Seems like if ProtonMail can encrypt them automatically, then they can potential... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

RandomBacon on April 15, 2019 | parent | context | favorite | on: Hackers could read non-corporate Outlook.com, Hotm...

Seems like if ProtonMail can encrypt them automatically, then they can potentially be decrypted by someone at ProtonMail.

Reasoning:

Are emails automatically encrypted with a hash of the user password when they are received?

If the user forgets the password, how do password resets work?

Are the emails before the password reset "lost", or does ProtonMail keep a copy of the hashed password (which I suppose would be needed to log in with in the first place) to unencrypt the older emails, and re-encrypt with the newer password?

EduardoBautista on April 16, 2019 | [–]

They are not encrypted using the user's password. They are encrypted using a standard PGP public key.

int_19h on April 15, 2019 | [–]

Yes, you lose your old emails if you reset password on ProtonMail.

saganus on April 15, 2019 | [–]

Really? are there any docs I can read related to this?

It certainly is something that users should probably be aware of. At least I would...

int_19h on April 16, 2019 | | [–]

https://protonmail.com/support/knowledge-base/reset-password...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact