difference between secure-mail.biz - protonmail.ch?

Discussion in 'Secure Mail' started by kubussz, Jan 22, 2015.

  1. kubussz

    kubussz Junior Member

    how is the difference between secure-mail.biz - protonmail.ch?

    my question answered as follows:

    " Hello,

    Secure-mail.biz does not offer end to end encrypted messages. Your messages are encrypted when they get to their servers. They also have the key which allows them access to the information within your messages.

    ProtonMail offers end-to-end encryption, this allows us to have zero access to the data within your messages. You hold the only password that can unlock this data.

    Best regards,
    The ProtonMail Team "


    update:

    " They can read your messages at any point, we can not because we do not have the key - you do.

    Best regards,
    The ProtonMail Team "


    this true?
     
  2. PP Daniel

    PP Daniel Staff Member

    Hi,

    I would say not entirely.

    While I do not have any in depth knowledge about their system the basic problem is, whatever you do on your side as a mail provider, the very moment an e-mail is sent to another server (the recipient) you basically rely on their systems security, so even if the transport is fully encrypted the e-mail itself might not be (unless it is encrypted itself, as with PGP). As far as I know they have implemented some method where the recipient only gets a link via e-mail and then has to use a previously (safely) communicated password to login on their server to see the message. Might work, but is this still e-mail?

    At secure-mail we can not access the cold storage data (mailbox), but of course in theory we could log your password upon login and then do so. We are currently working on a new design which would make this impossible, and other great improvements, basically a whole new system. But as this is still work in progress and I'm not the developer in charge, I can not tell much about what the future might bring. But we think the whole way of e-mail itself has to be redesigned to ensure privacy and confidentiality now that everyone and their mother is eavesdropping on all communication.
     
  3. Alfonso

    Alfonso New Member

    Hi, as a protonmail user, I have been reading the information about it.

    What protonmail states is essencially true. And I tell why:

    In protonmail you have 2 passwords:
    - One to access you account (log in).
    - One to encrypt/decrypt your messages.

    Theorically, the encryption/decryption happens on your browser, so they actually can't read your encrypted messages.
    In theory, about what I read, if you write an email to other protonmail user, your browser should encrypt the message with he public key of the recipient, so only he/she can read it.

    IF one of the ends of the communication is unencrypted (not belonging to protonmail), the conversation is compromised: it will go through other email servers unencrypted.
    IF you send an email from protonmail, you have the option to encrypt it, give the password by word (or some safe way) and the recipient can read it online in protonmail (again, I believe the browser decrypts with the key you have).
    IF someone sends you an email from outside but encrypted with your public key and pasted in the email, your browser in protonmail with decrypt it for you. I personally have not tested this, but it's sound.

    So, in resume:

    - When you log in to protonmail you have to write two different passwords.
    - The encryption/decryption happens in the browser.
    - Protonmail stores your public key so other protonmail users can send you secure emails.
    - The browser computes your private key to decrypt your emails.
    - Protonmail stores your emails encrypted in their servers, but they don't have the decryption key, so they can't read them.
    - Communications between protonmail accounts are full secure and unreadable (well... 2Kbit RSA).
    - Communications incoming to protonmail from anywhere else is insecure (except if the sender encrypts by hand with your public key).

    If something changed since I openen my account, someone please comment :)
     
  4. Alfonso

    Alfonso New Member

    Now you can configure 4Kbit RSA key for your account.
     
  5. anajames

    anajames Member

    Need to learn more about this.