AES 256 enabled
The new year brings a big update to Tuta Mail: We have now enabled AES 256 encryption by default for all new emails sent via Tuta. This is a huge security improvement and the next step towards quantum-safe encryption.
Additionally, we have now enabled Argon2 as the default password derivation feature for all new accounts or when you change your password. Argon2 is one of the best modern key derivation processes, ensuring the security of encryption keys derived from your password in the Tuta client.
You can read more about Agron2 and why it is the best for security here .
On our way to quantum security we are upgrading night clubs and bars email list our asymmetric cryptography (currently RSA 2048), in a next step we are focusing on rotation of existing encryption keys and key verification.
With this release we are also supporting a new quantum-safe hybrid encryption protocol that we have designed. We will describe it in detail in a future blog post. This protocol is not yet actively used by customers, but we will enable it for new accounts as one of the next steps. We will then work on encryption key rotation so that our current customers can also become quantum-safe. Once implemented, it will be possible to replace existing AES 128 keys with new AES 256 keys. The same will be true for RSA 2048 asymmetric keys, which will be replaced with X25519 and Kyber-1024, turning the protocol into a hybrid (classical and quantum-safe) public key protocol.
What is AES 256?
Advanced Encryption Standard (AES) 256 is the most secure symmetric encryption algorithm. It uses a 256-bit key to convert plaintext or data into a cipher. AES 256 is a strong cipher that was first introduced in 2001 by the U.S. National Institute of Standards and Technology (NIST).
