Hi people, for about 2-3 weeks now ive been having problems with my cyber-rights email. (cyber-rights is same as hushmail) Anyway it started out of being slow to load java apple, and then really slow when i sent emails like it can take 1min for the email to be sent away. The first email i read when i acces my mail loads fast, the rest is very very slow. This is not a internet connection problem. So i checked my java console when login into my email and recive this. HushEncryptionEngine@5324016: Initializing Hush Encryption Engine Version 3.0.0.33e @15779934: This algorithm is not valid, probably because of a bad password decryption: -55 In my second cyber-rights email i get the same msg except instead of -55 it says -29. And the number after HushEncryptionEngine@ change too different all the time also the numbers after the @. Now i loged into another wifi connection, and signed up for a new cyber-rights.net account, signed in and i get no error at all just that the HushEncryptionEngine has loaded. I wanna know whats going on, cyber-rights is not answering me about the problem. Can someone please help me explain what this means, or what other safe emails are there out there.?
This may have somthing to do with it http://news.cnet.com/8301-13578_3-10168114-38.html?part=rss&subj=news&tag=2547-1_3-0-20 . You pay a "privacy" price with Wi-Fi.
Thank you for your replay, but i dont really understand how this would have something to do with my wifi. Im on the same wifi and created a new username and loged in and i dident get any error msg then. And im located in Sweden. ....... Please anyone that can assist in helping me finding out what the error means or if my email have been read by others i would appriciate it very much. Found this also.... 3 August 2008 Date: Sun, 03 Aug 2008 09:04:38 -0700 Subject: CRYPTOME: Response to hushmail-pry.htm From: "S Brian Smith" <sbs[at]hushmail.com> Hello, This post is in error: http://cryptome.org/hushmail-pry.htm The post refers to the wrong file for the comparison. The check should have been done against this file: applets/HushEncryptionEngine.jar That is the file actually used on the website. It is processed with Proguard to reduce the download size, and has no debug information. If you checksum that file, the checksum will match the file on the website. The file mentioned in the post, HushEncryptionEngine_3-0-0-30.jar, contains debugging information and is not processed by Proguard. Therefore it does not match the file for download on the website. Regards, Brian Smith Hush Communications __________ Date: Sun, 3 Aug 2008 18:40:48 +0200 From: "Rafal Kwasny" <mag[at]entropy.be> Subject: Cyptome. Hushmail Applet I recently saw info about hushmail http://cryptome.org/hushmail-pry.htm. However author compared wrong files, hushmail applet is available in /applets/ directory within .zip file https://www.hushmail.com/downloads/HushEncryptionEngine_3-0-0-30.zip and it is the same file as serverd via WWW. 2 August 2008 A sends: Hushmail exposed? Some people started to ask me questions like: "Is Hushmail still safe?", and I wanted to investigate this further... and I found it: Hush provides full source code for review of their HEE (Hush Encryption Engine) in: https://www.hushmail.com/help-downloads (Direct Download) https://www.hushmail.com/downloads/HushEncryptionEngine_3-0-0-30.zip within this file (HushEncryptionEngine_3-0-0-30.zip) there is a file called "HushEncryptionEngine_3-0-0-30.jar". "HushEncryptionEngine" is the Java executable responsible for the process of encryption of messages in Hushmail (Java enabled version). The hash of this file is: 0e6efd6b236cbb2a73049a65d6d9c5e23ac3d25b (SHA-1 Hash) But this isn't the same file avaiable by Hushmail in their servers: https://mailserver1.hushmail.com/shared/HushEncryptionEngine.jar https://www.hushtools.com/shared/HushEncryptionEngine.jar The hash of this version is: 09e56f59a8392522543af1a1a95cb80729aa62c6 (SHA-1 Hash) and the file definitely isn't the same avaiable in the file "HushEncryptionEngine_3-0-0-30.zip" (but it should be). You can confirm this opening the mentioned files with a tool like 7-Zip or WinZip. Again: The hash from the original version included with the source code released by Hush: 0e6efd6b236cbb2a73049a65d6d9c5e23ac3d25b (SHA-1 Hash) And the hash from the version available in Hushmail website: https://mailserver1.hushmail.com/shared/HushEncryptionEngine.jar and https://www.hushtools.com/shared/HushEncryptionEngine.jar is: 09e56f59a8392522543af1a1a95cb80729aa62c6 (SHA-1 Hash) Cryptome readers may draw the conclusions by themselves.
Well I am not sure about this really but I just want to chime in and say that if you are really worried about your E-mails being compromised you should use GPG and manually handle encryption. Hushmail sucks, their security model is flawed and they have decrypted clients emails before for criminal cases.