While I understand the challenges with SMTP-based email, dismissing privacy concerns as ignorance is unhelpful. It's not at all a technical difficulty—Modern threats demand updated solutions, and opportunistic-TLS isn't enough. Financial incentives and data monetization do play a role in the reluctance of major providers. If new protocols can secure chat apps, similar efforts should be made for email.
"roll your own crypto" means writing a new encryption scheme. But here i'm just using multiple schemes without connection to one another by using different encryption keys.
What if AES-256 gets compromised?
Basically i'm storing my encrypted data online. Anyone can see it but only i can decrypt it.
A symmetric cipher is a permutation, multiple symmetric ciphers in sequence is still a permutation. There has been no analysis done on the latter to determine if the sequence you use hides a weakness. I'd much prefer a well analysed system to an unanalysed one.
> multiple symmetric ciphers in sequence is still a permutation.
No its not. The data feeding to the next algorithm is an already encrypted data from the previous algorithm. Theres 0 connection b/w them.
For example .
step 1 . encrypt message (M) with key (K1) using AES to produce cipher text (C1)
step 2 . encrypt message C1 with key K2 using TripleDES to produce C2.
step n . and so on using all algorithms with different Keys.
I don't see any connections b/w them. 0 entropy. Please correct me if i'm wrong.
It's still a permutation: shuffling a deck of cards again doesn't make it any more random (apologies to Diaconis). A symmetric cipher is just a shuffle -- no more, no less. Sure, it "feels" unlikely that there would be a problem but can you prove that or prove at least some level of confidence in it?
The bottom line is just AES is good enough. Your data almost certainly isn't worth the effort involved for an attacker even if there was a substantial breakthrough against AES. If it was worth enough, there are far cheaper and easier ways to get access than breaking the crypto: https://xkcd.com/538/
Modern symmetric crypto is secure enough: any problems you hear about are not in the algorithms. Cracking crypto as seen in movies is a complete fiction, it doesn't work like that.
I suggest reading some introductory texts on cryptography to fill knowledge gaps.
No, because your Nginx server decrypts that TLS connection so can access the plaintext data. This is typically called encrypted-in-transit.
E2EE means that it's always encrypted from the sending device to the receiving device and nothing in the middle (including the service operator) can read it.
E2E implies that the data itself gets encrypted by the sender and is only decrypted by the receiver. With https, the "pipe" is encrypted, but the data is not and the server will get the plain-text.
Users deserve better privacy protections despite historical constraints.