As you know, we are planning to become the first post-quantum secure email and cloud provider , and we are very happy to announce that we have already reached the first milestone in this project!
With this update your password - which is used to insurance email list generate your encryption keys that encrypt all your data in Tutanota - will no longer be protected with bcrypt, but with Argon2 : a new and advanced algorithm that will lead you to even better security .
Why did we switch to Argon2?
When Tutanota came out, bcrypt was the best way to turn a password into a cryptographic key. It turns your password into 192 random-looking bits that we can use for cryptographic purposes. That's way more entropy than most people's passwords will ever have, so it's surely enough, right?
Well, as part of quantum security, we want to change all our AES keys to 256 bits, because 128-bit keys will no longer be secure when there is a quantum computer capable of running Grover's algorithm. But mathematicians will realize that 256 is greater than 192. What can we do then?
** What can we do then?
We can stretch those 192 bits by hashing them with SHA-256, for example, and it would be fine in most cases.
