Please Scroll Down to See Forums Below 
Big Rick Rock
istrator
There have been some rumors about Elitefitness.com e-mail and how "unsecure" it is. I'm posting this in an effort to dispel some of those rumors and hopefully let you guys understand how Elitefitness.com e-mail really works.
Elitefitness.com E-mail is provided by Hushmail.com, and so is the Cyber-Rights.com e-mail accounts that are so popular now. It is NOT hosted by Elitefitness.com. If you want to check on this then open you elitefitness.com e-mail box and look at the URL on your browser and it should look something like https://mailserver1.hushmail.com/hushmail.php…. Hushmail has set up an e-mail system with the colors and logo of Elitefitness.com but that is where it ends.. it is all hosted and managed by Hushmail.
In case you are wondering if hushmail it self is secure. Take a look at the hushmail.com system works (please keep in mind that this applies to elitefitness.com e-mail as well.
How Hushmail Works
Hush uses industry standard algorithms as specified by the OpenPGP standard (RFC 2240) to ensure the security, privacy and authenticity of your email. With Hushmail, users need only create and remember their own passphrases, and the secure Hushmail server does the rest. Encryption and decryption are transparent to the user, making Hushmail the most user-friendly secure mail solution available. Through the Hush Encryption Engine™, the Hush key servers take care of
Public/Private key exchange in a completely seamless fashion. When a user wishes to encrypt/decrypt data or verify/sign a signature, a connection is automatically made to a Hush Key Server to retrieve the necessary Public/Private Key. It's that simple! Only Hush's solution provides such a high level of security combined with total ease of use. The descriptions below will give you an overview of how the Hush system secures email.
Figure 1
2,048 bits of random numbers are converted into a pair of keys -- one private key and one public key. (What the public key locks, the private key unlocks, and vice-versa.) Every Hush user will have his or her unique pair of encryption keys. The user's passphrase encrypts and decrypts the user's private key so that no one but the user ever has access to it. Not even Team Hush.
Figure 2
The passphrase, combined with the AES algorithm, symmetrically encrypts the private key. A one-time message key, unique to each email that is sent, is used to encrypt and decrypt the email message itself.
The message key, which is a component of the AES algorithm, encrypts the email. The recipient's public key is used to encrypt the message key.
The message key is asymmetrically encrypted using the recipient's public key. Both the encrypted email and the encrypted message key are combined and sent to the recipient.
The email may only be decrypted by using the one-time message key.
The message key can only be decrypted by using the recipient's private key.
The recipient's private key can only be decrypted by entering the recipient's personal passphrase.
The encrypted email and the encrypted message key are sent to the recipient. So, not only is the email securely coded before it is ever stored on a server, but the key to decode the email is also encoded. Further, the private key needed to decrypt this key is also encrypted. Only the recipient can retrieve their private key by entering their secret personal passphrase.
Elitefitness.com E-mail is provided by Hushmail.com, and so is the Cyber-Rights.com e-mail accounts that are so popular now. It is NOT hosted by Elitefitness.com. If you want to check on this then open you elitefitness.com e-mail box and look at the URL on your browser and it should look something like https://mailserver1.hushmail.com/hushmail.php…. Hushmail has set up an e-mail system with the colors and logo of Elitefitness.com but that is where it ends.. it is all hosted and managed by Hushmail.
In case you are wondering if hushmail it self is secure. Take a look at the hushmail.com system works (please keep in mind that this applies to elitefitness.com e-mail as well.
How Hushmail Works
Hush uses industry standard algorithms as specified by the OpenPGP standard (RFC 2240) to ensure the security, privacy and authenticity of your email. With Hushmail, users need only create and remember their own passphrases, and the secure Hushmail server does the rest. Encryption and decryption are transparent to the user, making Hushmail the most user-friendly secure mail solution available. Through the Hush Encryption Engine™, the Hush key servers take care of
Public/Private key exchange in a completely seamless fashion. When a user wishes to encrypt/decrypt data or verify/sign a signature, a connection is automatically made to a Hush Key Server to retrieve the necessary Public/Private Key. It's that simple! Only Hush's solution provides such a high level of security combined with total ease of use. The descriptions below will give you an overview of how the Hush system secures email.
Figure 1
2,048 bits of random numbers are converted into a pair of keys -- one private key and one public key. (What the public key locks, the private key unlocks, and vice-versa.) Every Hush user will have his or her unique pair of encryption keys. The user's passphrase encrypts and decrypts the user's private key so that no one but the user ever has access to it. Not even Team Hush.
Figure 2
The passphrase, combined with the AES algorithm, symmetrically encrypts the private key. A one-time message key, unique to each email that is sent, is used to encrypt and decrypt the email message itself.
The message key, which is a component of the AES algorithm, encrypts the email. The recipient's public key is used to encrypt the message key.
The message key is asymmetrically encrypted using the recipient's public key. Both the encrypted email and the encrypted message key are combined and sent to the recipient.
The email may only be decrypted by using the one-time message key.
The message key can only be decrypted by using the recipient's private key.
The recipient's private key can only be decrypted by entering the recipient's personal passphrase.
The encrypted email and the encrypted message key are sent to the recipient. So, not only is the email securely coded before it is ever stored on a server, but the key to decode the email is also encoded. Further, the private key needed to decrypt this key is also encrypted. Only the recipient can retrieve their private key by entering their secret personal passphrase.
