Discussion in 'privacy problems' started by mjau, Feb 27, 2009.

Thread Status:
Not open for further replies.
  1. mjau

    mjau Registered Member

    Jan 11, 2009
    Hi people, for about 2-3 weeks now ive been having problems with my cyber-rights email. (cyber-rights is same as hushmail) Anyway it started out of being slow to load java apple, and then really slow when i sent emails like it can take 1min for the email to be sent away.

    The first email i read when i acces my mail loads fast, the rest is very very slow. This is not a internet connection problem.

    So i checked my java console when login into my email and recive this.

    HushEncryptionEngine@5324016: Initializing Hush Encryption Engine Version @15779934: This algorithm is not valid, probably because of a bad password decryption: -55

    In my second cyber-rights email i get the same msg except instead of -55 it says -29. And the number after HushEncryptionEngine@ change too different all the time also the numbers after the @.

    Now i loged into another wifi connection, and signed up for a new account, signed in and i get no error at all just that the HushEncryptionEngine has loaded.

    I wanna know whats going on, cyber-rights is not answering me about the problem. Can someone please help me explain what this means, or what other safe emails are there out there.?
  2. Carver

    Carver Registered Member

    Feb 5, 2006
  3. mjau

    mjau Registered Member

    Jan 11, 2009
    Thank you for your replay, but i dont really understand how this would have something to do with my wifi.

    Im on the same wifi and created a new username and loged in and i dident get any error msg then.

    And im located in Sweden.


    Please anyone that can assist in helping me finding out what the error means or if my email have been read by others i would appriciate it very much.

    Found this also....

    3 August 2008

    Date: Sun, 03 Aug 2008 09:04:38 -0700
    Subject: CRYPTOME: Response to hushmail-pry.htm
    From: "S Brian Smith" <sbs[at]>


    This post is in error:

    The post refers to the wrong file for the comparison. The check
    should have been done against this file:


    That is the file actually used on the website. It is processed
    with Proguard to reduce the download size, and has no debug
    information. If you checksum that file, the checksum will match
    the file on the website.

    The file mentioned in the post, HushEncryptionEngine_3-0-0-30.jar,
    contains debugging information and is not processed by Proguard.
    Therefore it does not match the file for download on the website.

    Brian Smith
    Hush Communications


    Date: Sun, 3 Aug 2008 18:40:48 +0200
    From: "Rafal Kwasny" <mag[at]>
    Subject: Cyptome. Hushmail Applet

    I recently saw info about hushmail
    However author compared wrong files, hushmail applet is available in
    /applets/ directory within .zip file

    and it is the same file as serverd via WWW.

    2 August 2008

    A sends:

    Hushmail exposed?

    Some people started to ask me questions
    like: "Is Hushmail still safe?", and I wanted to
    investigate this further... and I found it:

    Hush provides full source code for review of
    their HEE (Hush Encryption Engine) in:

    (Direct Download)

    within this file (
    there is a file called "HushEncryptionEngine_3-0-0-30.jar".

    "HushEncryptionEngine" is the Java executable responsible
    for the process of encryption of messages in Hushmail
    (Java enabled version). The hash of this file is:

    0e6efd6b236cbb2a73049a65d6d9c5e23ac3d25b (SHA-1 Hash)

    But this isn't the same file avaiable by Hushmail in their

    The hash of this version is:

    09e56f59a8392522543af1a1a95cb80729aa62c6 (SHA-1 Hash)

    and the file definitely isn't the same avaiable in the file
    "" (but it should be).

    You can confirm this opening the mentioned files
    with a tool like 7-Zip or WinZip.


    The hash from the original version included
    with the source code released by Hush:

    0e6efd6b236cbb2a73049a65d6d9c5e23ac3d25b (SHA-1 Hash)

    And the hash from the version available
    in Hushmail website:



    09e56f59a8392522543af1a1a95cb80729aa62c6 (SHA-1 Hash)

    Cryptome readers may draw the conclusions by themselves.
  4. mjau

    mjau Registered Member

    Jan 11, 2009
    Need to bump this, i really need an answer if my mail has been comprimised.
  5. n33m3rz

    n33m3rz Registered Member

    Jan 10, 2009
    Well I am not sure about this really but I just want to chime in and say that if you are really worried about your E-mails being compromised you should use GPG and manually handle encryption. Hushmail sucks, their security model is flawed and they have decrypted clients emails before for criminal cases.
Thread Status:
Not open for further replies.