I suggest you ...

AES 256 and RSA 4096

Would it be possible to upgrade the crypto to AES 256 and RSA 4096 to have stronger crypto?

278 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    J'informatique shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    17 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • 11116316 commented  ·   ·  Flag as inappropriate

        I do agree with <<If you do intend on migrating to ECC then DO NOT use any of the NIST Recommended Curves! Those have been compromised from the beginning!>>
        They are mathematically bugged/screwed/"backdoored" by design!

      • Tur commented  ·   ·  Flag as inappropriate

        Again tutanota team, this is another important feature, since 2015 and do noting, Bye

      • Anonymous commented  ·   ·  Flag as inappropriate

        New GnuPG releases support ECDH for public keys and EDDSA for signatures. Its manual recommends Camellia256, AES256, or Twofish for ciphers.
        https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf
        https://www.gnupg.org/faq/gnupg-faq.html#recommended_ciphers
        https://www.gnupg.org/faq/gnupg-faq.html#no_best_algo

        Please upgrade to SHA512, too. E-mail messages are at rest, not viewed live.

        If changing algorithms is costly for Tutanota, then I would prefer ECDH (with Curve25519) and EDDSA rather than larger RSA.

      • Anonymous commented  ·   ·  Flag as inappropriate

        256bit AES with 4096bit RSA is essential..... I'll gladly contribute to the cause but won't subscribe until it is provided. For those that want a lower level of security for speed/mobile device purposes, they should have the option. Flexibility guy's, then you satisfy all. :)

      • Anonymous commented  ·   ·  Flag as inappropriate

        @Chris There isn't enough data yet to know if TwoFish is secure or not. Because most use AES, as it is the Advanced Encryption *Standard*, it is constantly under attack, and so far no known public attack exists (only theoretical, meaning you'll dead before it doable)

      • Anonymous commented  ·   ·  Flag as inappropriate

        AES256 is not better or worse than AES128, and in fact, AES192 is currently better than 128 or 256, but all is theoretical attacks (as in, not in our lifetime).. and RSA...sigh. Bigger numbers don't mean better security. The more I read these comments it makes me fear for Tutanota's future, if these are the types of people they will listen to. However, I think maybe the Tutanota devs know better and I need not worry (hopefully)

        If you make the move to ECC, please don't use any US based encryption, as it has dubious origins at this point (even GnuPG is moving away). I would stay where you are for at least 3-5 years, to give ECC some time to get tested more, unless some critical news occurs where you must switch away from your current configuration

      • Richard commented  ·   ·  Flag as inappropriate

        The level of encryption is fundamentally vital to this service...

        “Assume that your adversary is capable of a trillion guesses per second” (Edward Snowden)
        http://www.businessinsider.com/snowden-al-qaeda-avoid-nsa-detection-2013-8#ixzz3dtBzjAOi

        While most people are unlikely to be individually targeted for surveillance, just using an encrypted email increases the likelihood that this service itself will be targeted. State intelligence services are allowed to retain encrypted data indefinitely, until such time when they are able to decrypt it.

        What is worse? - *Knowing* you have no way to communicate privately (coming soon to the UK)
        ...or *thinking* that you do have a way to communicate privately?

      • Anonymous commented  ·   ·  Flag as inappropriate

        Why would you not use the highest security possible? Its email - you aren't streaming video! Please upgrade to 256bit aes and 4096bit rsa.

      • noone commented  ·   ·  Flag as inappropriate

        We need 256bit AES with 4096bit RSA. 128bit is way to small and since we are only sending email, there should be little to no performance difference.

      • anonymous commented  ·   ·  Flag as inappropriate

        We need 256bit AES with 4096bit RSA. 128bit is way to small and since we are only sending email, there should be little to no performance difference.

      • Richard commented  ·   ·  Flag as inappropriate

        How about an option in our settings?
        So users can select how much of an encryption v speed performance hit they are willing to take?

      • Chris commented  ·   ·  Flag as inappropriate

        Rsa 4096 will be very very slow on mobile devices!

        Rsa 2048 is the best solution at the moment!

        But change to the stronger Twofish256 algorithm as did Phil Zimmerman and SilentCircle

      • Colin Arnott commented  ·   ·  Flag as inappropriate

        I agree aes 256 would be a great improvement, but I think a move to elliptic curve crypto over rsa would be better. Any backend crypto change will be painful for tutao, so I think that a move to ecc would be more useful as you gain faster crypto and smaller key sizes, where rsa will just slow things down.

        Ticket for ecc: https://tutanota.uservoice.com/forums/237921-general/suggestions/6897961-migrate-from-rsa-to-ecc

      Feedback and Knowledge Base