ProtonPass Security Audit
Evaluation of open-source password management integrated with the Proton ecosystem.
01. Open-Source Cryptography
Our evaluation confirms that ProtonPass utilizes the same SRP (Secure Remote Password) protocol as the rest of the Proton suite. All credential encryption is performed client-side using OpenPGPjs, ensuring that Proton never has access to the decryption keys.
[+] Standard: OpenPGP (RFC 4880)
[+] Auth: SRP (Secure Remote Password)
[+] Jurisdiction: Switzerland (Swiss Federal Data Protection)
[+] Feature: Hide-my-email aliases (Integrated)
[+] Auth: SRP (Secure Remote Password)
[+] Jurisdiction: Switzerland (Swiss Federal Data Protection)
[+] Feature: Hide-my-email aliases (Integrated)
Technical Verdict
ProtonPass is the current recommended standard for users deep within the encrypted Swiss ecosystem. Technical integration for Agency procurement is pending.