[7099] in cryptography@c2.net mail archive
Re: Pass phrases, Hushmail and Ziplip
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Mon May 15 17:06:06 2000
From: Marc Horowitz <marc@MIT.EDU>
To: "Arnold G. Reinhold" <reinhold@world.std.com>
Cc: cryptography@c2.net
Date: 15 May 2000 14:54:13 -0400
In-Reply-To: "Arnold G. Reinhold"'s message of "Mon, 15 May 2000 12:56:55 -0400"
Message-ID: <t537lcv1w6i.fsf@horowitz.ne.mediaone.net>
"Arnold G. Reinhold" <reinhold@world.std.com> writes:
>> I'm not picking on Hushmail. Hushmail is a fairly good privacy
>> product. It should protect against the average office snoop or an
>> employer that wants to monitor employee e-mail. In fact, I'd give
>> their work a 95%. Unfortunately, 95% is not a passing grade in high
>> security cryptography. They have, however, opened their design to
>> public critique and that is the only way I know to get close to 100%.
>> So I'm just trying to help.
I'm not that familiar with Hushmail. Do they claim anywhere to be
doing "high security cryptography"? As you say, what they have is
probably enough if the market they're going after is dirty jokes and
love letters.
All of what you've suggested is good advice, but it isn't impossible
that Hushmail doesn't believe it's worth the effort, considering that
the private keys are stored online on their servers. If you disagree,
there's certainly nothing preventing you from building a competitor.
Marc
