Anything other than loading the Tutanota app into your browser is unsecure
Thanks for requesting a feature for further improving the security of Tutanota! We currently use TLS and DANE to protect authentication and integrity data and (only tunneled) RSA and AES to provide additional confidentiality. Neither the confidentiality nor the integrity of your data is currently at risk. In order to increase the security of Tutanota even further, we will implement digital signatures soon.
This is an awesome idea we were already thinking about. It will be optional.
@Chris There isn't enough data yet to know if TwoFish is secure or not. Because most use AES, as it is the Advanced Encryption *Standard*, it is constantly under attack, and so far no known public attack exists (only theoretical, meaning you'll dead before it doable)
AES256 is not better or worse than AES128, and in fact, AES192 is currently better than 128 or 256, but all is theoretical attacks (as in, not in our lifetime).. and RSA...sigh. Bigger numbers don't mean better security. The more I read these comments it makes me fear for Tutanota's future, if these are the types of people they will listen to. However, I think maybe the Tutanota devs know better and I need not worry (hopefully)
If you make the move to ECC, please don't use any US based encryption, as it has dubious origins at this point (even GnuPG is moving away). I would stay where you are for at least 3-5 years, to give ECC some time to get tested more, unless some critical news occurs where you must switch away from your current configuration
We want to make a feature similar to this description available (optional): https://tutanota.uservoice.com/forums/237921-general/suggestions/8258685-enhance-login-security