Thomas Roth also put our attention to minor issues which can improve the security of Tutanota further. These will be implemented with the next release.
All found issues do not affect the encryption itself, but the web application as such. With Tutanota you can easily send and receive encrypted emails that cannot be monitored with common mass-surveillance practices. We also strive to prevent targeted attacks of specific Tutanota users. Such attacks are very complicated to execute and – in most cases (like the issue described above) – require a particular action by the user. In this case it was forwarding an email. Any possible attack scenarios brought to our attention will be taken care of immediately so that you can rely on sending secure emails with Tutanota.
The findings by Thomas Roth show how important peer review is to ensure security. In a few months we will make Tutanota available as open source so that everybody can build their own application and review the code in detail.
If you have any questions, please contact us.
your Tutanota team
11th of July 2014