Hushmail in U.S. v. Tyler Stumbo

Ian G iang at
Fri Nov 2 13:23:30 EDT 2007

Jon Callas wrote:
> On Nov 1, 2007, at 10:49 AM, John Levine wrote:
>>> Since email between hushmail accounts is generally PGPed.  (That is
>>> the point, right?)
>> Hushmail is actually kind of a scam.  In its normal configuration,
>> it's in effect just webmail with an HTTPS connection and a long
>> password.  It will generate and verify PGP signatures and encryption
>> for mail it sends and receives, but they generate and maintain their
>> users' PGP keys.
>> There's a Java applet that's supposed to do end to end encryption, but
>> since it's with the same key that Hushmail knows, what's the point?
> I'm sorry, but that's a slur. Hushmail is not a scam.

It certainly was not a scam when I was involved (cryptix 
guys did some part of the original java crypto) many years 
ago.  The private key is encrypted by your passphrase, so 
the private key is not available to Hushmail.

The basic concept is of course somewhat limited by what it 
tries to do, but it is sound.  Hushmail published the applet 
that did all this, and it was possible to read the code and 
attack it.  At least one flaw was found, from deep dim memory.

There is for example a danger that hushmail could simply 
change the applet, and then acquire someone's key.  A victim 
would not notice so easily because there isn't much in the 
browser that stops the applet from changing code.  That's a 
threat, and they were aware of it, but it's also a bit of a 
high risk one, as, if it were spotted, their credibility 
would be shot.

In practice, the larger danger with email is that the 
high-profile threats to email security are on the client 
side.  Either you, your own machine, the other guy's 
machine, or the other guy.  I was involved in one case where 
super-secret stuff was shared through hushmail, and was also 
dual encrypted with non-hushmail-PGP for added security.  In 
the end, the lawyers came in and scarfed up the lot with 
subpoenas ... all the secrets were revealed to everyone they 
should never have been revealed to.  We don't have a crypto 
tool for embarrassing secrets to fade away.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list