Posted Thursday 8th November 2007 16:07 GMT
This particular wheel was re-invented years ago:
http://www.gnupg.org/
Create your public/private key pair, upload your public key and others can send you e-mail only you can decrypt.
Find for your friends on the key server, and you can send them e-mail only they can decrypt. (Although plenty of people can
tell who you send encrypted email to.)
In the UK you must regularly change your key and erase the old private key because the police can demand your password. If you do not bother to change your keys, you are better off keeping you password secret if your e-mails explain how to make bombs.
Posted Thursday 8th November 2007 16:07 GMT
Hm... if you're too lazy to install the Java JRE, you deserve to get your ass handed to you. The whole point of Hushmail (and any PKI-based crypto system) is to have end-to-end crypto, leaving nothing in cleartext between two users. The Java applet enables this, but for someone to be so stupid to ignore this ... well, you deserve it.
I've gone as far as generating a zillion keys, one for each PC I use. The more your private keys roam around, the more chances someone will get them.
Posted Thursday 8th November 2007 18:54 GMT
How about Hashmail? Every mail you send is instantly turned into a randomly-salted MD5 hash. This was we can guarantee that no Federal Agency will ever read any of your outbound email ever again.
I feel the fact that no-one else will ever read your outbound mail, including the intended recipient, is a small price to pay for this level of security and privacy.
Posted Thursday 8th November 2007 18:54 GMT
Given that you UK govt can threaten you with 5-years prison for non-disclosure of your keys, maybe you should store them off-site... (which really isn't sensible)
But now ofcourse they'll still get the good on you.
Posted Thursday 8th November 2007 21:58 GMT
Encryption. If people don't get on the bandwagon and start encrypting all their communications, in the near future you will lose the right to do so. Governments can easily impose anti-encryption legislation when so few people are using it, under the old saw that "if you've got nothing to hide you have nothing to worry about".
Trouble is, governments change, and ordinary people do have things to hide from not just the government, but from their neighbours, their boss, and a host of others who can get access to your secrets.
Encryption. Use it now, or lose it. There are dozens of programs out there that can be installed and used.
As for Hushmail, they're a scam. I hope they get sued by their customers.
Posted Friday 9th November 2007 14:12 GMT
"How about Hashmail? Every mail you send is instantly turned into a randomly-salted MD5 hash. "
Yeah thats a great idea?! MD5 is a one way hash function - you cant decrypt it, numerous rainbow tables have been created for MD5 even up to a 3 character salt - but still no chance otherwise.
498b4ddc9f957eca6473923163dd117f
Sign up, sign up for The Register's weekly IT security newsletter - click here
Back to the article
