Lavabit security was a facade says crypto expert

Moxie Marlinspike, a respected cryptographic software expert, argues that Lavabit, Edward Snowden’s favorite "secure" email service whose owner shut it down rather than give the NSA the keys to his store, wasn't really secure anyway.
Written by Larry Seltzer, Contributor

When the Feds first got on to Edward Snowden they went after his e-mail account. Had the account been at Google or Microsoft, they probably would have had access in short order, but Snowden was using Lavabit, an email service that billed itself as highly secure. The company's claims now seem to have been greatly exaggerated.

The Feds demanded Snowden's emails from Ladar Levison, Owner, Operator and developer of Lavabit. Levison told them that the design of his system was such that he couldn't comply. The Feds then asked for the private SSL keys for lavabit.com; Levison refused and (to make a long story short) shuttered the service rather than comply.

Moxie Marlinspike

Moxie Marlinspike is well-known in the world of computer security and of cryptography in particular. He is the designer and author of cryptographic software and an advocate for its use to protect privacy, but is better-known for critiques of security institutions like the certificate authorities.

Marlinspike has published on his personal blog a critique of Lavabit's architecture, and he makes the case that the site overstated the security of their email.

One of Lavabit's main claims was that email on it was so secure that even they (the Lavabit admins) couldn't read it. But in fact, as Levison described in a blog entry describing the Lavabit architecture, as part of the encryption and decryption process the server had to possess and use a plaintext password supplied by the user. In fact, Lavabit was merely saying that they would not look at or retain that password; as Marlinspike puts it, Lavabit would "avert their eyes". In fact, it was even worse than that:

The ciphertext, key, and password are all stored on the server using a mechanism that is solely within the server’s control and which the client has no ability to verify. There is no way to ever prove or disprove whether any encryption was ever happening at all, and whether it was or not makes little difference.


The system relied on SSL for security in transit between the user and server, but once at the server the email and password were in the clear. To quote Marlinspike again, "The cryptography was nothing more than a lot of overhead and some shorthand for a promise not to peek. Even though they advertised that they 'can't' read your email, what they meant was that they would choose not to."

 Marlinspike also provides some reasonable speculation as to why the Feds wanted Lavabit's SSL keys: The NSA had probably already collected the encrypted traffic from the site and needed the keys to decrypt it after the fact. If this is true, then they would still be interested in the keys even if the site were shut down. I haven't heard that Levison surrendered the keys (except once as an unreadable printout in a tiny font), so something there still doesn't add up.

Marlinspike nevertheless supports Levison and calls on us to support him in his legal defense. (If you're actually interested in helping more than rhetorically, Levison has set up a legal defense fund to which you may contribute.)

Marlinspike also makes some constructive suggestions for secure email projects underway which promise better results than Lavabit's: Mailpile and the Leap Encrypted Access Project.

Editorial standards