Let’s say you are running a cloud based email service and storing all of my email for me. Now, if your server needs access to the contents of the email, it will need to see it decrypted. Let’s imagine every email is stored encrypted with a session key (DES/AES) and that key is encrypted with public key cryptography.

When the client asks for the operation to be performed on the mail by the server, it can hand it the decrypted session key (but not the private key!). This permits the server to decrypt that single message, and only that message. Interception of that key will not allow theft of any other message. So what this means is, if a hacker attacked the email database, he could get just the messages that had been transiently decrypted in memory. If he was really good, he’s install something to log all session keys as they are provided by the client, and lay low. In which case, he could grab every message as long as he goes undetected.

Through proper planning and architecture, the surface area of hacks can be limited. I don’t at all believe that Sony’s online security was close to industrial strength. They rushed PSN because X-Box Live had a year head start, and I bet they cut corners.

This is the company that had a *super* elaborate HW DRM system on the PS3, but who stupidly used the same random number for every key. It’s like having an unbreakable one-time-pad system, except ignoring the “one” part of “OTP”.