- #WHY IS PROTON EMAIL SO SLOW ON MY COMPUTER PASSWORD#
- #WHY IS PROTON EMAIL SO SLOW ON MY COMPUTER CRACK#
#WHY IS PROTON EMAIL SO SLOW ON MY COMPUTER CRACK#
It is not revealed what mechanism is used to protect the stored mailbox password, but if it is like, say, LinkedIn (google hackers crack more than 60 of breached linkedin passwords), then it's definitely an Achilles's heel. Once the hacker figures out the mailbox password, the private key will be plaintext. Sorry if I was not clear enough, but my point is that there wouldn't even be the need to tackle AES256 should a security breach occur. If the Swiss government decides to pursue or help some other government pursue someone, wouldn't it be easy to just ask ProtonMail for the IP address needed? Of course, the government can just as well ask for the passwords as mentioned above, even if encrypted, when legally more convenient. I assume the server has to keep a log of user activities, which must include users' IP addresses. To what extent is ProtonMail immune to such breaches?īesides, not really so much of a concern for average users, but since Protonmail lists on its website in a prime location as one of its benefits that it is "Swiss based":
#WHY IS PROTON EMAIL SO SLOW ON MY COMPUTER PASSWORD#
Should a security breach occur on the server, wouldn't it be just a matter of time for a determined hacker (and a powerful hacker, if, say, a government decides to be one) to figure out the real mailbox password? And once the mailbox password is exposed, the private key is equally exposed, or, why bother with that if the user's account is now free to access? Then what security is left? Since internet security breaches of banks and healthcare providers and big retailers are already a familiar news headline, this does seem to be a real concern. However, the server must store some form of the mailbox password so that the user can be authenticated. The developer also noted that the server doesn't store the mailbox password. In particular, security of the mailbox password:Īccording to this answer by a ProtonMail developer, a user's private key is encrypted (with AES256 as someone mentioned below) using the user's mailbox password, and the encrypted form is stored on the server. However, I do have some concerns about its promise of security. Regardless of what people say, it's definitely a big step forward from tradition options like Hotmail, Gmail or Yahoo mail for the vast majority of internet users. First of all, to those who created ProtonMail: Nice job!!.