[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Anfragen an HushMail


ich habe mal Hushmail betreffs Speicherung von Secret Key und Passphrase
angeschrieben (steht unten) und folgende Antwort erhalten.
Die andere Sache war ja die, daß erst mal der Public Key des Empfängers beim
Hushmailserver angefordert wird und das Java-Applet dann lokal auf meinem
Rechner die mail mit dem Key verschlüsselt und der verschlüsselte Text wieder an
Hushmail gesendet wird, was haltet Ihr von der Antwort ?:

Forwarded message follows:
On Fri Jun 04 10:09:36 CDT 1999, info@hushmail.com wrote:
Am Fri Jun 04 10:09:36 CDT 1999 schrieb info@hushmail.com:

>The passphrase, the key to the security of our system, is never stored on our server.  Without that it is virtually impossible to decrypt the secret key.  You >are the only person who knows what the passphrase is.  If you lose it, we can't help you because we keep no record of it.  When you log into our system, >you send a secure one-way hash of the passphrase, but not the passphrase itself, which authenticates you to our system.  So, the passphrase never >actually even gets on the network.
>Team Hush 

>At Fri, 04 Jun 1999 10:59:16 +0200, kai.raven@ob.kamp.net (Kai Raven) wrote:

>>Hello Team Hushmail,
>>On Sun May 23 17:10:19 CDT 1999, you wrote:
>>Am Sun May 23 17:10:19 CDT 1999 hast Du geschrieben:
>>>Thanks, Kai.  I have forwarded this to our "Bright Ideas" file.
>>>Thanks for your input and for being a HushMail user!
>>Thanks for your answer.
>>Now, i have another remark.
>>Here in germany, we discuss your service on several mailing lists.
>>And many people think, that the security of hushmail is weaken, because 
>>the storage of the secret key and passphrase on your server so that the
>>possibility exists, that somebody of your team or an intruder could decrypt
>>the encrypted text, when the mail have arrived on hushmail´s server.
>>I think this point is a justified criticism of your service and a possible
>>reason, that many informed people will not be use hushmail.