#BITMESSAGE VS LAVABIT CODE#
ProtonMail’s code is not yet open source but they have announced plans to release it in the future. If you and a non-ProtonMail user can agree on a passphrase beforehand, you can also exchange end-to-end encrypted messages with people who have no knowledge of cryptography whatsoever. While they strive to make the encryption and decryption invisible in the name of usability, optional key management is on its way allowing users to import GPG keys of non-ProtonMail users so that the security can interoperate with other services. In the meantime many exciting features are in the pipeline. There may be a short wait if you request an account at the moment, as a sudden spike in popularity coinciding with their IndieGoGo campaign maxed out their servers. ProtonMail is still in beta but the user experience is on the whole very smooth and mature. The private key and mailbox are both encrypted using AES-256. The decryption process happens entirely locally in the client’s browser using JavaScript so that there is no room for ProtonMail to intercept the passphrase protecting the secret key. This password unlocks the user’s symmetrically encrypted 2048 bit private RSA key which in turn decrypts their mailbox. This leads to a page titled “Decrypt mailbox” prompting them to enter a second password.
![bitmessage vs lavabit bitmessage vs lavabit](http://3.bp.blogspot.com/-wduLTdMcWNs/UcRFETdaVHI/AAAAAAAAAFQ/ga3YloA2WMA/s400/bitmessage_send_image.png)
This all sounds very impressive, but what’s the nitty gritty? The touted two password system works as follows: the first password logs the user into their account. Elsewhere they boast of a “secure datacenter facility hidden inside a Swiss granite mountain” and that this is a “former military command center deep inside the Swiss Alps”. Indeed, they say just that on the pagedetailing their security measures: their servers “are colocated in some of the same secured and guarded datacenters used by Switzerland’s famed private banks”.
![bitmessage vs lavabit bitmessage vs lavabit](https://motherboard-images.vice.com/content-images/contentimage/31642/1458305341863763.png)
The gist is that ProtonMail is marketing themselves as the “Swiss bank account” of email providers. They make a big deal out of two things: the fact that they are based in Switzerland, and their two password system. Started in 2013, ProtonMail specifically cites Edward Snowden as an inspiration for their service.