On 09/12/10 22:25, Josh Rickmar wrote:
On Thu, December 9, 2010 3:22 pm, patric conant wrote:
> From their services page:
5. Secure mail services (smtp-auth w/ TLS, IMAPs/POP3s)
No, I'm referring to the encryption of the actual email saved on their
disks. See http://lavabit.com/secure.html
a) you have to trust their process of key-gen and login (they are able
to get in the way if they want)
b) you have to trust them that their servers are secure in order for
your mail to be private. If they 're hacked then a fake login.php can be
installed that sends your password to the attacker when you login.
Tampered imap server can also do that.
Besides that, ECC with 521bits for the messages is quite paranoid :)
Also AES-256 for your private key (which resides there and not here) is
very nice.
Giannis
