Hushmail in U.S. v. Tyler Stumbo

John Levine johnl at iecc.com
Thu Nov 1 13:49:19 EDT 2007


>Since email between hushmail accounts is generally PGPed.  (That is 
>the point, right?)

Hushmail is actually kind of a scam.  In its normal configuration,
it's in effect just webmail with an HTTPS connection and a long
password.  It will generate and verify PGP signatures and encryption
for mail it sends and receives, but they generate and maintain their
users' PGP keys.

There's a Java applet that's supposed to do end to end encryption, but
since it's with the same key that Hushmail knows, what's the point?





---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list