Page 1 of 1

Raising the bar on safety with Argon

Posted: Wed Dec 18, 2024 8:15 am
by Aklima@42
We are pleased to announce that we have upgraded Tutanota's hash function to Argon2, the most secure algorithm. This is the first step on our path to becoming a post-quantum secure email provider, as this hash function can generate much larger encryption keys used to protect your Tutanota emails, calendars, and contacts.

As you know, we are planning to become the first post-quantum secure email and cloud provider , and we are very happy to announce that we have already reached the first milestone in this project!

With this update your password - which is used to generate your encryption keys that encrypt all your data in Tutanota - will no longer be protected with bcrypt, but with Argon2 : a new and advanced algorithm that will lead you to even better security .

Why did we switch to Argon2?
When Tutanota came out, bcrypt was the best way to turn a password into a cryptographic key. It turns your password into 192 random-looking bits that we can use for cryptographic purposes. That's way more entropy than most people's passwords will ever have, so it's surely enough, right?

Well, as part of quantum security, we want to change freight forwarders brokers email lists all our AES keys to 256 bits, because 128-bit keys will no longer be secure when there is a quantum computer capable of running Grover's algorithm. But mathematicians will realize that 256 is greater than 192. What can we do then?

** What can we do then?

We can stretch those 192 bits by hashing them with SHA-256, for example, and it would be fine in most cases.

But why do that if we can do better?

Image

Argon2
Argon2 has been the winner of the password hashing contest, and rightly so. This algorithm is now recommended by most modern guidelines, including the OWASP Foundation .

Argon2 brings a number of improvements over bcrypt, such as memory and side-channel resistance.