Zum Inhalt der Seite gehen


Tuta startet Post Quantum Cryptography for Email


Tuta Mail ermöglicht #TutaCrypt, ein Protokoll, um Nachrichten mit #quantensicherer #Verschlüsselung auszutauschen.

Pünktlich zu 10 Jahren Tuta/Tutanota starten wir das bedeutendste #Sicherheits-Upgrade von TutaCrypt mit TutaCrypt. Dieses bahnbrechende Protokoll nach dem Vierbettsicherung sichert E-Mails mit einem hybriden Protokoll, das modernsten Quantensicheren kombiniert Algorithmen mit traditionellen Algorithmen (AES/ECC) machen Tuta Mail zum weltweit ersten E-Mail-Anbieter, der E-Mails vor #Quantencomputer-Angriffen schützen kann.

Wir freuen uns, Ihnen mitteilen zu können, dass wir mit dieser Pressemitteilung standardmäßig eine quantensichere Verschlüsselung für alle neuen #Tuta #Mail-Konten ermöglichen. Wir ersetzen jetzt die klassische asymmetrische Kryptographie (RSA-2048) durch unser quantensicheres #Hybridverschlüsselungsprotokoll TutaCrypt: Es kombiniert einen Post-Quantenschlüssel-Encapsulationsmechanismus (CRYSTALS-Kyber) und einen Elliptic-Curve-Diffie-Hellmann-Schlüsselaustausch (x25519).

https://tuta.com/blog/post-quantum-cryptography

Als Antwort auf tom s

Interesting! They say there is no access possible to encrypted content. But there are other infos they might release, even encrypted content.

"Between the 1st of July 2023 and the 31st of December 2023 Tuta (formerly Tutanota) has

received requests for inventory data in 120 cases.
released inventory data in 6 case.
received requests for real time traffic data in 20 cases.
released real time traffic data because of a German court order in 12 cases.
received requests for stored content data in 19 cases.
released stored encrypted content data because of a German court order in 16 cases.
received requests for real time content data in 19 cases.
released real time content data because of a German court order in 10 cases.

Between the 1st of January 2023 and 30th of June 2023 Tutanota has

received requests for inventory data in 116 cases.
released inventory data in 5 case.
received requests for real time traffic data in 15 cases.
released real time traffic data because of a German court order in 6 cases.
received requests for stored content data in 20 cases.
released stored encrypted content data because of a German court order in 16 cases.
received requests for real time content data in 9 cases.
released real time content data because of a German court order in 4 cases.

Content Data
This term refers to your emails: subject, body and attachments. All emails in Tuta are stored end-to-end encrypted and only you hold the decryption keys. Just like traffic data, content data can only be requested by a German judge (§ 94, para. 2 of the StPO, § 98, para. 1, sent. 1 or para. 2, sent. 1 of the StPO) in case of serious criminal acts (see above for examples). A German judge can either issue a seizure of a mailbox or a real time monitoring of the mailbox (TKÜ), or both. A seizure order under criminal law (§ 94, para. 2 of the StPO, § 98, para. 1, sent. 1 or para. 2, sent. 1 of the StPO) refers to the encrypted mailbox content. An order for real time monitoring of a mailbox refers to all emails received and sent from the relevant mailbox starting with the time of the order until a specified date (usually three months). In case of real time monitoring (TKÜ), we have to provide contents of emails. Emails that are sent end-to-end encrypted with Tuta can only be delivered in encrypted form. Emails that are sent unencrypted are delivered in plain text if they arrive after we have received a valid German court order for a real time monitoring (TKÜ). Plain text emails that have arrived before that have already been encrypted on the server and cannot be decrypted by us."