[thelist] Sensitve information on the web

Joel D Canfield joel at bizba6.com
Wed Nov 3 11:37:20 CDT 2010

On Wed, Nov 3, 2010 at 11:55 AM, Hassan Schroeder <
hassan.schroeder at gmail.com> wrote:

> On Wed, Nov 3, 2010 at 8:47 AM, Joel D Canfield <joel at bizba6.com> wrote:
> > We didn't decrypt the emails themselves; nothing was left in email form
> > other than the encrypted data. Once it's offline, it's no more or less
> > vulnerable than anything else, methinks.
> OK, so how did the end user see the unencrypted data then? Just
> curious about the process, as I've never fiddled with encrypting mail.

two options: data to be offloaded and stored came as attachments, moved
offline and decrypted there

data as email content was, in fact, decrypted on the fly, but it's more of a
'looking inside the archive' concept, not actually removing the shell around
the nut. so, forwarded, it was still decrypted.

it's five years with zero hands-on time with the tool, so my memories are a
mite fuzzy, but I've got notes should it ever interest you enough for me to
dig them up.

More information about the thelist mailing list