Wednesday, June 12, 2013

The Problem with Hushmail

Since the recent NSA spying story broke last week, the public's interest in protecting their communications has skyrocketed. Like never before, people are checking out technologies like encrypted emails. Several articles from well known publications have recommended moving our email away from providers like Gmail and AOL and to a provider called Hushmail.

Hushmail is a web based email system similar to Gmail, Yahoo Mail, and others that boasts the feature that all of your email is heavily encrypted and that nobody but you and your recipient will be able to read it.  They even mention that the mail is encrypted using GnuPG, the open source version of PGP  That all sounds right and fantastic but Hushmail isn't telling you the whole story - or at least not right up front without digging a little deeper. Because of what I consider a critical security flaw in the way Hushmail is designed, I strongly recommend that anyone concerned with their privacy not use the service at all.

How the Technology Works

When a user signs up for a new Hushmail account, the service uses GnuPG to create a new encryption "key pair" for them.  This system is known as "public key cryptography" and consists of two complete separate keys: a public key that you can give out to everyone and allows them to encrypt email to you, and a private key that you keep to yourself and allows you to decrypt messages sent to you and sign messages for authentication purposes.

From that point on, anytime you send a message to another Hushmail user, that message is automatically encrypted to their public key and in theory can only be read by them. If you send the message to a non-Hushmail user, Hushmail generates a message encryption key and the user must either click a link with the key in it or enter a password to read the message.

Sounds pretty sound. What's wrong with it?

As I mentioned a moment ago, your private key is what allows you to decrypt messages sent to your Hushmail address. In fact, your private key is the only thing that stops someone who doesn't have your Hushmail password from reading your emails.  In ordinary encryption setups, you would be the only person to possess your private key. If someone gets a hold on that key and can break the password on it, they can read email encrypted to you and sign email as if they were you.

Hushmail breaks security by keeping both your private and your public key on their servers. That means that, at all times, Hushmail has access to your private key, can decrypt your email, and could even, in the case of a malicious system administrator or hacker, even sign email as if they were you.

This, of course, also means that your email is not completely secure. You're not the only one in charge of your key. In fact, there are situations where Hushmail can (and has) handed over users private, encrypted, email to law enforcement during criminal investigations.

Your mail is not private on Hushmail! Anyone who can get access to the system can trivially gain access to your encrypted emails.

Anyone. Not just law enforcement or the government. Anyone.

What are the options to using Hushmail?

Unfortunately, there just aren't that many encrypted email providers out there that don't operate exactly in the way Hushmail does. If you truly want to secure your emails from everyone's prying eyes, I suggest you download and learn to use GnuPG and a few associated tools. If you learn GnuPG, you can even use Hushmail in a secure way where even they can't read your emails. The trick is always handling encryption yourself and never letting your private key out of your hands.

GnuPG isn't hard to use. It does have a slight learning curve but with a little patience anyone can learn to protect themselves and not worry about anyone having the ability to spy on their emails.

Tomorrow, we'll discuss setting these tools up and basic use.   

3 comments:

ilsa.bartlett@gmail.com said...

Thanks...

Eric said...

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.11 (GNU/Linux)

hQIMAxororDR1h2GARAA6nIrzYaFvidESMizpVmb6TrZ3avmvDKLnkFitaM8DRoH
O7i9zxlvtsra3IGMCHdWpxyIDvAPNU+GfIngwTgWzkS73qZ/SpiePA0PDpjL6nII
IO9k3O1DZ+tOfJTI8iYdE7PuJADudoMy/5TEa26w5JzMjGhwTIJI56IAmdNIJgVz
nD/BoH176cz3F2vmfof0fOLhb4z81JHppHEMAuIOJE2VG7UOSQ5OuXRu5EclO8UP
ZrhDUF0KVj5dbfNQWANjMsAXoyVwYIO38VpfMVTeZ4NC3vRPsMSvP5fih1xP+Ebs
7TN9ZAynkOz1UsmEwQGKzx5q0LGh057SxjlEakc8EVkP3OfwWivnOfz45R5cb9jm
5ceFR2QnNPX46QWE9xJWj4rtMllMYDbRiJnTqBzMH0MtDeczLx9rYiqVwcwxptyi
Qh9CWGDZ/KdzWeCfDJYvn3lrHg2PfpS6okYn9NuiieRS7J1LdyurnV4Q0Pk5xtHH
/WkynJlGbuZSC+xgc7Gbu8cce7z29QcFTWFfsUcj/PoFyIufaGcLLgbQiy2Sck/h
q0uSlNcWzIO3ktdiVhIC4sYYBuNZm9YYJA4BTBl8wct7s8X9iAtgQ+gJpdgnlXv+
nYX3t84/6JWIgZopt4E8+2cXGEOoqSJYyhgjASBtbwJOaxX5wdeBRyJwOevccJfS
wA8BYbi0iK8BFbhHuX2trVIx5gMBG+JBDGLI3Dwh4dDNye8+il3vAsT6k02JD6B0
4vxzdwQiT/bZblKsxe99Rtt15IrToQwHeJYwZxhinQ6fAYWX99PXj7Sjp3uCTEFM
onxkEGhu0I5Yr97XDrGaTHHPofVjDIY0f4QtEJ7HtVM7GypXNPx3EP0W/RwNT2He
Bjjnk6PM5hBCubyNaHXvloeuTQjySc9no5nBI8sNtwKjUbVPtA4+4ZDYP1W/DDrs
Mbo0OVFGUSVQN89pivxJiTE=
=j2jc
-----END PGP MESSAGE-----

Graham Oakman said...

Here is the great application for the task.