CLOSED: [2018-11-21 Wed 09:56]
:PROPERTIES:
:CREATED: [2018-11-21 Wed 09:44]
:ID: 2018-11-21-ProtonMail-security-paper
:END:
:LOGBOOK:
- State "DONE"       from "NEXT"       [2018-11-21 Wed 09:56]
:END:

A couple of days ago, [[https://en.wikipedia.org/wiki/Nadim_Kobeissi][Nadim Kobeissi]] from [[https://symbolic.software/][Symbolic Software]] published
[[https://eprint.iacr.org/2018/1121.pdf][this PDF whitepaper]] where he analyses the security of [[https://protonmail.com/][ProtonMail]], a
swiss-based email provider.

With the end of [[https://en.wikipedia.org/wiki/Lavabit][Lavabit]], many security- and privacy-concerned people
switched to ProtonMail. This is why ProtonMail security is relevant.

The Conclusion chapter of the whitepaper starts with following
paragraph:

#+BEGIN_QUOTE
Our findings, presented [here], constitute serious shortcomings in
ProtonMail's cryptographic architecture that we believe should be
urgently remedied. As it stands, ProtonMail does not meet its
self-professed security goals when these are subjected to analysis.
#+END_QUOTE

The [[https://protonmail.com/blog/][ProtonMail blog]] does not list any reaction. However, they are
pretty busy [[https://twitter.com/ProtonMail][with their Twitter account]] and refer to [[https://old.reddit.com/r/ProtonMail/comments/9yqxkh/an_analysis_of_the_protonmail_cryptographic/ea3g0hm/][this reddit thread]]
where they discuss with Nadim.