Is Hushmail Still Safe?

Ringo Kamens writes to ask if the use of Hushmail can still be considered a secure method of communication: "For a long time, Hushmail was considered a very secure email provider until an affidavit (PDF) from a DEA agent in 2007 showed that they had handed over 12 CDs of possibly decrypted data to law enforcement. Now, Cryptome has posted that the Hushmail encryption program is no longer the same program for which Hushmail releases their source. Is Hushmail even safe to use anymore?"

Is Hushmail still safe?

[Naughty Bob]

The answer depends on how naughty you are.

For the kind of low-level crimes I like to commit, Hushmail is safe as milk.

If you like to blow up American stuff, it's not so safe anymore.

Re:Is Hushmail still safe?

[Ryukotsusei]

What if you're lactose-intolerant?

Re:Huh??

[Vectronic]

Shhhh!... keep your voice down.

Re:Is Hushmail still safe?

[Naughty Bob]

What's the worst that can happen?....

exactly

Re:no encryption that YOU didn't write is safe

[quitte]

Sarah Connor? Is that you?

Newsletter Time

[Anonymous Coward]

1 Your high-school girlfriend cheated on you
2 The Government can't be trusted
3 Peer review of published encryption standards is worthless

Fascinating. Are you asserting "1 AND 2 ERGO 3" or "1 ERGO 2 ERGO 3"?

Re:no encryption that YOU didn't write is safe

[shaitand]

If the brilliant minds missed it, how is it you know about it?

First rule of Hushmail...

[MsGeek]

...is that nobody talks about Hushmail.

Re:no encryption that YOU didn't write is safe

[djdavetrouble]

Obviously you've never seen 24 and that room full of awesome computer at CTU HQ,
and Jack Bauer's cell phone that works EVERYWHERE.

I mean all that stuff is real, its basically a documentary.

All it takes is one determined tow headed ex special forces DUDE with a license to ill,
and your whole encryption thingy comes tumbling down.

Re:Never was and never will be...

[ColdWetDog]

... bring your own bootable ISO cd/dvd to run the OS from which you compose and encrypt that email, and your own keyboard to ensure there are no hardware key loggers installed, right?

OK, I'll bite (and I know the you are being a bit sarcastic) but:

What are you all doing on your computers? If you read these posts you would think that the average slashdotter was planning to overthrow one (or more likely all) governments on a regular basis. Really now. From your respective basements?

Re:Mixmaster

[ivantheshifty]

If you want encryption guaranteed against major governments you have to go with a one time pad. Even then you've got to worry about Van Eck Phreaking or FPGA eavesdropping.

In general it's a bad idea to be confident in your encryption - if the Germans hadn't been so confident in Engima they might have done much better militarily.

Wait wait wait...Somebody on slashdot's read Cryptonomicon? I'm shocked.

Rubber-hose cryptanalysis

[AmishElvis]

Ha, I found this on Wikipedia, attributed to Marcus J. Ranum -

...the rubber-hose technique of cryptanalysis. (in which a rubber hose is applied forcefully and frequently to the soles of the feet until the key to the cryptosystem is discovered, a process that can take a surprisingly short time and is quite computationally inexpensive)