[liberationtech] Lavabit stored user passwords in plaintext?
Bernard Tyers - ei8fdb
ei8fdb at ei8fdb.org
Wed Aug 14 16:30:18 PDT 2013
On 15 Aug 2013, at 00:20, Tom Ritter <tom at ritter.vg> wrote:
> On 14 August 2013 19:11, Bernard Tyers - ei8fdb <ei8fdb at ei8fdb.org> wrote:
>> Yes, you're right. My mistake. But is my second question not still valid? If SSL was compromised would the user not then be compromised?
>>
>> Is:
>> "…we generate public and private keys for the user and then encrypt the private key using a derivative of the plain text password.
>>
>> the other side of:
>>
>> "…we need the plain text password to decrypt a user’s private key…"?
>>
>> This is where they saw the cleartext password, and held it in memory for that time period?
>>
>> Does this give some indication as to what the government agency (whichever it was) were making Lavabit implement to allow it to surveil Lavabit users?
>
> IF, (big IF) my understanding of Lavabit's architecture is correct,
> then if you gained access to the user's SSL session, and then also
> access to Lavabit's server where the user's data and (encrypted)
> private key is stored - yes you'd have undermined the whole thing. *
>
> There's another thread on LibTech speculating about just what the
> government asked Lavabit to do. In it, Jospeh Lorenzo Hall theorizes
> that they were asked to sniff on people's passwords (or their private
> keys) in memory so the government would be able to decrypt their mail
> or private key into the future.
I have *a little* experience (a long time ago) of using RAM Cache for holding databases to speed up retrieving results to search queries - similar idea? In this case, holding users passwords in volatile memory for security?
Presumably this would be an easier job to do instead of attacking SSL sessions, since you (the operator) have total access to the hardware?
> This makes sense to me and fits with
> everything I have in my head - but to be clear I am speculating based
> off one person's explanation of how something technical worked to the
> media. I know how individuals will change their statements to explain
> things, and how the media will often reinterpret technical statements
> to make them functionality different from how things actually work.
Don't worry, this is for my own understanding. I won't quote you :)
> * It's worth noting that designing a system where that is not true,
> while not requiring the user to move a key from device to device, and
> not requiring the user to use special software to read their email, is
> both extraordinarily difficult and a massive engineering effort.
Understood.
Thanks.
--------------------------------------
Bernard / bluboxthief / ei8fdb
IO91XM / www.ei8fdb.org
More information about the liberationtech
mailing list