Geekly Articles each Day
📜 ⬆️ ⬇️

ProtonMail or what is it really?

Protonmail




The history of ProtonMail , a secure webmail service that has already been written quite a lot (including here ), began in the summer of 2013, when a group of scientists from CERN (European Organization for Nuclear Research) joined forces to improve the security situation. in the Internet. Their startup ProtonMail reached the 2014 MIT 100K semifinal. From that moment began a very rapid development of the project. This victory served as a serious step to talk about them around the world.

The history of development


May 15, 2014 began open beta testing. But there were so many people who wanted to register that they had to close the registration and place a form for collecting applications for an account. It is planned to send invitations for registration as server capacity increases.

On June 17, the ProtonMail team launched a campaign to raise funds for the development of the project on indiegogo.com - https://www.indiegogo.com/projects/protonmail/. The goal of the campaign was to collect US $ 100,000, which will be used to purchase servers and allow the team to fully concentrate on developing the service. Letters were sent with a proposal to support them to all users who left the application for registration. In just a few days the goal was achieved. At the time of this writing, US $ 231,088 (for the first 7 days) has been collected. The main bonus in gratitude for supporting the project is to immediately gain access to the service.
')

Access ProtonMail


I was very interested to know what ProtonMail is all about. Unfortunately, I did not have time to get an account when the registration was opened, and left a request. To get the coveted account, I gladly supported the guys through Indiegogo.

After 6 hours a message arrived in my mailbox with a link by which I activated my account. Registration took about a minute.

Create ProtonMail account


To create an account, you are asked to set two passwords: for access to your account and a mail password.

The password to access the account is used on the service side for authorization, as is done by numerous services on the Internet, including those providing webmail. This password can be changed in your account settings.

The e-mail password is not sent outside the user's computer and is used in the key generation process for encryption in the future. This password is not “recoverable”. If it is lost, then access to the contents of the mailbox will be lost with it. Looking ahead, it should be noted that it is not possible to change this password, which is indicated on the question and answer page.

Can I change or reset my Mailbox password? No. Your Mailbox Password is tied to all your emails because it is used to encrypt all your email messages. It would be undecryptable and unreadable.

The password to log in to your account can be changed on the settings page in your account.

To log in, you must first log in using the primary password, and then enter the email password that will be used to decrypt the contents of the email right on your computer. This allows you to ensure the lack of access to the content of letters from the service and makes it physically impossible. Here it is worth skeptical to note that this is “in theory”, and “in practice” ...

How does ProtonMail look and work?


ProtonMail is exclusively webmail. There is no support for POP3 / IMAP / SMTP, since all cryptography is implemented on the side of a web browser in JavaScript.

Go to your account and see the welcome message from the ProtonMail team. It briefly explains what information is encrypted, whether ProtonMail can be used to communicate with users of other mail services (for example, Gmail or Hotmail).



From the main points it should be noted:

Interface


Basic email formatting options are supported: bold or italic, headings, lists, and the ability to edit the letter directly in HTML.

All emails are divided into folders: received, sent and drafts. You can view only the selected letter. Display of the entire correspondence in its entirety (as a list) is absent.

You can specify recipients of a copy of the letter: CC (everyone sees who sent the copy) and BCC (other recipients do not see the recipients from this list in the list of copies).


Service cost


The service is provided free of charge, but there are restrictions on the amount of stored messages (100 megabytes) and the monthly total number of letters (500 letters). It is planned to launch paid business accounts that will have 1 gigabyte available for storing letters and there will be no restrictions on the number of letters. In the future we plan to add the ability to use your own domain for business accounts.

Integration with other services and applications


Integration with other services and applications is missing. All functionality is implemented on the side of the web browser in JavaScript. No open API.

Storing letters


Received and sent emails between ProtonMail users are stored on the server in encrypted form. On the client side, nothing is cached and not saved.

If a letter is received in open form from a third-party service, then even after reading it, it still remains in the Inbox in clear form.

If a letter is sent to a third-party service in open form, then it is stored in a folder with sent letters immediately in encrypted form.

The ability to export letters to the archive for download is missing.

Search


Search by letters searches by sender name, subject of the letter and the text of letters that are stored in clear form. Let me remind you that in open form only letters received from third-party services are stored (in unencrypted form).

Storing encryption keys


The private key is stored on the servers of the service, but is protected by your email password. It is required to be able to use different devices (and / or web browsers) to access ProtonMail mail. On the side of the client's web browser in Local Storage, the key is not stored.

The ability to import / export key is missing.

Technical implementation


The basis of the service was the library OpenPGPjs . For the duration of the working session, the mail password is stored in fully open form (without obfuscation) in Session Storage .

The service uses asymmetric encryption (encryption system using public keys), implemented on the side of the user's web browser in JavaScript.

On Wikipedia there is a detailed article about encryption using public keys , but, unfortunately, it is rather hard to read for a regular user without special technical knowledge.

Security


About the security of such decisions on the side of the user, when the program code is issued by the service with each call, on the Internet you can find a lot of discussions and articles. For example, an article in English http://matasano.com/articles/javascript-cryptography/ from Matasano security.

A brief summary of all the discussions and available materials is that at any time the service can give a modified program code (for example, at the request of law enforcement agencies), which will send them the user's mail password.

The ProtonMail team emphasizes that they are in Switzerland, where, as they write, I cannot legally oblige them to install a backdoor. The full text of their explanation is available at https://protonmail.ch/blog/switzerland/ . But this is “in theory”, and “in practice” there are no widely known public precedents.

In any case, the ability to change the program code at any time from the service side is a very serious disadvantage, since these changes can be aimed at specific users. In the case when cryptography is implemented in a software product or even at the level of the operating system, such updates aimed at specific users are much less likely and much harder to implement. Although, as you know, there are no 100% secure solutions, but we must strive for the highest possible level of security necessary in this situation.

The browser-executable Javascript code may be subject to XSS attacks. In the case of ProtonMail, like any other webmail, you can send a specially crafted letter to bypass the built-in protection against XSS attacks and execute malicious code that will get access to the user's email password or simply intercept the decrypted message content.

ProtonMail relies on the js-xss library to protect against XSS attacks. But in addition to filtering the content of the letter, there are also service mail headers that can be similarly formed in a special way when sending letters from third-party services to the ProtonMail user. And the ability to receive a letter from third-party services is in all ProtonMail accounts and cannot be disabled in the account settings.

In early June, a vulnerability was found in the ProtonMail service, which allows executing arbitrary JavaScript code on a computer of an unsuspecting user and gaining full access to its mailbox.

Mike Cardwell found this vulnerability, as reported by the ProtonMail team. After fixing the vulnerability, he published this information on ycombinator.com . ProtonMail placed his name in the list of thanks on his website - https://protonmail.ch/blog/protonmail-security-contributors/ , which confirms this fact.

Now this problem in ProtonMail security has already been fixed, but how many more opportunities for hackers are hidden in the implementation of browser-side cryptography in JavaScript?

Similar projects


Mailpile is an open source project that is being actively developed and is an email web client (like ProtonMail works in a JavaScript web browser), which should make cryptography available to users without special technical skills.

Separately, it should be noted the unique opportunity of this project - support for full-fledged search by encrypted messages. On https://www.mailpile.is/faq/ they write that an index is being created, and the contents of the index itself are stored as hashes.

Not specified, these are ordinary MD5 / SHA hashes or MAC. In the case of ordinary hashes, this search solution can be extremely unsafe due to the ability to determine which keyword is found in the encrypted text, considering the hashes of words in the dictionary. Security is very dependent on the implementation of this method.

Lavaboom is a secure webmail service similar to ProtonMail. Cryptography is implemented in JavaScript, the code is executed in a web browser.

Scramble is open source, implemented on the basis of OpenPGPjs (similar to ProtonMail), but a relatively young project does not develop as rapidly. I indicated it in this list to give a more complete picture of the services available on the market.

OpenMailBox - encryption is implemented using the OpenPGP plugin for the Roundcube webmail client project. The private key will be saved in the browser's local storage.

Unseen - uses its own implementation, there is a text messaging service and voice calls. There are clients for mobile platforms and desktops.

Unseen is also used by Roundcube with the OpenPGP plugin.
From desktop clients watched the version for Ubuntu and Mac. These are native wrapper applications that have a “web site” inside it.

What to do?


Using a separate mail application (email client), using well-known cryptographic implementations and a number of special restrictions for the sake of security (for example, the inability to receive mail from third-party resources to minimize the number of possible attacks) are the best solution.

Who can realize the use of public-key cryptography in an accessible (light) form for ordinary ordinary users using well-known email clients (Apple Mail, Microsoft Outlook, email clients embedded in mobile OS, and others) will win the love of users and will certainly become the most successful service!

UPD: Thank you very much for the comments on the article and questions! Completed the article.

Source: https://habr.com/ru/post/227575/

More articles:


All Articles