The double encryption has to do with the treatment of passphrases and private keys (see below). The text below is from the Google cache of Lavabit's former website. Reliably defeating this would mean changing how their software works (misrepresenting the company to their customers), which is the heavy-handed PRISM technique.I don't get 'double' encryption... I get what it is, I just don't get how it is any better/different than longer keys? Just a convenient way to implement double key length?
Is there any other benefit?
"This process works by combining three different encryption
schemes with Elliptical Curve Cryptography (ECC) as the
cornerstone. When a user activates the asymmetric encryption
feature, two ECC keys are generated with 521 bits of strength. The
first key, or the public
key, is stored in plain text on
the server. This public key is used to encrypt incoming messages.
Because of how ECC works, only someone with the second “private”
key can decipher messages encrypted with the public key. To
protect the private key from attackers, it is encrypted using the
Advanced Encryption Standard (AES) with a 256 bit key. AES is a
synchronous encryption scheme that uses a secret passphrase to
encrypt/decrypt a ciphered message. In the case of Lavabit’s
secure e-mail system, the ciphered message is a user’s private key
and the secret passphrase is a hashed version of the user’s
password.
To ensure maximum security, passwords are hashed using the Secure Hash Algorithm (SHA). SHA takes the plaintext password as its input and produces a random 512 bit string as the output. With only the SHA output, it is cryptographically impossible to determine the original input. Effectively, hashing is a repeatable one-way process.
To increase the randomness of our hash outputs and the difficulty of reversing the process, Lavabit combines the password with the account name and a cryptographic salt. This combined string is then hashed three consecutive times, with the former iteration’s output being used as the input value of the next iteration. The output of the first hash iteration is used as the secret passphrase for AES mentioned above. The third iteration is stored in our password database and is used to verify that users entered their password correctly.
The product of this encryption process is a message that is
cryptographically impossible to read without the password. We say
cryptographically impossible
because, in theory, an
attacker with unlimited computing resources could use brute force
to decipher the original message. However in practice, the key
lengths Lavabit has chosen equal enough possible inputs that a
brute-force attack shouldn’t be feasible for a long time to come."
Free forum by Nabble | Edit this page |