Lavabit not as secure as previously thought

//

A lot has been made recently over the NSA’s actions, but regardless of which side of the fence you’re on, having the option for secure, encrypted emails is always important. It’s possible that Lavabit wasn’t as secure as it was marketed to be, but that doesn’t mean that we should ignore the importance of encryption, especially in this day and age.

Will we ever have truly private and secure email?

Despite the use of cryptography, Lavabit is also vulnerable to all three just like a conventional (unencrypted) e-mail service. The operator can, at any time, stop averting their eyes, an attacker who compromises the server can log the password a user transmits, and an attacker who can intercept communication to the server can obtain the password as well as the plaintext e-mail.

Even though Lavabit’s security page went on at length about how, in the age of the PATRIOT act, users shouldn’t accept a Privacy Policy as enough to protect them, that is almost exactly what it implemented. The cryptography was nothing more than a lot of overhead and some shorthand for a promise not to peek. Even though it advertised that it “can’t” read your e-mail, what it meant was that it would choose not to.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *