[thelist] Sensitve information on the web
Joel D Canfield
joel at bizba6.com
Wed Nov 3 11:37:20 CDT 2010
On Wed, Nov 3, 2010 at 11:55 AM, Hassan Schroeder <
hassan.schroeder at gmail.com> wrote:
> On Wed, Nov 3, 2010 at 8:47 AM, Joel D Canfield <joel at bizba6.com> wrote:
>
> > We didn't decrypt the emails themselves; nothing was left in email form
> > other than the encrypted data. Once it's offline, it's no more or less
> > vulnerable than anything else, methinks.
>
> OK, so how did the end user see the unencrypted data then? Just
> curious about the process, as I've never fiddled with encrypting mail.
two options: data to be offloaded and stored came as attachments, moved
offline and decrypted there
data as email content was, in fact, decrypted on the fly, but it's more of a
'looking inside the archive' concept, not actually removing the shell around
the nut. so, forwarded, it was still decrypted.
it's five years with zero hands-on time with the tool, so my memories are a
mite fuzzy, but I've got notes should it ever interest you enough for me to
dig them up.
More information about the thelist
mailing list