Lavabit – There's a sucker born every minute

Holy shit, I&#x27;ve read some ignorant &quot;internet expert&quot; posts about Lavabit but this one is, by a wide margin, the dumbest one yet.<p>If the moron who wrote this article had bothered to spend 2 seconds to scan over the whitepaper (and other security details that have been published since) he would realize that the email files were stored in encrypted form in the Lavabit database, and decrypting those records would require the password for the relevant account. Lavabit DID provide the FBI with a dump of the records they requested, but without Snowdens personal password the records were useless. To retrieve his password they would need to snarf it of the wire as he logged in, which would require specific code written by the server administrator or access to the SSL keys and a listening device installed between the router and server. Ladar offered to do the former, the FBI refused to pay him for his work and demanded his SSL keys instead.<p>I don&#x27;t know what this guy is talking about SMTP archiving, that has nothing to do with any of this.

The article confuses two things: 1. Live interception of SMTP communication going in and out of Lavabit and 2. Interception of the encryption key to access the stored emails.<p>The first would be relatively easy, in that the post is correct. But what the warrants actually requested was the stored data of an account. Lavabit provided these, but they were encrypted (as per design of the service). The FBI then wanted the keys for the stored account data. And for that Lavabit asked for 3500USD which is reasonable, because there is no off the shelf software to grab the POP3 or IMAP password in the handshake. Especially as the TLS endpoint and the software decrypting the stored account data with the POP3 or IMAP password was probably the same, so there is no plain TCP traffic in the internal network containing the key.<p>You can see that the FBI asked for (2) and not (1) in the transcript of the court hearing, page 50 of the cited pdf <a href="http://cryptome.org/2013/10/lavabit-orders.pdf" rel="nofollow">http:&#x2F;&#x2F;cryptome.org&#x2F;2013&#x2F;10&#x2F;lavabit-orders.pdf</a> . It is a really entertaining read btw.: The FBI agent and the judge bicker about whether or not Levison should be asked right there in court if he would comply with a warrant (about the TLS key) they haven&#x27;t even served him yet.<p>&gt; THE COURT: I don&#x27;t know, Mr. Trump. I don&#x27;t think I want to get involved in asking him. You can talk with him and see whether he&#x27;s going to produce them or not and let him tell you. But I don&#x27;t think I ought to go asking what he&#x27;s going to do and what he&#x27;s not going to do because I can&#x27;t take any action about it anyway. If he does not comply with the subpoena, there are remedies for that one way or another.

The entire episode was CAUSED by Levison&#x27;s failure, and flat-out incompetence, to implement a simple SMTP archive feature and then his attempted fleecing of the American taxpayer by charging $2000 to provide that information.<p>Why does this feel like a personal attack?