[ISN] HushMail: free Web-based email with bulletproof encryption

From: cult hero (jerichoat_private)
Date: Sat May 22 1999 - 05:16:04 PDT

  • Next message: cult hero: "[ISN] Clinton To Use hackers Against Yugoslav leader"

    Forwarded From: Keith Dawson <dawsonat_private>
    ..HushMail: free Web-based email with bulletproof encryption
    Hush Communications has quietly begun beta testing a significant
    development in email privacy. HushMail [1] works like Hotmail or
    Rocketmail -- you can set up multiple free accounts and access them from
    any Web browser anywhere -- but when you email another HushMail user your
    communication is protected by unbreakable encryption. The crypto,
    implemented in a downloadable Java applet, was developed outside of US
    borders and so has no export limitations. 
    Here are the FAQ [2] and a more technical overview [3] of the Hush- Mail
    HushMail public and private keys are 1024 bits long, and are stored on a
    server located in Canada. All information sent between the HushApplet and
    the HushMail server is encrypted via the Blowfish symmetric 128-bit
    algorithm. The key to this symmetric pipe is randomly generated each
    session by the server and is transferred to the client machine over a
    secure SSL connection.
    When you sign on as a new user you can choose an anonymous account or an
    identifiable one. For the latter you have to fill out a demographic
    profile, to make you more attractive (in the aggregate) to HushMail's
    advertisers. The HushApplet walks you through generating a public-private
    key-pair. The process is fun and slick as a smelt.  You need to come up
    with a secure pass-phrase, and in this process HushMail gives only minimal
    guidance. You might want to visit Arnold Reinhold's Diceware page [4],
    where he lays out a foolproof pass- phrase protocol utilizing a pair of
    HushMail relies heavily on Java (JVM 1.1.5 or higher), so it can only be
    used with the latest browsers. The earliest workable version of Netscape's
    browser is 4.04, but some features don't work in versions before 4.07; the
    latest version, 4.5, is best. For Internet Explorer users, 4.5 is
    recommended, but the latest Windows release of IE 4.0 (subversion
    4.72.3110) works as well. Red Hat Linux version 5.2 is also tested and
    supported. Unfortunately, HushMail does not work on Macintoshes, due to
    limitations in Apple's Java implementation. (Mac users can crawl HushMail
    under Connectix Virtual PC. Note that I don't say "run." I've tried this
    interpretation-under-emulation and do not recommend it.) The company is
    trying urgently to connect with the right people at Apple to get this
    situation remedied. 
    One of the limitations of this early release of HushMail is that
    encryption can only be used to and from another HushMail account. It is
    not currently possible to export your public/private key-pair, to set up
    automatic forwarding of mail sent to a HushMail account, or to import
    non-Hush public keys. I spoke with Cliff Baltzley, Hush's CEO and chief
    technical wizard. He stresses that Hush's desire and intention is to move
    toward interoperability with other players in the crypto world, such as
    PGP and S/MIME. The obstacles to doing so are the constraints on technical
    resources (read: offshore crypto programmers) and legal questions of
    intellectual property. Baltzley believes that HushMail's positive impact
    on privacy worldwide will be enhanced by maximizing the product's
    [1] https://www.hushmail.com/
    [2] https://www.hushmail.com/faq.htm
    [3] https://www.hushmail.com/tech_description.htm
    [4] http://world.std.com/~reinhold/diceware.html
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Hacker News Network [www.hackernews.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:23:41 PDT