Home | Community | Message Board


Kratom Eye
Please support our sponsors.

Community >> Security and Safety

Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Shop: PhytoExtractum Kratom Powder for Sale   Kraken Kratom Red Vein Kratom

Jump to first unread post. Pages: 1
Offlinetheocean06
Yeah, I've donefour already...

Registered: 07/10/04
Posts: 1,458
Last seen: 7 years, 4 months
Secure Email
    #3641336 - 01/17/05 11:58 PM (13 years, 10 months ago)

Hush Mail - http://www.hushmail.com/ - is a good service, correct? I just found out the reason I have not been getting certain emails is because hotmail blocks there company for some reason.


--------------------


The story of life is quicker then the blink of an eye, the story of love is hello, goodbye.            - Hendrix :bow:


Post Extras: Print Post  Remind Me! Notify Moderator
Invisiblez@z.com
Libertarian
Registered: 10/13/02
Posts: 2,876
Loc: ATL
Re: Secure Email [Re: theocean06]
    #3641679 - 01/18/05 01:14 AM (13 years, 10 months ago)

I use and love hushmail.


--------------------
"Of all tyrannies, a tyranny exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis

"I would rather be exposed to the inconveniencies attending too much liberty than to those attending too small a degree of it." - Thomas Jefferson


Post Extras: Print Post  Remind Me! Notify Moderator
OfflineInnerBeing
Yakuza Boss

Registered: 12/07/04
Posts: 413
Loc: Chinatown
Last seen: 2 years, 10 months
Re: Secure Email [Re: z@z.com]
    #3641689 - 01/18/05 01:19 AM (13 years, 10 months ago)

So you can talk about anything using hushmail>? ANYTHING?


--------------------
Kiss the ring Bitch!



Post Extras: Print Post  Remind Me! Notify Moderator
InvisibleLe_Canard
The Duk Abides

Registered: 05/17/03
Posts: 94,392
Loc: Earthfarm 1 Flag
Re: Secure Email [Re: InnerBeing]
    #3644105 - 01/18/05 05:50 PM (13 years, 10 months ago)

Quote:

InnerBeing said:
So you can talk about anything using hushmail>? ANYTHING?




Well, as long as the other person is using Hushmail, your message would be fully 1024 bit encrypted. That doesn't apply when you email someone using another email service (ISP or web-based email, that is). However, a sent Hushmail email will not show your ISP number in the headers, so it would be pretty hard to trace any particular email you sent from their service...


Post Extras: Print Post  Remind Me! Notify Moderator
Offlinetheocean06
Yeah, I've donefour already...

Registered: 07/10/04
Posts: 1,458
Last seen: 7 years, 4 months
Re: Secure Email [Re: Le_Canard]
    #3644171 - 01/18/05 06:04 PM (13 years, 10 months ago)

That's for the free version, correct?  I know they have a version where you have to pay like 30 bucks, but I just went with the free option.  Whenever I try to send an encrypted email, it always says it can't find public keys or something like that, and then asks if I would like to sent it unencrypted.  I don't know why that is :confused:


--------------------


The story of life is quicker then the blink of an eye, the story of love is hello, goodbye.            - Hendrix :bow:


Post Extras: Print Post  Remind Me! Notify Moderator
InvisibleLe_Canard
The Duk Abides

Registered: 05/17/03
Posts: 94,392
Loc: Earthfarm 1 Flag
Re: Secure Email [Re: theocean06]
    #3644190 - 01/18/05 06:08 PM (13 years, 10 months ago)

I believe so. Mind you, I haven't used Hushmail for a few years, so my information is a tad out-of-date. A few years ago, the free version had the same strength encryption as the premium service, the only difference being that you got more server space and could send larger emails with the premium service. As to the public keys, it sounds like they've gone over to PGP encryption, which is about the strongest encryption you can get. I'm afraid I can't help you there, though. Of course, I could be wrong too. Sorry, I wish I could help you out more here...


Post Extras: Print Post  Remind Me! Notify Moderator
InvisibleautomanM
blasted chipmunk
 User Gallery

Registered: 09/18/03
Posts: 8,087
Re: Secure Email [Re: theocean06]
    #3661705 - 01/22/05 03:13 AM (13 years, 10 months ago)

you could use the thunderbird email client with the enigmail extension installed. thats what i use.


--------------------
No, no, you're not thinking, you're just being logical. ~ Niels Bohr


Post Extras: Print Post  Remind Me! Notify Moderator
Offlineazurescens
member
Registered: 02/17/04
Posts: 717
Last seen: 10 years, 5 months
Re: Secure Email [Re: theocean06]
    #3663410 - 01/22/05 06:28 PM (13 years, 10 months ago)

You need tl make sure that the person you're sending an email to is using hushmail also so that it can be encrypted.


Post Extras: Print Post  Remind Me! Notify Moderator
OfflinePNutButta
Stranger
Registered: 10/06/03
Posts: 114
Last seen: 9 years, 4 months
Re: Secure Email [Re: azurescens]
    #3668489 - 01/23/05 05:40 PM (13 years, 10 months ago)

Using services such as Hushmail can actually be counter productive. Like an Antivirus program without current updates, it can provide a false sense of security, where none really exists.

1. Direct Maliciousness (from Hushmail)
How much do you trust Hushmail? Do you know Hushmail? I mean other than as a website. Do you trust an abstract entity with whom you have never had any face-to-face contact? I hope your answer is no. So why would you trust that entity's software to securely transfer your email? All Hushmail would have to do is store your decrypted private key (their software could send it to them), record your keystrokes during pass-phrase entry, or use a back-doored encryption method to produce your keys and they would have complete access to your communications.

2. Direct Maliciousness (from 3rd Parties)
A third party attacker could accomplish many of the same feats as a malicious Hushmail. Keystroke-loggers, screen-shots, hacked binaries, all possible venues for attack. If a 3rd party has access to your machine (locally or remotely) no amount of encrypt for transit will protect your data.

3. Man-in-the-Middle
A man in the middle attack is one where an attacker (call her Mallory) impersonates one or more of the participants in a conversation (say between Alice and Bob). Alice thinks she is communicating directly and secretly with Bob, and Bob thinks the same of his communications with Alice. Mallory, by sitting in between Alice and Bob is able to capture their communications, read and/or modify them, then send them to the appropriate recipient. If Bob thinks that he was given Alice's public key, but in reality is using Mallory's, Mallory is able to read, possibly edit (dependent if Bob uses his private key as authentication), then re-encrypt with Alice's real public key and send right back on its way with out either Alice or Bob having any idea.

4. User Error
People make mistakes. Even when attempting to be highly security conscious, shit happen. One could accidentally share his or her private key on KaZaA (or what ever P2P app is popular with the kids these days), forget to click encrypt and send the message plain-text. If the pass-phrase is forgotten, the key pair is useless and one may be unable to inform their 'co-conspirators' because they no longer have access to a communication channel.

So maybe all of these are highly unlikely (but probably not ['cept 3, I know, MitM attacks are quite difficult to pull off]) but they show the holes that trusting an anonymous website operator can open. One should only send via 3rd parties, information that they would not worry about falling in to the hands of said 3rd party. Especially when the 3rd party is the one providing the encryption/decryption services.

A safer way to use encrypted email is to do the encryption yourself, and send in regular mail. Only encrypt and decrypt mail on a locked down machine, preferably one with read-only file systems (live discs perhaps) and not network connected, which never leaves your presence, and has some method for testing the integrity of the underlying system.

Hushmail is a neat idea and all, but for the highly paranoid Paranoid, it just doesn't cut it.

P. Nut Butta


Post Extras: Print Post  Remind Me! Notify Moderator
Offlinetheocean06
Yeah, I've donefour already...

Registered: 07/10/04
Posts: 1,458
Last seen: 7 years, 4 months
Re: Secure Email [Re: PNutButta]
    #3668510 - 01/23/05 05:44 PM (13 years, 10 months ago)

I actually didn't go to Hushmail for the security feature, more of a I-need-a-new-email-service type of reason.  Hotmail was blocking a company for some reason, and so I just wanted to go to a new one.  The security was a bonus.

Thank you PNutButta for your post, that was very informative :thumbup:


--------------------


The story of life is quicker then the blink of an eye, the story of love is hello, goodbye.            - Hendrix :bow:


Post Extras: Print Post  Remind Me! Notify Moderator
Offlineazurescens
member
Registered: 02/17/04
Posts: 717
Last seen: 10 years, 5 months
Re: Secure Email [Re: theocean06]
    #3670325 - 01/24/05 01:37 AM (13 years, 10 months ago)

PNutbuta....you need to have somewhat of an idea about how pgp clients as well as secured email servers such as huchmail work before you start on a tirade. Just about all of your above stated reasoning is mere paranoia. If you are using hushmail for secure conversations than hopefully you know how to track and alleviate any keyloggers as well as shut down any open ports that dont need to be. Anyway, I'm not really that interested in getting into a debate but you are misinformed in your anaylsis.


Post Extras: Print Post  Remind Me! Notify Moderator
OfflinePNutButta
Stranger
Registered: 10/06/03
Posts: 114
Last seen: 9 years, 4 months
Re: Secure Email [Re: azurescens]
    #3671585 - 01/24/05 10:26 AM (13 years, 10 months ago)

Not to start a debate you are not interested in, azurenscens, but a little bit of paranoia never hurt :smile:

Quote:

you are misinformed in your analysis



My analysis of the situation as it applies to Hushmail or the general topic of encrypted communications?

Security in PGP, as in any encryption, requires secure keys, trusted software, and educated users. A weak link in this chain may result in broken or damaged encryption. If your keys are not secure and an attacker is able to obtain them, then your encryption is nullified (unless you go security-thru-obscurity and use some unknown algorithm). If the software has not been publicly tested, then you cannot be sure that the algorithms used or the specific implementations of these algorithms are secure. And as you pointed out:
Quote:

If you are using hushmail for secure conversations than hopefully you know how to track and alleviate any keyloggers as well as shut down any open ports that dont need to be.



Yes, hopefully one would know how take care of all those things. But people will always be the weakest link in the encryption chain. Even smart people do dumb shit. Accessing you Hushmail or encrypted private key from a friend's computer that just happens to be rooted by a malicious individual (and what other kind of individual roots another's box, at least from the perspective of the one getting rooted) is all that it would take for your pass-phrase to be keylogged (is that proper usage?) and your key is no longer secure.

The simple fact that you are unable to audit Hushmail's software should be a red flag (for the paranoid). The average user, even if they tend to be more educated about how PGP works, cannot verify that software is doing what it claims, and nothing else. Sure, it spits out an encrypted email at the recipients end, but how do you know that is all that happened. And that was my original point about trusting Hushmail. The trustworthiness of their software is entirely dependent on your trust of Hushmail.

I completely believe that it is possible to communicate securely with email. I even use Hushmail! I also know that I trust software more if its source code is available. I'm just trying to say that users should not expect highly secure communication to be as easy and mindless as Hotmail.

P. Nut Butta

PS - azurenscens, sorry, I just wanted to defend my paranoia and I ended up going into another rant!


Post Extras: Print Post  Remind Me! Notify Moderator
Offlinenife
I'm Dead
Male
Registered: 12/26/03
Posts: 225
Last seen: 4 years, 9 months
Re: Secure Email [Re: PNutButta]
    #3671644 - 01/24/05 10:58 AM (13 years, 10 months ago)

Just use pgp.... You can do it with anything. Don't trust hush mail to do it for you. Even if you use hush mail. Don't trust them to do it for you. Thats like handing some random guy on the street and saying now encrypt this so nobody sees it..... Umm NO.... Just my two cents though


--------------------
Protect Your Rights
Freedom Card


Post Extras: Print Post  Remind Me! Notify Moderator
Jump to top. Pages: 1

Shop: PhytoExtractum Kratom Powder for Sale   Kraken Kratom Red Vein Kratom

Community >> Security and Safety

Similar ThreadsPosterViewsRepliesLast post
* How to Purchase Securely 101
( 1 2 3 4 all )
LanaM 35,727 64 05/22/13 03:31 AM
by 1ve5w4hu
* hushmail. Anonymous 1,088 6 09/17/03 12:22 PM
by Lana
* Secure way to exchange info via e-mail? JunkFood 591 5 07/16/07 07:34 PM
by simplystoned
* hushmail, ziplip, etc. Xochitl 995 2 08/23/03 02:11 AM
by Xochitl
* security of aol IM drewcifer 972 4 03/02/04 03:16 PM
by valour
* Hushmail.Com
Fungi_x
1,666 7 10/31/03 03:15 PM
by windex
* The BASICS of Securing your computer and E-mail. Cyber 1,803 12 06/09/09 05:34 PM
by Alan Rockefeller
* How secure are 'private' e-mail providers BlueDruid 644 3 04/26/07 12:04 AM
by Quake3

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: Lana, Enlil, Alan Rockefeller
849 topic views. 0 members, 1 guests and 0 web crawlers are browsing this forum.
[ Print Topic ]
Search this thread:
Everything Mushrooms
Please support our sponsors.

Copyright 1997-2018 Mind Media. Some rights reserved.

Generated in 0.06 seconds spending 0.012 seconds on 20 queries.