We all remember Lavabit, the "secure" email service that closed two months ago by the owner of Ladar Levinson.
There are good reasons why we should revise the title of the company that wanted her”safe email service.” The security researcher Marlinspike Moxie explains why Lavabit's services were not so secure and typically states that the service was not built on secure security practices.
Lavabit boasted of offering an encrypted e-mail service, so secure that even company employees could not access stored e-mails. This is technically true, but it gives the false impression that Lavabit did not have access to plain text messages, which is not true.
Η κρυπτογράφηση που πρόσφερε η εταιρεία ήταν server-side . Τα μηνύματα ηλεκτρονικού ταχυδρομείου έφτασαν σε μορφή απλού κειμένου και η κρυπτογράφηση γινόταν επί τόπου με ένα κλειδί πριν την αποθήκευση τους στο διακομιστή. Αυτό σημαίνει όπως καταλαβαίνετε ότι τα μηνύματα έφταναν στους servers σε μορφή απλού κειμένου, αν και μέσω κρυπτογραφημένης connections HTTPS.
Such systems are vulnerable to possible attacks. Anyone who manages the server, legitimate administrator or hacker, could access the files that were not encrypted.
