herbie wrote:
Entirely possible re seeing the mails themselves, except they're claiming they can't even get to your encrypted mail. It's still there on their server's /var/mail/user and someone has root.
I've just used my own email servers for over a decade, gmail, ISP mail and hotmail for piddling about with. Guess I'll never run for President.
You can administrate encrypted files on a server but without the hash key you can't open them even if you have /root access.
And what I'd already posted is what these folks do:
Quote:
ProtonMail’s segregated authentication and decryption system means logging into a ProtonMail private email account requires two passwords. The first password is used to verify the identity of the user. After that, encrypted data can be retrieved. The second password is a decryption password which is never sent to us. It is used to decrypt data on your device so we do not have access to the decrypted data, or the decryption password. This means we cannot hand over your data to third parties. For this reason, we are also unable to do decryption password recovery. If you forget your decryption password, we cannot recover your data.
The second password gets hashed and that is what decrypts the email. The email is then encrypted at rest.
It's pretty secure. Secure enough that the only way to get at it is to view it when you're reading it.