||06-12-2011 10:10 PM
[OT CONTENT REMOVED BY MODERATOR]
Originally Posted by Lavabit
How does asymmetric encryption protect your privacy? The short description is that for users of this feature, incoming e-mail messages are encrypted before theyíre saved onto our servers. Once a message has been encrypted, only someone who has the account password can decrypt the message. Like all safety measures, encryption is only effective if itís used. To ensure privacy, Lavabit has developed a complex system that makes the entire encryption and decryption process transparent to the end user.
This process works by combining three different encryption schemes with Elliptical Curve Cryptography (ECC) as the cornerstone. When a user activates the asymmetric encryption feature, two ECC keys are generated with 521 bits of strength. The first key, or the "public" key, is stored in plain text on the server. This public key is used to encrypt incoming messages. Because of how ECC works, only someone with the second ďprivateĒ key can decipher messages encrypted with the public key. To protect the private key from attackers, it is encrypted using the Advanced Encryption Standard (AES) (hover:AES Hover) with a 256 bit key. AES is a synchronous encryption scheme that uses a secret passphrase to encrypt/decrypt a ciphered message. In the case of Lavabitís secure e-mail system, the ciphered message is a userís private key and the secret passphrase is a hashed version of the userís password.
To ensure maximum security, passwords are hashed using the Secure Hash Algorithm (SHA). SHA takes the plaintext password as its input and produces a random 512 bit string as the output. With only the SHA output, it is cryptographically impossible to determine the original input. Effectively, hashing is a repeatable one-way process.
I agree, that seems badly confused.
I understand that Lavabit appears to trying to contrast their scheme with the design of PGP and GPG.
GPG uses public-key cryptography to encrypt a session key for each message. The sender and recipient each have a secret/public keypair; the sender "randomly chooses" a session key and CAST-encrypts the message plaintext with it, and also uses his private key and the recipient's public key to EG-encrypt the session key. He transmits the EG-encrypted session key and the CAST-encrypted message to the recipient, who decrypts the EG-encrypted session key using his private key and the recipient's public key, and then decrypts the CAST-encrypted message using the session key. (Someone please correct me if I am wrong!)
(EG stands for the El Gamal algorithm, while CAST stands for the default block cipher used by GPG.)
But I don't understand your explanation of what Lavabit does.
I guess that an ECC scheme might be used somewhat analogously to the way that the El Gamal algorithm is used by GPG. ECC would use "trapdoor pseudo-one-way" operator based upon the properties of elliptic curves, while El Gamal uses a "trapdoor pseudo-one-way" operator based upon the properties of discrete logarithms. (Someone please correct me if I am wrong!)
However their ECC encryption scheme works, how can they encrypt an incoming email "before it is saved" on their mailserver? Wouldn't it have to exist as a plaintext temp file before they encrypt it? Or is it possible to use a stream cipher to encrypt it as it is being received?