List Info

Thread: Re: Hushmail in U.S. v. Tyler Stumbo
Re: Hushmail in U.S. v. Tyler Stumbo
country flaguser name
Germany		 2007-11-02 12:23:30 
Jon Callas wrote:
> 
> On Nov 1, 2007, at 10:49 AM, John Levine wrote:
> 
>>> Since email between hushmail accounts is
generally PGPed.  (That is
>>> the point, right?)
>>
>> Hushmail is actually kind of a scam.  In its normal
configuration,
>> it's in effect just webmail with an HTTPS
connection and a long
>> password.  It will generate and verify PGP
signatures and encryption
>> for mail it sends and receives, but they generate
and maintain their
>> users' PGP keys.
>>
>> There's a Java applet that's supposed to do end to
end encryption, but
>> since it's with the same key that Hushmail knows,
what's the point?
>>
> 
> I'm sorry, but that's a slur. Hushmail is not a scam.


It certainly was not a scam when I was involved (cryptix 
guys did some part of the original java crypto) many years 
ago.  The private key is encrypted by your passphrase, so 
the private key is not available to Hushmail.

The basic concept is of course somewhat limited by what it 
tries to do, but it is sound.  Hushmail published the applet

that did all this, and it was possible to read the code and

attack it.  At least one flaw was found, from deep dim
memory.

There is for example a danger that hushmail could simply 
change the applet, and then acquire someone's key.  A victim

would not notice so easily because there isn't much in the 
browser that stops the applet from changing code.  That's a

threat, and they were aware of it, but it's also a bit of a

high risk one, as, if it were spotted, their credibility 
would be shot.

In practice, the larger danger with email is that the 
high-profile threats to email security are on the client 
side.  Either you, your own machine, the other guy's 
machine, or the other guy.  I was involved in one case where

super-secret stuff was shared through hushmail, and was also

dual encrypted with non-hushmail-PGP for added security.  In

the end, the lawyers came in and scarfed up the lot with 
subpoenas ... all the secrets were revealed to everyone they

should never have been revealed to.  We don't have a crypto

tool for embarrassing secrets to fade away.

iang

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com
Re: Hushmail in U.S. v. Tyler Stumbo
country flaguser name
United States		 2007-11-02 13:51:53 
>In practice, the larger danger with email is that the
high-profile
>threats to email security are on the client side.

Right.  I haven't used the end to end Java stuff, but I
believe that
it works.  Unfortunately, when you go to sign up, what you
get by
default is a version that is little more than plain old web
mail, and
their signup process does not say "if you use the web
mail we can read
all your mail and will provide it in plain text if
suboenaed."

That's what I take issue with, promoting web mail as though
it were
secure end to end PGP.

R's,
John

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com
forward-secrecy for email? (Re: Hushmail in U.S. v. Tyler Stumbo)
country flaguser name
Canada		 2007-11-05 16:41:57 
On Fri, Nov 02, 2007 at 06:23:30PM +0100, Ian G wrote:
> I was involved in one case where super-secret stuff was
shared
> through hushmail, and was also dual encrypted with
non-hushmail-PGP
> for added security.  In the end, the lawyers came in
and scarfed up
> the lot with subpoenas ... all the secrets were
revealed to everyone
> they should never have been revealed to.  We don't have
a crypto
> tool for embarrassing secrets to fade away.

What about deleting the private key periodically?

Like issue one pgp sub-key per month, make sure it has
expiry date etc
appropriately, and the sending client will be smart enough
to not use
expired keys.

Need support for that kind of thing in the PGP clients.

And hope your months key expires before the lawyers get to
it.

Companies have document retention policies for stuff like
this... dictating that data with no current use be deleted
within some
time-period to avoid subpoenas reaching back too far.

Adam

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com
[1-3]

about | contact  Other archives ( Real Estate discussion Medical topics )