Use quantum hard cryptography
The general consensus currently is that nation states will have quantum computers capable of breaking today's commonly used asymmetric cryptosystems in the next 15 years[1], and potentially before then. And there is currently at least one major nation state with limited quantum computing capability actively using it to accelerate a small class of attacks.
Last year NIST released an advisory on quantum computing, and expressed urgency in the matter[2]. The NSA has also released an advisory[3].
The fact is that several nation states are collecting nearly all data on the Internet in bulk and storing it. In a few years they will also be able to decrypt it. Defending against quantum computing is now necessary when defending against mass surveillance, and this certainly fits within ProtonMail's threat model.
We need to start moving toward post quantum crypto now. It will take time and our data is already at risk. ProtonMail should use quantum hard crypto by default wherever possible.
[2] http://csrc.nist.gov/publications/drafts/nistir-8105/nistir_8105_draft.pdf
The Usual Suspects
shared this idea
-
theoneand33
commented
I would use Proton mail instead of Tuta mail if they added this
-
Edward Huff
commented
Many say the Australian P.M. must have misunderstood (to put it politely) when he said five eyes assured him cryptography could be broken. What if he was leaking? Maybe five eyes already have a 5000 qubit computer.
AES256 is iiuc quantum resistant. Protonmail should make it easy to use 256 bit symmetric keys exchanged out of band, automatically using symmetric encryption whenever a key is available for the recipient, without having to remember many different passphrases.