Tuta Launches Post Quantum Cryptography for Email (2024)

What many miss is that updating your encryption algorithm <i>now</i> means decrypting all your previous data and then reencrypting it with the new algo. This is very expensive, time consuming and is something that you must do before encryption is broken or before your encrypted data is stored for later decryption.<p>This move, hopefully, promises to avoid this headache if the algo is actually post-quantum.

Last time I checked, while tutanota&#x27;s emails are ostensibly E2E encrypted, all public keys are provided by their server and there&#x27;s no way to pin keys or verify them over a side channel, so a compromised server could trivially send its own public keys and MITM attack all encrypted emails.<p>This completely defeats the purpose and guarantees of E2E encryption, but for some reason, it hasn&#x27;t seemed to be a priority for them. The article passingly mentions key verification, so hopefully that&#x27;s changed.<p><a href="https:&#x2F;&#x2F;github.com&#x2F;tutao&#x2F;tutanota&#x2F;issues&#x2F;768">https:&#x2F;&#x2F;github.com&#x2F;tutao&#x2F;tutanota&#x2F;issues&#x2F;768</a>

I browsed through the article, but it&#x27;s not clear to me if they&#x27;re only encrypting data at rest (that you open up with a login session, but then: their referenced docs mention alice and bob exchanging messages, so that can&#x27;t be it), or that they&#x27;re encrypting messages and sending them out (i.e. it is similar to openpgp, but then their own custom thing? how would that interoperate with anyone else?).<p>Perhaps it makes more sense if you already know how they operate technically. There&#x27;s a chance I browsed too quickly and missed the explanation... The article reads a bit confusing with the mixing of (a)symmetric concepts.

I like Tuta but they are just not competitively priced. Proton purchased SimpleLogin &amp; their $4&#x2F;mo. premium plan includes unlimited aliases &amp; custom domains. Tuta charges €8&#x2F;mo. and you only get 30 aliases &amp; 500GB of storage. Just doesn&#x27;t make a lot of sense to me.

Given the massive bottlenecks that will likely remain in quantum for the next 10yr+ (Would love to see a change here obviously but c&#x27;est la vie)<p>I doubt anyone is blanket decrypting everyone&#x27;s email just to see what people had for lunch even if it&#x27;s &quot;only&quot; encrypted with rsa4096...

People who use this type of service, will you share your threat model? I am interested in the technology but have not had sufficient reason to make the jump from Fastmail.

Whenever I hear the phrase &quot;post quantum&quot;, I associate it with snake oil. So this marketing article made me less likely to become a Tuta customer.