[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Question on encrypted messages

To: qmail@xxxxxxxxxxxxx
Subject: Re: Question on encrypted messages
From: Tony Mobily <mobily@xxxxxxxxxx>
Date: Tue, 07 Sep 2004 16:50:11 +0200
Delivered-to: de5-qmail@sws5.ornl.gov
Delivered-to: mailing list qmail@list.cr.yp.to
Mailing-list: contact qmail-help@list.cr.yp.to; run by ezmlm

> > Assuming that I have the encryption/decryption programs ready, how hard would it be to implement such a > >system using qmail? Has anybody here done this already?

>Why would you want that? >If I read everything you want correct it will not add extra security only CPU power. >The public and private keys will be stored on the same server so a breakin on the server will reveal both. >If you wanted to let the pop3 client to decrypt the files why don't you install ssl?

The user's private keys would be stored on the server, yes, but they would be encrypted symmetrically using a passphrase. So, if it did happen that somebody broke into the server, or stole the hard drive, s/he wouldn't be able to access the local email as it would all be encrypted - and the private keys would be useless without the passphrases to unencrypt them.

So, the system still makes a bit of sense - I think.

It is still true that a hacker with root access to the system could put a backdoor in the Webmail system, but encrypting stuff would certainly help (and you can always do specific audit from external hosts to make sure that the webmail's MD5 isn't changed, for example).

Bye,

Merc.

Follow-Ups:
- Re: Question on encrypted messages
  - From: Maurice Lucas
- Re: Question on encrypted messages
  - From: Jorge Tomé Hernando

Prev by Date: RE: Centralized Email
Next by Date: Re: Qmail queue (bigger)
Previous by thread: Re: Question on encrypted messages
Next by thread: Re: Question on encrypted messages
Index(es):
- Date
- Thread