Slashdot Mirror
Is Hushmail Still Safe?
Ringo Kamens writes to ask if the use of Hushmail can still be considered a secure method of communication:
"For a long time, Hushmail was considered a very secure email provider until an affidavit (PDF) from a DEA agent in 2007 showed that they had handed over 12 CDs of possibly decrypted data to law enforcement. Now, Cryptome has posted that the Hushmail encryption program is no longer the same program for which Hushmail releases their source. Is Hushmail even safe to use anymore?"
Generally yes, but Hushmail offered two methods of encrypting emails: on their servers and in a Java applet that did it locally. What came out during the earlier revelations was the company handed over email that they decrypted on their servers, but couldn't do so for the applet based encryption. They said up front that the applet was far more secure.
Anyone who loves or hates any language, platform, or manufacturer, doesn't know what they're talking about.
you're probably better off encrypting your emails yourself instead of allowing a third party to convince you that they have encrypted it.
RTFAs much? Hushmail provide you with an optional, open app to encrypt things before they leave your computer. But now it seems that (based on differing hashes) the code used 'in the field' is not the same as the reference source code they show on their site.
I'd be inclined, given Hushmail's excellent track record on openness, to believe that this is more an oversight, i.e. something not updated, than a turn to the dark side.
"Be light, stinging, insolent and melancholy"
It appears that this was reported back in 2007 on The Register.
There is indeed a clause in the clarified terms of service mentioned by the above article that states that your data is not safe from law enforcement authorities with a court order from Supreme Court of British Columbia, Canada:
We are committed to the privacy of our users, and will absolutely not release user data without a court order from the Supreme Court of British Columbia, Canada, which is the jurisdiction where our servers are located. In addition, we require that any such court order refer specifically by email address to any account for which data is required. However, if we do receive such a court order, we are required to do everything in our power to comply with the law. Hushmail will not accept a court order issued by any authority or investigative agency other than the Supreme Court of British Columbia, Canada. Other authorities must apply to the Canadian government through an appropriate Mutual Legal Assistance Treaty and request that a court order be issued by the Supreme Court of British Columbia, Canada.
We'll make great pets
I haven't done this verification, but neither has the cryptome author, so I suspect this is a non-story.
The whole point of Hushmail's program is that you do it on a computer which you trust. They also offer a version where you send stuff to their servers in plaintext and then they encrypt it for you, which is harder to trust.
The problem here is that the program doing the encrypting on your computer, which comes from Hushmail, is not the same program that they provide the (trustable) source code for.
Comment removed based on user account deletion
If you want encryption guaranteed against major governments you have to go with a one time pad. Even then you've got to worry about Van Eck Phreaking or FPGA eavesdropping.
In general it's a bad idea to be confident in your encryption - if the Germans hadn't been so confident in Engima they might have done much better militarily.
Any provider like this can ultimately be compelled to cooperate with security services and you've therefore got to assume they are working with major governments to compromise your communications. Common sense really.
That said, something like Mixmaster is a good place to start. Makes it very difficult to be located by any legal process although (of course) it won't help if the NSA takes an interest.
Hushmail? Compromised almost as soon as it was set up I'd wager.
>3des is not vulnerable but computer power has
>passed the point on which an individual could
>mount an actual attack.
I believe that would likely be DES you're referring to, not 3DES.
Whether the NSA can attack 3DES or not is an entirely different matter. But an individual? Not yet. 3DES is about 112 bits of key if you account for meet in the middle.
DES is ~56 bits and can be cracked in hours with special purpose hardware.
n Hours * 2^(112-56) = 72057594037927936n hours.
So... I think it's out of reach for an individual at the moment. Even if we could break DES in minutes...
I touch computers in naughty places
Point 1:
No-one changed anything in GnuPG. Valgrind issued warnings regarding OpenSSL which resulted in some unfortunate changes in one distro of one OS.
GnuPG and OpenSSL are entirely discrete projects, please don't confuse people with supposition and half-truths.
Point 2:
Neither you nor I can write a robust encryption algorithm. On the contrary, Rindjael and Twofish have been published in the wild now for eight years and no-one has demonstrated a weakness. If the former is acceptable as AES for US Government crypto then it is secure enough for the rest of us. Even if we assume that the NSA is 20 years ahead of the field in mathematics, if you're not dealing with the NSA then you've got 20 years lead time before Company-X can crack your files.
Some other freeware encryption that still uses a published algorithm?
If this made any difference, the algorithm would suck anyway.
If you're encrypting email yourself then hushmail is just unnecessary. Use fireGPG with gmail and you've already got better privacy than hushmail (i.e. no need to trust their java applications)
plus you get the entertainment of watching google struggle to choose adverts for your "----BEGIN PGP MESSAGE----" email
It's also NOT necessarily true that for every brilliant person in the government, there's another who works elsewhere, at least specifically on cryptography. In particular, the NSA is one the largest employers of mathematicians on earth. Most other employers who hire mathematicians have other jobs for them to do, so most of their time is occupied with other problems. By contrast, the NSA can (apparently) afford to hire quite a few who are allowed to concentrate entirely on cryptology.
Given the secrecy of the NSA in general, it's essentially impossible to come up with numbers that are either exact or concrete, but it certainly seems possible and reasonable that government agencies (in general) could have considerably more time and effort to devote to this subject than the entire rest of the world.
My feeling, however, is that the gap has been narrowing for quite a while now. From the design of DES, it appears that the NSA was aware of differential cryptanalysis (but not linear cryptanalysis) at that time; it became publicly known quite a bit later. As for AES, however, the rest of the world has caught up to the point that AES can be used on DOD Secret data, and the variants with 192- and 256-bit keys are cartified for DOD Top Secret data.
The universe is a figment of its own imagination.
Except for the fact that every character you type into the gmail compose field gets sent over the network in clear text, as does your session key. Google does it so they can provide on the fly features like spellcheck and suggestions etc, but it is a huge risk.
http://news.cnet.com/8301-10784_3-9755575-7.html
Not if you use https://mail.google.com/ as your login page. Handy trick, but it should be the default.
"Strangers have the best candy" -Me
No, this is not what they did. If they had changed their applet in order to achieve this, myself and lots of other regular hushmail users would have noticed when we were prompted to approve a new version to execute in our browsers.
What they did do was introduce a javascript-only version which sends the keys to their servers, and make it an insecure-by-default choice. Anyone not paying attention could have easily uploaded their keys.