US federal law enforcement agencies have obtained access to clear text copies of encrypted emails sent through Hushmail as part a of recent drug trafficking investigation. The access was only granted after a court order was served on Hush Communications, the Canadian firm that offers the service. Hush Communications said it …
Computer Science - Solving yesterday's problems tomorrow
This particular wheel was re-invented years ago:
Create your public/private key pair, upload your public key and others can send you e-mail only you can decrypt.
Find for your friends on the key server, and you can send them e-mail only they can decrypt. (Although plenty of people can
tell who you send encrypted email to.)
In the UK you must regularly change your key and erase the old private key because the police can demand your password. If you do not bother to change your keys, you are better off keeping you password secret if your e-mails explain how to make bombs.
PKI for dummies
Hm... if you're too lazy to install the Java JRE, you deserve to get your ass handed to you. The whole point of Hushmail (and any PKI-based crypto system) is to have end-to-end crypto, leaving nothing in cleartext between two users. The Java applet enables this, but for someone to be so stupid to ignore this ... well, you deserve it.
I've gone as far as generating a zillion keys, one for each PC I use. The more your private keys roam around, the more chances someone will get them.
Okay...if Hushmail isn't secure enough...
How about Hashmail? Every mail you send is instantly turned into a randomly-salted MD5 hash. This was we can guarantee that no Federal Agency will ever read any of your outbound email ever again.
I feel the fact that no-one else will ever read your outbound mail, including the intended recipient, is a small price to pay for this level of security and privacy.
Given that you UK govt can threaten you with 5-years prison for non-disclosure of your keys, maybe you should store them off-site... (which really isn't sensible)
But now ofcourse they'll still get the good on you.
use it or lose it.
Encryption. If people don't get on the bandwagon and start encrypting all their communications, in the near future you will lose the right to do so. Governments can easily impose anti-encryption legislation when so few people are using it, under the old saw that "if you've got nothing to hide you have nothing to worry about".
Trouble is, governments change, and ordinary people do have things to hide from not just the government, but from their neighbours, their boss, and a host of others who can get access to your secrets.
Encryption. Use it now, or lose it. There are dozens of programs out there that can be installed and used.
As for Hushmail, they're a scam. I hope they get sued by their customers.
"How about Hashmail? Every mail you send is instantly turned into a randomly-salted MD5 hash. "
Yeah thats a great idea?! MD5 is a one way hash function - you cant decrypt it, numerous rainbow tables have been created for MD5 even up to a 3 character salt - but still no chance otherwise.