What is Nostr?
waitwaitwait
npub1ps7…2j5c
2024-06-16 09:08:14
in reply to nevent1q…rtza

waitwaitwait on Nostr: Thank you. The paper focuses on the fact that when using webmail the Proton server ...

Thank you.

The paper focuses on the fact that when using webmail the Proton server could serve you a malicious client-side code and steal or misuse your key. But all web apps have that problem.

Since Proton has implemented their "one-password" login, the PGP key is on the server, encrypted using your password salted+hashed. That means Proton could try to bruteforce it. But it also means man in the middle attacks are avoided.

I would call them tradeoffs, but I wouldn't say their implementation is fundamentally flawed or insecure.
Author Public Key
npub1ps7hna5ss07mmu4gezzte8mhhwxq8lhek0eefjkxjua8kma76qxq782j5c