Re: Hushmail CTO interviewed (Re: Hushmail in U.S. v. Tyler Stumbo)
http://blog.wired.com/27bstroke6/hushmail-privacy.html I was impressed by Hushmail?s candor in the above email exchange. They generally have been open with their statements. OTOH I was quite disappointed, actually worse than that, about the content of their answers. Hushmail seemed to have a philosophy of doing things ?right?. They developed a product based upon strong, peer reviewed algorithms, used well known, common and trusted PGP as a design, created an open source implementation, moved ?encryption for the masses? closer to reality by addressing some of the inconveniences of PKI, located their servers in areas outside of the US, were open in discussing the threat models, trust models, design and implementation, had people associated with them who were known for their commitment to privacy, were adamant about not allowing Carnivore to be attached to their systems, were open about complying with court orders by saying that the stored data would be turned over, but that emails which used PGP in some form would only be available in encrypted form. For all the Snake Oil out there, Hushmail seemed to at least have the right attitude and philosophy; they ?got it?. Now it appears that this attitude and philosophy have changed. They didn?t just passively turn over stored encrypted data in complying with court requests, but have, at the very least, allowed, and much more likely, assisted in the compromising of their own systems. The first decision was to allow a version which exposed the passphrase on their servers and make it the default configuration. This opened things up for the second decision, to modify their own systems to provide access to the very limited window and then actively collect cleartext during this small window. It would be one thing to find out that Hushmail had lax security and their systems had been hacked. But to find out that that Hushmail had hacked their own systems, had actively compromised their own servers in direct violation of the purpose of their business is quite a betrayal. One not just of the user, but of principle. I know that Phillip Zimmerman was associated with Hushmail for at least some portion of time. IMHO these actions by Hushmail are in strong contrast to his essay, ?Why I Wrote PGP.? and are much more in line with the linking of Donald Kerr, the principal deputy director of [US] national intelligence, ?Privacy no longer can mean anonymity ?Instead, it should mean that government and businesses properly safeguard people's private communications and financial information.? http://www.cnn.com/2007/POLITICS/11/11/terrorist.surveillance.ap/ind ex.html Furthermore, I conjecture that the complicity of Hushmail has significantly weakened the entire PGP system. The active compromising of their servers and weak implementation of PGP provides an opening for organizations to look at the contents of PGP?d email which has been sent to a Hushmail user. The PGP community may now assume that the passphrases of any Hushmail user have been compromised. The number of Hushmail users means that the affect to the PGP system is much greater than a keylogger installed on a single PGP users machine. rearden On Thu, 08 Nov 2007 14:41:35 -0500 Sidney Markowitz [EMAIL PROTECTED] wrote: There's an informative article in a Wired blog in which Hushmail CTO Brian Smith provides some information that hints at what happened in this case, although he would not speak specifically about the case. See http://blog.wired.com/27bstroke6/2007/11/encrypted-e-mai.html His implication is that the target was using their simplified version of Hushmail that encrypts on the server, using an SSL connection to send passphrase from the client to the server then providing an interface similar to ordinary webmail. The court order may have required Hushmail to save and hand over the password and/or the decrypted mail. Since Brian Smith would not say exactly what happened in this case, we can't tell if they modified the system to save the target's password the next time they used it and handed that over along with historical stored encrypted mail, or if the modification was to save unencrypted mail sent after the court order was received, or something else I haven't thought of. In any case, Smith said that Hushmail only complies with court orders that target specific accounts and would not take any action that would affect users not specifically targeted by a court order. My reading of Smith's statements in interview is that Hushmail would be subject to a court order requiring them to supply a hacked Java applet to someone who is using their Java based client-side encryption. There is no doubt that would be technically feasible, it is mentioned and would fall within the guidelines for court orders that Smith said that Hushmail would comply with. --- -- The
Re: ad hoc IPsec or similiar
The wikipedia article has some information, but it could use some edits if you have new information. http://en.wikipedia.org/wiki/Opportunistic_encryption rearden On Fri, 22 Jun 2007 11:52:13 -0400 Sandy Harris [EMAIL PROTECTED] wrote: On 6/22/07, Eugen Leitl [EMAIL PROTECTED] wrote: So what's the state in ad hoc IPsec/VPN setup for any end points? The Linux FreeS/WAN project was working on opportunistic encryption. The general idea is that if you use keys in DNS to authenticate gateways and IPsec for secure tunnels then any two machines can communicate securely without their administrators needing to talk to each other or to set up specific pre-arranged tunnels. http://www.freeswan.org/freeswan_trees/freeswan- 2.00/doc/glossary.html#carpediem http://www.freeswan.org/freeswan_trees/freeswan- 2.00/doc/quickstart.html There is an RFC based on that work: ftp://ftp.rfc-editor.org/in-notes/rfc4322.txt The FreeS/WAN project has ended. I do no know if the follow-on projects, openswan.org and strongswan.org, support OE. -- Sandy Harris Quanzhou, Fujian, China --- -- The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] -- Click here to double your salary by becoming a medical transcriber http://tagline.hushmail.com/fc/Ioyw6h4eKoYjYstwQcEy9UxPRDQcZZyB8BukGw6meHWNNe4g9MQFew/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Status of opportunistic encryption
I am also interested in Opportunistic Encryption. Even if it is not as secure as a manually configured VPN, I am willing to trade that for what it does provide. I have looked at setting up OpenSWAN in OE mode, but frankly it is daunting even for the reasonably geeky and far beyond any kind of mass implementation. Also the DNS requirements make it not a viable solution for the majority of (dynamic DNS home) users. It is fairly simple to turn on optional IPsec under windows, but then everyone needs to use a common CA (say a thawate freemail cert). This option is far easier to use than setting up openswan in OE on your router. I am interested in how Zimmermann's ZRTP accomplishes things, because he seems to have dropped the explicit need for PSKs or CAs. If this is really the case, could techniques like this be used for other types of communication? For OE to be sucessful it needs to have a critical mass on the same (or autoselectable) OE system, useable across OSs, needs to be painless to install and use, and needs to be included in standard distros configured by default as ON (say every machine which left dell had optional ipsec on (and UDP encapsulation) with a common CA :). The necessary critical mass of people won't run OE if it requires extra effort assuming they even know of it's existance or what it does. Skype has achieved something in the encrypted world because it is on by default. In my unscientific WAG, more communication going over skype than SRTP, because SRTP is generally not shipped in a working state and there isn't a one stop CA. Anytime I have recommended using STARTTLS to my sysadmin friends, they have always worried about breaking stuff and complained about needed expensive certs. I would be willing to take the step of using a non authenticated mode (initially), if it would remove some of these impediments and create widespread use. There is a wikipedia entry on OE, but it is quite sparse, so update it if you have something to add. rearden On Fri, 26 May 2006 03:18:59 -0400 Sandy Harris [EMAIL PROTECTED] wrote: Some years back I worked on the FreeS/WAN project (freeswan.org), IPsec for Linux. One of our goals was to implement opportunistic encryption, to allow any two appropriately set up machines to communicate securely, without pre- arrangement between the two system administrators. Put authentication keys in DNS; they look those up and can then use IKE to do authenticated Diffie- Hellman to create the keys for secure links. Recent news stories seem to me to make it obvious that anyone with privacy concerns (i.e. more-or-less everyone) should be encrypting as much of their communication as possible. Implementing opportunistic encryption is the best way I know of to do that for the Internet. I'm somewhat out of touch, though, so I do not know to what extent people are using it now. That is my question here. I do note that there are some relevant RFCs. RFC 4322 Opportunistic Encryption using the Internet Key Exchange (IKE) RFC 4025 A Method for Storing IPsec Keying Material in DNS and that both of FreeS/WAN's successor projects (openswan.org and strongswan.org) mention it in their docs. However, I don't know if it actually being used. -- Sandy Harris Zhuhai, Guangdong, China --- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]