3 Jan
2011
3 Jan
'11
9:40 p.m.
To store the messages safely/safeish, I think you will have to use public key cypto. Messages delivered should be encrypted with the user's public key on delivery, and decrypted by combination of the user's server side stored secret key and login passphrase. The secret key probably also would need to be stored somewhere serverside "in escrow" -- in case the user forgets his passphrase.
"any administrator with sufficient privileges" will still be able to sniff the password and decrypt the messages... but that's probably unavoidable unless you use full end to end encryption a-la PGP/GPG, S/MIME, ..
-jf