[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cryptopolitics] Silent Circle and Secure Email
- To: Jeffrey Walton <[email protected]>
- Subject: [cryptopolitics] Silent Circle and Secure Email
- From: [email protected] (Adam Back)
- Date: Sat, 10 Aug 2013 03:19:59 +0200
- Cc: [email protected], Cryptopolictics Mailing List <[email protected]>
- In-reply-to: <CAH8yC8=SF+rjZwQFqDTLEkPYGjq5x_dQcjLaZ+vM-mguezX+bQ@mail.gmail.com>
- References: <CAH8yC8mNmLzM2vMAN-Gw8mJyjQ6cKs3eDkmC+sdLMs_uTw8m-g@mail.gmail.com> <[email protected]> <CAH8yC8mxz5ED4fbjN3JeGtbH9K0J07N0++CrUNtRabu9WSCvHw@mail.gmail.com> <[email protected]> <CAH8yC8=SF+rjZwQFqDTLEkPYGjq5x_dQcjLaZ+vM-mguezX+bQ@mail.gmail.com>
(Thanks for the link.) It says hushmail had a simplified web-only version (no
java applet) and that the disclosure of client emails did not involve
pressured code changes (at least code shipped to clients), rather that as a
natural consequence of the way passwords would be processed on the server
side and decryption happened on the server side so hushmail had the
passwords, private keys, and decrypted plaintexts at leas in memory to hand
over on request.
Adam
On Fri, Aug 09, 2013 at 08:59:53PM -0400, Jeffrey Walton wrote:
>On Fri, Aug 9, 2013 at 8:56 PM, Adam Back <[email protected]> wrote:
>> ...
>>
>> Its less clear what lavabit were talking about. Perhaps something similar
>> in terms of an SMTP interoperability encryption gap, or alternatively about
>> being pressured to modify code (which people seem to assume, but I didnt see
>> explicitly stated).
>>
>> There were some hushmail rumors about code modification some years back -
>> does anyone know what actually at hushmail?
>Encrypted E-Mail Company Hushmail Spills to Feds,
>http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/.