Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is Hushmail Still Safe?

Posted by Soulskill on from the possibly-good-protection dept.

Ringo Kamens writes to ask if the use of Hushmail can still be considered a secure method of communication: "For a long time, Hushmail was considered a very secure email provider until an affidavit (PDF) from a DEA agent in 2007 showed that they had handed over 12 CDs of possibly decrypted data to law enforcement. Now, Cryptome has posted that the Hushmail encryption program is no longer the same program for which Hushmail releases their source. Is Hushmail even safe to use anymore?"

16 of 264 comments (clear)

  1. this has been the case all along by spune · · Score: 5, Insightful

    you're probably better off encrypting your emails yourself instead of allowing a third party to convince you that they have encrypted it.

    1. Re:this has been the case all along by arcade · · Score: 5, Insightful

      Think our Government doesn't have the capability of decrypting them all,

      No.

      or more to the point the capability of demanding unencrypted data be handed over?

      Well, if you mean by actually torturing you? Well, depends on whether you believe your government does that to americans or not.

      If you refuse, you refuse. They then can't get to your data.

      Unless you use debian, of course. :-P

      --
      "Rune Kristian Viken" - http://www.nwo.no - arca
    2. Re:this has been the case all along by roystgnr · · Score: 4, Insightful

      Well, if you mean by actually torturing you? Well, depends on whether you believe your government does that to americans or not.

      Torture isn't the only way of getting data out of people, which is fortunate because as Bush said, "We don't torture." What we do is called using "Enhanced Interrogation Techniques", which aren't torture because they don't cause organ failure, except when they do and the organ was in a guy who wasn't going to live forever anyway.

  2. Simple Answer by fluch · · Score: 4, Insightful

    ...one can't trust encryptinon if it is done off site. Point.

    If you want your communication secure encrypt it on your computer which you trust. This is the only way to keep it secure...

    1. Re:Simple Answer by Just+Some+Guy · · Score: 4, Insightful

      The problem here is that the program doing the encrypting on your computer, which comes from Hushmail, is not the same program that they provide the (trustable) source code for.

      The other problem is that it's not GPG. Honestly, there is no way I'd trust any other file crypto software today. Why should I? GPG is there and works and people use it. Anything else is just rolling dice.

      This is maybe the one area where I don't think there's a lot of room for options. Crypto is almost unbelievably hard to get right, and the odds of more than a tiny handful of programs pulling it off is slim. Putting all of your eggs in one basket is risky, but I'd rather trust one titanium roll cage of a basket than 100 made out of tin foil and rusty nails.

      --
      Dewey, what part of this looks like authorities should be involved?
  3. no encryption that YOU didn't write is safe by TheGratefulNet · · Score: 4, Insightful

    its just that simple.

    unless you can review (and understand) what's going on, line by line, you can't REALLY trust it.

    what is at stake, here? the gov's are at an all-time power-grabbing frenzy for violating your personal privacy. corporate, too, for that matter.

    it was once said that no one would be allowed to sell or market encryption tech that 'the big guys' would not be able to break; meaning our government. I once worked at a picture phone company (mid 80's) that was starting to go down the 'encrypt your video phone call' path (using old switched56 tech) and we were told we could NOT do our own encryption unless it was 'breakable' by, well, certain agencies.

    believe what you want, but no commercial (or even freeware) encryption that is avaiable to YOU AND I will be worth anything other than 'for show'.

    I fully believe that. you would do well to mistrust your government, too, given how greedy they have become on the rights-grab thing.

    locks only keep honest people out. there is NO WAY to keep the gov out, anymore. and that means that others, too, have backdoors (you think the gov is the only entity that can 'get to' this kind of stuff?)

    anyone who trusts encryption for their life, in this day and age, is deluded.

    --

    --
    "It is now safe to switch off your computer."
    1. Re:no encryption that YOU didn't write is safe by icydog · · Score: 5, Insightful

      And unless you're Bruce Scheiner, encryption that you do write probably isn't safe either.

    2. Re:no encryption that YOU didn't write is safe by LighterShadeOfBlack · · Score: 5, Insightful

      Anyone who thinks the government is a magical entity that can automatically undo the work of independent researchers and mathematicians is deluded.

      I'm sure any major government's capabilities to obtain information are beyond what they are commonly percieved to be, but that does not mean that every encryption scheme is instantly rendered null and void. No one government has control over everyone, so if you think the US government is stifling innovation in America do you also think they're doing the same in Japan, Europe, China, and anywhere else? Or do you think that those governments are all collaborating on this - now that really would be deluded.

      If all available encryption mechanisms were crackable then why would governments have gone to to such lengths to try and hinder their development in years gone by - and why would many governments now be trying to attack encryption methods via other means, eg. the recent British law that makes refusal to give up keys to encrypted material punishable by up to 5 years in prison. Why be the bad guy and make those laws if they're unnecessary anyway? I suppose you could claim it's to try and mask their true abilities, or to play up to the anti-terror idiots, but I don't see that as likely.

      --
      Spelling mistakes, grammatical errors, and stupid comments are intentional.
    3. Re:no encryption that YOU didn't write is safe by Cheesey · · Score: 4, Insightful

      We got past this in the 90s; initially they said that all encryption would have to be weak (e.g. 40 bit) or go through their chips (Clipper, etc.). But they found that this didn't stand up to the reality of WWW era. What worked in the 80s for the few users of encryption at that time simply couldn't scale up for web commerce. Strong encryption was a commercial necessity, so the attempts to control the industry had to be dropped. The export restrictions disappeared, and because DES was now too weak to be useful, the new AES standard was introduced.

      Is AES full of back doors for the NSA? Almost certainly not, since these could also be used by any resourceful group of cryptographers, including the Chinese version of the NSA.

      Is quantum computing already being used to crack AES? No. Quantum computing is the cold fusion of our industry.

      --
      >north
      You're an immobile computer, remember?
    4. Re:no encryption that YOU didn't write is safe by AmiMoJo · · Score: 4, Insightful

      believe what you want, but no commercial (or even freeware) encryption that is avaiable to YOU AND I will be worth anything other than 'for show'.

      Truecrypt is freeware (open source) and is secure. In fact, it's more secure than any commercial offering I know of, due to its plausible deniability features. The source is there, it has been examined by experts and you can take a look yourself. Encryption options include both AES and Twofish, both known to be secure.

      Encryption is well understood and researched by academics working in public. Sure, governments have their own secret research, but a lot of very clever people all around the world have been testing AES and Twofish for weaknesses for years and so far have found none. Governments don't have any magical ability to find flaws in encryption that ordinary academics don't.

      Having said that, perhaps if you are Osama Bin Laden you might want to be a little bit paranoid. In theory, with a few billion dollars you could build a machine capable of cracking AES in months. So far there is no evidence such a machine exists, but... Most people don't have to worry about that though, even if they are doing something that could get them in serious trouble - certainly the national police, Interpol or even secret services (MI6/CIA) don't have any chance of breaking AES by brute force. Of course they could torture you now but even that isn't much of a threat to anyone not labelled a terrorist by the US.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    5. Re:no encryption that YOU didn't write is safe by thomasw_lrd · · Score: 5, Insightful

      The only problem with being a hardass, is that there is always a bigger hardass out there, willing to prove it to you.

      --
      21st Century Renaissance Man
    6. Re:no encryption that YOU didn't write is safe by DaedalusHKX · · Score: 5, Insightful

      Rules for dealing with government are simple. Do not get involved in their business, do not play their games, do not volunteer anything, do not agree to anything, do not play with them, or for them. Once you do, your ass is theirs. They own you, with your consent at that.

      By the same principle, don't fuck around, don't trespass, don't steal, and don't be a crook. Learn the law VERY carefully, keep a copy of Black's Law Dictionary (I think 6th edition is out now) in several different versions. Look up innocent looking terms and verbs in forms. DO NOT consent to anything period. Sign nothing. Be sure you know what is "your name" and what is what someone may call you. Practice your rights. Yes... all of them. A right practiced doesn't need to be infringed, because you already don't have it.

      Be very suspicious not of your neighbors but of men in "special" uniforms or funny hats that supposedly give them power over you. Don't let strangers into the house. Homeschool your kids and do a god job, history, law and the local mythology are especially important subjects. Several languages and a good grasp of self defense, tactics and strategy are also quite important. Those with kids who choose to be politically active are extra vulnerable, since kids are the ultimate Achilles Heel.

      Never ever trust strangers. Trust people in uniforms even less. Never ever get into a stranger's car, despite what you see in the movies. If they want to talk to you, they can get into yours. If you are confronted by a "friend from high school" and like most average people you can't remember who you met yesterday, nevermind back then, look behind you, you're probably about to get cattle prodded in the back and shoved into a van.

      These were simple coping strategies for those who were not average plebeians and who survived the cullings of communism. I lost relatives who were educated, men I could've learned much from. I never met them because they were taught that self defense was for cops and soldiers. And when the king's men were gone, and the cops were coopted to communism... there was nobody to protect the smart, educated, "civilized" (i.e. willingly helpless) men from the cleansings. The ones who weren't "lifted" and sent off to Siberia, were enrolled into a front line regiment and given crap gear and no real training. Very few returned, most scarred for life. All I saw of them while growing up were pictures over mantelpieces. Grandmothers mourning long lost brothers or maimed cousins. That is the fate of the helpless of those who depend on others for their protection...

      And what governments are preparing today, the police states being built now, they are so much more insidious, in that they're so much better concealed behind "feel good" intentions and bullshit propaganda about "the good of man". Oh well, fools get what they deserve. There's no stopping it at this point, fools gave up that chance a long time ago. All one can do now is get out of the way and let the Leviathan leap off the cliff with all the fools aboard. Watch the splatter and feel not sorry... they laid their own beds. Trying to save the stupid from their stupidity is what got the world into its sorry state in the first place. The stupid should have been permitted to perish, and Darwin should've been allowed to have his laugh. Instead the stupid were forced to live against their best attempts, so they outbred those who merited survival and to thrive.

      --
      " What luck for rulers that men do not think" - Adolf Hitler
  4. Never was and never will be... by Arimus · · Score: 4, Insightful

    Depending on how you define secure then no, Hushmail is not.

    Personally if I want to send encrypted mail I will do so on a PC I have direct control over, I will carry out the encryption before the email goes anywhere. And depending on the type of encryption used, I might even carry out the encryption on a terminal which has no network connections etc and after encrypting the mail will shutdown the PC and leave it shutdown for a while - this setup would have no swap partition etc, or if it did it would be a minimum of baseline encrypted.

    As for Hushmail - its secure if you trust them to use suitable encryption algorithm, key material, psuedo random number generator, secure processes (not the program kind, the how to do the job kind), secure network, no shady or otherwise agreements with third parties (inc. governments) to provide decrypted data, not to store your orginal plain-text mail for any longer than the time it takes to encrypt it, securely erase the plain-text version etc etc etc. Probably enough holes to drive a bus through...

    --
    --- Users are like bacteria -> Each one causing a thousand tiny crises until the host finally gives up and dies.
  5. Jars embed date of creation - More Info Needed by KrisWithAK · · Score: 5, Insightful

    Any developer that has worked closely with jar (zip) files should have immediately notice a possible issue with this announcement. If you use the jar tool to create a jar archive with its default options, it embeds a new MANIFEST.MF file which has a new creation time; therefore, you will get a different jar checksum even if you are archiving the same exact contents. It would have been simply possible that the Hushmail build process created a new jar file (with identical files) for each type of software distribution that they use. The only way we can be sure is to compare the file list and checksum for each file inside of the jar archives.

  6. Encryption + web-based don't mix well by mcrbids · · Score: 4, Insightful

    Anytime your private encryption key is "over there" you are at risk. If your private key is stored on *their* servers in such a manner that *they* can get to it, your privacy is at risk.

    As a software developer, I'm in a pilot program to use encryption for digital signatures. Despite the relative simplicity of using openSSL functionality, it's been surprisingly painstaking and laborious to put everything together.

    See, real security requires outright paranoia. How do you prevent your CA key from being compromised, in such a way that you can all-but guarantee that it hasn't been? To do this, you have to make it not only unlikely, but impossible to be compromised in every conceivable way. How do you prevent your client's private key from being compromised, in such a way that you can all but guarantee it? How do you prevent a malicious client from obtaining a signed certificate? How do you prevent 3rd parties from MITM attacks? How do you provide high-level security for all the above, while still providing redundancy for disaster recovery? How do you prevent compromises stemming from a social engineering attack?

    Not including implementation and ongoing maintenance of these procedures, the cost of just proving that you have all these measures in place runs to many thousands of dollars!

    A solution that answers all these and every conceivable related question is surprisingly difficult, and many, if not most, of the problems are not technical, but social.

    --
    I have no problem with your religion until you decide it's reason to deprive others of the truth.
  7. Re:Rubber-hose cryptanalysis by mrogers · · Score: 5, Insightful

    That used to be funny before we discovered our governments were actually torturing people. Nowadays I don't find it funny.