[107015] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Hushmail in U.S. v. Tyler Stumbo

daemon@ATHENA.MIT.EDU (John Levine)
Thu Nov 1 16:24:02 2007

Date: 1 Nov 2007 17:49:19 -0000
From: John Levine <johnl@iecc.com>
To: cryptography@metzdowd.com
In-Reply-To: <20071030162753.58F1322840@mailserver5.hushmail.com>
Cc: auto37159@hushmail.com

>Since email between hushmail accounts is generally PGPed.  (That is 
>the point, right?)

Hushmail is actually kind of a scam.  In its normal configuration,
it's in effect just webmail with an HTTPS connection and a long
password.  It will generate and verify PGP signatures and encryption
for mail it sends and receives, but they generate and maintain their
users' PGP keys.

There's a Java applet that's supposed to do end to end encryption, but
since it's with the same key that Hushmail knows, what's the point?

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[107015] in cryptography@c2.net mail archive

Re: Hushmail in U.S. v. Tyler Stumbo

daemon@ATHENA.MIT.EDU (John Levine)Thu Nov 1 16:24:02 2007

daemon@ATHENA.MIT.EDU (John Levine)
Thu Nov 1 16:24:02 2007