|
|
|
|
|
|
by curun1r
3434 days ago
|
|
|
If Edward Snowden started a mail service, I'd probably trust it more. If you want to talk about "going to the mat" for people, I think Snowden has made the bigger sacrifice. Moxie and Whisper Systems probably would get my nod too. Perhaps even DJB or Bruce Schnier. |
|
|
https://moxie.org/blog/lavabit-critique/
>Unlike the design of most secure servers, which are ciphertext in and ciphertext out, this is the inverse: plaintext in and plaintext out. The server stores your password for authentication, uses that same password for an encryption key, and promises not to look at either the incoming plaintext, the password itself, or the outgoing plaintext.
>The ciphertext, key, and password are all stored on the server using a mechanism that is solely within the server’s control and which the client has no ability to verify. There is no way to ever prove or disprove whether any encryption was ever happening at all, and whether it was or not makes little difference
Anyways, having good inventions doesn't equal having a secure product.