Cyber-rights.net (Important)

Hi people, for about 2-3 weeks now ive been having problems with my cyber-rights email. (cyber-rights is same as hushmail) Anyway it started out of being slow to load java apple, and then really slow when i sent emails like it can take 1min for the email to be sent away.

The first email i read when i acces my mail loads fast, the rest is very very slow. This is not a internet connection problem.

So i checked my java console when login into my email and recive this.

HushEncryptionEngine@5324016: Initializing Hush Encryption Engine Version 3.0.0.33e @15779934: This algorithm is not valid, probably because of a bad password decryption: -55

In my second cyber-rights email i get the same msg except instead of -55 it says -29. And the number after HushEncryptionEngine@ change too different all the time also the numbers after the @.

Now i loged into another wifi connection, and signed up for a new cyber-rights.net account, signed in and i get no error at all just that the HushEncryptionEngine has loaded.

I wanna know whats going on, cyber-rights is not answering me about the problem. Can someone please help me explain what this means, or what other safe emails are there out there.?

 

This may have somthing to do with it http://news.cnet.com/8301-13578_3-10168114-38.html?part=rss&subj=news&tag=2547-1_3-0-20 . You pay a "privacy" price with Wi-Fi.

 

Thank you for your replay, but i dont really understand how this would have something to do with my wifi.

Im on the same wifi and created a new username and loged in and i dident get any error msg then.

And im located in Sweden.

.......

Please anyone that can assist in helping me finding out what the error means or if my email have been read by others i would appriciate it very much.

Found this also....

3 August 2008

Date: Sun, 03 Aug 2008 09:04:38 -0700
Subject: CRYPTOME: Response to hushmail-pry.htm
From: "S Brian Smith" <sbs[at]hushmail.com>

Hello,

This post is in error:

http://cryptome.org/hushmail-pry.htm

The post refers to the wrong file for the comparison. The check
should have been done against this file:

applets/HushEncryptionEngine.jar

That is the file actually used on the website. It is processed
with Proguard to reduce the download size, and has no debug
information. If you checksum that file, the checksum will match
the file on the website.

The file mentioned in the post, HushEncryptionEngine_3-0-0-30.jar,
contains debugging information and is not processed by Proguard.
Therefore it does not match the file for download on the website.

Regards,
Brian Smith
Hush Communications

__________

Date: Sun, 3 Aug 2008 18:40:48 +0200
From: "Rafal Kwasny" <mag[at]entropy.be>
Subject: Cyptome. Hushmail Applet

I recently saw info about hushmail http://cryptome.org/hushmail-pry.htm.
However author compared wrong files, hushmail applet is available in
/applets/ directory within .zip file

https://www.hushmail.com/downloads/HushEncryptionEngine_3-0-0-30.zip

and it is the same file as serverd via WWW.


2 August 2008

A sends:

Hushmail exposed?

Some people started to ask me questions
like: "Is Hushmail still safe?", and I wanted to
investigate this further... and I found it:

Hush provides full source code for review of
their HEE (Hush Encryption Engine) in:

https://www.hushmail.com/help-downloads

(Direct Download)

https://www.hushmail.com/downloads/HushEncryptionEngine_3-0-0-30.zip

within this file (HushEncryptionEngine_3-0-0-30.zip)
there is a file called "HushEncryptionEngine_3-0-0-30.jar".

"HushEncryptionEngine" is the Java executable responsible
for the process of encryption of messages in Hushmail
(Java enabled version). The hash of this file is:

0e6efd6b236cbb2a73049a65d6d9c5e23ac3d25b (SHA-1 Hash)

But this isn't the same file avaiable by Hushmail in their
servers:

https://mailserver1.hushmail.com/shared/HushEncryptionEngine.jar

https://www.hushtools.com/shared/HushEncryptionEngine.jar

The hash of this version is:

09e56f59a8392522543af1a1a95cb80729aa62c6 (SHA-1 Hash)

and the file definitely isn't the same avaiable in the file
"HushEncryptionEngine_3-0-0-30.zip" (but it should be).

You can confirm this opening the mentioned files
with a tool like 7-Zip or WinZip.

Again:

The hash from the original version included
with the source code released by Hush:

0e6efd6b236cbb2a73049a65d6d9c5e23ac3d25b (SHA-1 Hash)

And the hash from the version available
in Hushmail website:

https://mailserver1.hushmail.com/shared/HushEncryptionEngine.jar

and

https://www.hushtools.com/shared/HushEncryptionEngine.jar

is:

09e56f59a8392522543af1a1a95cb80729aa62c6 (SHA-1 Hash)

Cryptome readers may draw the conclusions by themselves.

 

Need to bump this, i really need an answer if my mail has been comprimised.

 

Well I am not sure about this really but I just want to chime in and say that if you are really worried about your E-mails being compromised you should use GPG and manually handle encryption. Hushmail sucks, their security model is flawed and they have decrypted clients emails before for criminal cases.