We will reformulate that. What we mean is that we never save user emails on our servers in clear text. The emails are encrypted on the clients before being sent to us. We want to know as little as possible about our users.
and what are you doing with the random text per user (i.e. the encrypted emails)? Why do you need them?
If they are encrypted by the user, how can you verify their email then? This does not add up.
We saved the encrypted version to enable password reset. When you reset your password we send an activation code to the email you signed up with (We don’t save that email ).
To reset your password you need to enter that email. We encrypt the value on the client and compare it we the value we have on our server. To make sure it s really you
But at any time we don’t have user emails stored on our system. So If someone gets access she will never see emails in clear text.
And most importantly we will never send users marketing emails. Only registration and password reset emails. We want to know as little as possible about our users.
Informations we store [...] Hashed value of your email
okay, so you can easily make a rainbow-table and thus your users are not anonymous anymore + if someone has your database and want to know if email@email.com has an account one can easily find that out, even without the need to bruteforce all emails.
Btw. in this case it makes absolutely no difference if you or the client computes the hash ;)
You are right, in this case he can use a salt for the hash - my second point is still valid though, but I guess that is fundamentally so if you want to use passwords
Okay and how do you choose the key for the encryption? If it is the same for all users (which from what you said it kind of has to be?) you could just decrypt it?
Exactly. This is the main idea behind Dikalo. Your private stuff belong to you. We are only interested in sending your messages. This is why you can use Dikalo without even siging up