FOR

HushMail is an email service based on a web mail interface like MSN Hotmail. It differs from Hotmail by adding secure encryption and digital signatures. By using HushMail you are effectively outsourcing your secure email service including its PKI-based key management. So, why should you trust HushMail?

Well, the source code for the whole system is available for public scrutiny and peer review. The founding principle of HushMail is that you do not need to trust either the Internet or the Hush service to be assured that a secure system is being used. To understand how Hush has achieved this it is unfortunately necessary to go into some considerable detail regarding the inner workings of HushMail.

When you first sign on to HushMail, you are asked to move the mouse about to seed a random number generator. This generates a public and private key pair using a 2,048-bit ElGamal (Diffie-Hellman) scheme for encryption keys and a 1,024-bit digital signature algorithm (DSA) scheme for signing keys. Key exchange, encryption and digital signing proceeds according to OpenPGP as defined in RFC2440. You are then asked to choose a pass-phrase, which is used to encrypt the private key using the 128-bit symmetric Rijndael algorithm specified for the advanced encryption standard (AES) and an iterated hashing and salting technique is used to increase resistance to dictionary attacks. The encrypted private key and plain-text public key are then sent and stored on the HushMail servers at Hush Communications' sites. The public key, contained in an OpenPGP certificate, is signed by the Hush certificate authority (CA), binding the key to an email address, but not to an actual human being.

When you wish to send or receive secure messages, the pass-phrase must first be entered into the Hush Java applet that has been downloaded from the HushMail site. This is then combined with the email address (as salt) and securely hashed (also iterated) using secure hashing algorithm (SHA) and this hash is used to perform a lookup on the Hush key server network to retrieve the encrypted private key. However, there is no way that this hash can be reversed-engineered to reveal the pass-phrase. This method allows the private key to be stored 'anonymously' in the database, with no identifying information associating it with a particular email address. This means that neither Hush Communications nor an attacker penetrating the database would be able to tell which encrypted private key belonged to whom. Assuming the authentication resulting from this lookup is successful, the HushMail server sends you your own encrypted private key, which is decrypted locally by the Hush Java applet. The public key is retrieved by a simple lookup by email address.

The body and attachments of a message to be sent are encrypted with the 128-bit symmetric Rijndael (AES) algorithm using a randomly generated session key, which is generated from the timing of various user activities and securely stored accumulated random data after being securely hashed with SHA multiple times. Using the recipient's public key, the random session key is asymmetrically encrypted using the recipient's private key with the ElGamal algorithm and added to the message that is sent to the recipient via the HushMail server. When the recipient receives the message, the recipient's private key is used to decrypt the session key, which in turn is used to decrypt the message. In addition, general communications with the server are protected using secure socket layer (SSL) and whatever key length is supported by your browser, which may be 40-bit or 128-bit, although users will be warned if they are using the weaker SSL encryption.

System requirements are a web browser that supports the Java virtual machine (JVM) 1.1.5 or higher and the most recent version of SSL. For example, Microsoft Internet Explorer 5 (or higher) and Netscape Navigator 4.72 (or higher) running on a 32-bit Microsoft Windows platform meet these criteria, as do some UNIX browsers.

You can use HushMail as your one-and-only email account because you get a web mail service that you can access from any PC that has a browser and is connected to the Internet. If you are communicating with a non-HushMail user, the traffic simply is not encrypted. The web mail interface of HushMail allows most of the usual facilities you would expect, such as the ability to set up address books (that are held securely on Hush's servers), and to organize your messages in folders. HushMail may also be configured to send a paging message to another email address telling you that a HushMail message is waiting for you in your HushMail inbox. You also get 5Mb of storage space, a managed PKI solution, digital signatures and technical support. All these facilities are free if you are prepared to put up with a couple of banner advertisements. Alternatively, you can upgrade to a HushMail premium account that doesn't have the advertisements, offers increased storage space of 32Mb and has priority technical support, for $4.99 per user per month. You can also buy versions of HushMail that will integrate transparently with all major email clients and corporate email systems instead of having a web mail interface.

HushMail is also easy to use and completely transparent - you don't need to know anything about encryption to use it. The help screens and online documentation are good. Performance is comparable with other web mail products, but not as fast as an email client approach because of delays inherent in accessing your message store across the Internet. The encryption itself adds no perceptible overhead using a modern PC. One of the advantages of HushMail is that your private key is stored safely on Hush's servers and cannot be lost as it might be if it were stored locally on your PC or on a floppy diskette. Nevertheless, the private key cannot be compromised by Hush or its employees because it is encrypted using your pass-phrase as a key.

HushMail uses a strong cryptographic combination of 2,048-bit public-key (asymmetric) and 128-bit secret-key (symmetric) technology to deliver a solution that is both efficient and very secure. What do we mean by very secure? Well, there's no such thing as totally secure. However, if you choose a strong pass-phrase, it really is infeasible to decrypt HushMail messages in a useful timeframe. HushMail is so secure that even Hush Communications cannot decrypt your messages and, if you forget your pass-phrase, Hush can't help you recover it. In fact, even if a court of law required Hush to disclose such information, Hush could deliver the information only in encrypted form!
 

SC On-Line
SC Magazine
www.scmagazine.com