Slashdot Mirror
Encrypted Email and Online File Storage - Cryptoheaven
Adam: Kurzawa writes: "CryptoHeaven is a new online service offering secure services: secure free mail, secure file sharing, distribution and storage secure instant messaging, secure discussion lists, automatic key and contact management, no third party key holder, all services integrated into one user interface, accessible anywhere, anytime CryptoHeaven uses the AES symmetric cipher Rijndael with 256 bit symmetric key, public-key cryptography with 2048-4096 bit asymmetric keys (user selectable) and SHA-256 message digest function. Free and premium accounts are available. Source code is available for download free of charge."
It has all of the facilities to do "access from anywhere" computing, except to do that, you have to store your private key on the server (or at least be able to get access to it from anywhere).
If the private key is on the server, then the system is potentially compromisable, and it would appear to lose the it's main selling point.
OK, fine, then don't store your private key on the server. But that means that you are restricted as to where you view the data from, or you must have some means of transporting the private key. But if you are going to restrict yourself to this, then why not just store the secure data on this secure machine? So that appears to be another class of people eliminated...
OK, so then, who is left. I can see how people would like to use this as an anomyous service, but to do that, you have to leave the private keys on the server, otherwise they can pin the account to you. But, this seems inherently dangerous, since one can sniff the password from the server, decrypt your private key, and use/abus your account.
So again I ask, what are the target demographics here? As far as I can tell it is not the security conscious, and it is not the truly paranoid. So who?