Tutanota makes encryption easy VS Bitwarden

Hi HN, we are the developers from Tuta (formerly Tutanota), the German end-to-end encrypted email provider, and we recently released the world's first post-quantum encryption for email.

We have included a full technical write-up of the cryptography involved in these changes and we have released it for open public review.

This document specifies TutaCrypt, a protocol designed for hybrid email encryption in Tuta Mail. The protocol combines a classical Elliptic-Curve-Diffie-Hellman key exchange with a post-quantum KEM. The goal is to replace the usage of RSA in Tuta Mail.

In the remainder of this document we describe some preliminaries such as the cryptographic primitives used. We define the core algorithms of the protocol and describe the flow of messages between the communicating parties. Finally, we discuss the security properties and some limitations of the protocol in its current form.

We are eager for your constructive feedback. All cryptography related source code is available for review and experimenting here: https://github.com/tutao/tutanota/blob/master/src/api/worker...

If you have any questions or comments related to post-quantum cryptography please let us know in the comments!

Tutanota - Free secure email account service provider with built-in end-to-end encryption, no ads, no tracking. Free 1GB storage. Which is also partially open source, so you can self-host.

You are probably using a window manager and Electron is not able to detect the secret service backend you have installed. We recently switched to Electron’s built in api for storing credentials, which is the reason for this issue. https://github.com/tutao/tutanota/issues/6265

Tuta Mail (version 3.119.3): Encrypted email & calendar service - easy to use, secure by design.

A look at tuta.com and tutanota.com demonstrates that Tuta is using an Amazon Start of Authority (SOA) DNS record and 4 corresponding Amazon Name Server (NS) DNS records.

rich coming from tuta who still lack a onion based login. this ticket from 2018 was locked as off-topic. https://github.com/tutao/tutanota/issues/528

as lenin said, the best way to control the opposition is to lead it. for me, unless the company has been raided by the government they simply cannot be trusted.

apple proudly advertises privacy billboards while sharing everything they are asked under shadow laws. absolute hypocrisy and double standards. but then they wouldnt be where they are without government money and favours.

Have a non business paid account. Can you change your current tutanota.com email to the tuta.com email?

I have an at tutanota.com account. All of a sudden, this evening, it disconnected and I haven't been able to re-access my account. It actually seems like the whole platform is down, but maybe that's just the context from my devices.

I have a fairly recent free account that I believe was on the domain tutanota.com which I can no longer log into.

For passwords and 2FA I use Bitwarden in combination with a self-hosted Vaultwarden service (for imcreased security and use of pro features for free).

First it's good to use a password manager, however it's not a good idea to use the one built into your browser. I would suggest switching to BitWarden or similar (not LastPass).

I just noticed today when relogging in on Bitwarden (I couldn't sync my vault) that it said "Logged in as [email] on __$2__" instead of "Logged in as [email] on bitwarden.com". I don't know why or how that happened, and I have no idea what it means. Did I screw up somehow? Just to be clear, I did login and just after I logged in my brain realized that it said "__$2__" instead of what it should say.

bitwarden:~$ sudo ./bitwarden.sh updateself _ _ _ _ | |__ (_) |___ ____ _ _ __ __| | ___ _ __ | '_ \| | __\ \ /\ / / _` | '__/ _` |/ _ \ '_ \ | |_) | | |_ \ V V / (_| | | | (_| | __/ | | | |_.__/|_|\__| \_/\_/ \__,_|_| \__,_|\___|_| |_| Open source password management solutions Copyright 2015-2023, 8bit Solutions LLC https://bitwarden.com, https://github.com/bitwarden =================================================== bitwarden.sh version 2023.10.3 Docker version 24.0.7, build afdd53b Docker Compose version v2.21.0 Updated self. bitwarden:~$ sudo ./bitwarden.sh update _ _ _ _ | |__ (_) |___ ____ _ _ __ __| | ___ _ __ | '_ \| | __\ \ /\ / / _` | '__/ _` |/ _ \ '_ \ | |_) | | |_ \ V V / (_| | | | (_| | __/ | | | |_.__/|_|\__| \_/\_/ \__,_|_| \__,_|\___|_| |_| Open source password management solutions Copyright 2015-2023, 8bit Solutions LLC https://bitwarden.com, https://github.com/bitwarden =================================================== bitwarden.sh version 2023.10.3 Docker version 24.0.7, build afdd53b Docker Compose version v2.21.0 Update not needed bitwarden:~$

Bitwarden (version 8588): A secure and free password manager for all of your devices.

I would also recommend the use of a password manager such as Proton Pass, BitWarden or 1Password if your looking for a more premium solution.

Use a password manager if you do not already and have it generate unique passwords for every website. Bitwarden is one of the best. You should NEVER reuse passwords and should always use unique passwords. It may be inconvenient at first but a password manager like Bitwarden really does make it a whole lot more convenient. Your e-mail especially should have its own unique password. You should also use two-factor authentication on any website that offers it. If you do not have a good AV on your computers, Bitdefender and Kaspersky both offer free options. The website https://haveibeenpwned.com/ is a good place to check if your credentials have been in a data breach.