[liberationtech] Lavabit stored user passwords in plaintext?

[Tom Ritter]

On 14 August 2013 19:11, Bernard Tyers - ei8fdb <ei8fdb at ei8fdb.org> wrote:
> Yes, you're right. My mistake. But is my second question not still valid? If SSL was compromised would the user not then be compromised?
>
> Is:
>
> "…we generate public and private keys for the user and then encrypt the private key using a derivative of the plain text password.
>
> the other side of:
>
> "…we need the plain text password to decrypt a user’s private key…"?
>
> This is where they saw the cleartext password, and held it in memory for that time period?
>
> Does this give some indication as to what the government agency (whichever it was) were making Lavabit implement to allow it to surveil Lavabit users?

IF, (big IF) my understanding of Lavabit's architecture is correct,
then if you gained access to the user's SSL session, and then also
access to Lavabit's server where the user's data and (encrypted)
private key is stored - yes you'd have undermined the whole thing.  *

There's another thread on LibTech speculating about just what the
government asked Lavabit to do.  In it, Jospeh Lorenzo Hall theorizes
that they were asked to sniff on people's passwords (or their private
keys) in memory so the government would be able to decrypt their mail
or private key into the future.  This makes sense to me and fits with
everything I have in my head - but to be clear I am speculating based
off one person's explanation of how something technical worked to the
media.  I know how individuals will change their statements to explain
things, and how the media will often reinterpret technical statements
to make them functionality different from how things actually work.

-tom

* It's worth noting that designing a system where that is not true,
while not requiring the user to move a key from device to device, and
not requiring the user to use special software to read their email, is
both extraordinarily difficult and a massive engineering effort.