working on it.
It's common in cryptography to mitigate attacks that are known but not feasible without further advances in hardware or algorithms. Nobody wants to wait until an attack is successful. That's why NIST is already working on post-quantum cryptography standardization:
If an entity says they support a new security feature then the assumption is that they are doing so for some actual reason. So if you throw in that feature then all your competition is instantly at a disadvantage. Few will care enough to do enough research to evaluate the implied claim.
So all that is needed in this case is for potential customers to have the idea in the back of their minds that there might be an issue. The hyperbolic articles about the quantum threat serve that purpose.
So Tuta can be seen to be both a victim and a cause here.
Tuta once ranted in a blog post that Microsoft was out to get them.
Because they used tutanova.com for their internal corporate use but they also let public users signup for emails @tutanova.com. And no shocker, MS won't let you have public users create MS accounts when a fucking AD org with that domain exists.
seconded. It doesn't sound like practical security that would help anyone, but like a bunch of snake-oil mumbo-jumbo written by "growth-hackers" without a clue.
I get the theory but until there is actually a quantum computer that can break it it would be more helpful to talk about threat-models or operational security. because crypto is hardly what anyone with brains will try to break to steal your memes.
much more worried about terrible security of MIME parsing.
> until there is actually a quantum computer that can break it
There isn't one yet (at least that the general public knows about), but that doesn't mean we don't need to do anything about it right now. See this problem, for example, which would potentially affect today's encrypted data if it were harvested and saved to storage for the long term: https://en.wikipedia.org/wiki/Harvest_now,_decrypt_later
"Post quantum" or "quantum resistance" are common terms used to describe crypto that is harder to crack by quantum computers. I don't see any snake oil here.