Hacker News new | ask | show | jobs
Review my startup: Secure webmail service (pipemail.org)
2 points by qnrq 5665 days ago
After two and a half years of work: Pipemail sees public light. Pipemail encrypts emails using aes256; but any symmetric-key encryption cipher works, really. It's built around the idea that an email provider should never be able to retrieve the emails that their users send. To achieve this I invented a fragmented key assembling method.

There's some other nifty features available, like that we automatically strip EXIF tags from attached image files and allow users to send emails that are only readable once by the recipient. You can check out the documentation here: http://bit.ly/fIjLPk

I really hope that you like it. Hopefully we can shed light in this modern Big Brother day and age.

Oh, and it's free of course. But you can donate if you like it :-)
1 comments
ammmir 5665 days ago
security and fancy crypto on the server don't mean much if your frontend interface submits passwords in plain text over the wire. a secure service shouldn't even serve up content on non-https URLs.
link
qnrq 5665 days ago
I completely agree. We didn't install a cert since there were some doubts around wether we would sign it ourselves or not.

Either what we decide, a self signed cert is better than none, hence this is now fixed. All http traffic is now redirected to https using a 2048 bit self signed certificate :-)

link