Please Scroll Down to See Forums Below Effie_drine
New member
With the technology that our federal goverment has, it can do anything it want's to. The word Secure just doesn't exist.
How secure is @elitefitness.com e-mail?? PLease read.
- Thread starter Big Rick Rock
- Start date
jh1
New member
This speculation about them being able to 'crack' your password... is complete non-sense. Here is why: for any lawenforcement to read your email they need a warrant.... if they get a warrant why would they bother to 'crack' your password.
The warrant would be served to Hushmail or other vendor and Hushmail would hand over the keys. Simple as that. A supenoa works wonders to read mail.. no need for your passphrase.
If they are out 'cracking' passwords then they don't have a warrant which means they are breaking the law to begin with.
The warrant would be served to Hushmail or other vendor and Hushmail would hand over the keys. Simple as that. A supenoa works wonders to read mail.. no need for your passphrase.
If they are out 'cracking' passwords then they don't have a warrant which means they are breaking the law to begin with.
thx9000 -- Look at your browser while you're downloading the applet. It comes direct from hushmail, not from EF. George is cool but if he could break PGP, he'd be collecting the Nobel prize in math, not Plat memberships.
jh1 -- the whole point of putting the applet on your machine is that the secret key is generated on your PC and is encrypted there with your passphrase. It shouldn't go anywhere. If you lose your passphrase, that's all she wrote, for that key and all the old mail that was encrypted with it. All Hushmail can do is invalidate that key and let you start over from scratch. They can't "hand over your keys" because they don't have them. (But if your passphrase is "1234" don't come crying to hush or EF about it. 'Kay?)
jh1 -- the whole point of putting the applet on your machine is that the secret key is generated on your PC and is encrypted there with your passphrase. It shouldn't go anywhere. If you lose your passphrase, that's all she wrote, for that key and all the old mail that was encrypted with it. All Hushmail can do is invalidate that key and let you start over from scratch. They can't "hand over your keys" because they don't have them. (But if your passphrase is "1234" don't come crying to hush or EF about it. 'Kay?)
A
Ashamed
Guest
yes.. but you can log into hush, or cyberrights from anywhere... it just requires downloading another applet... you are still only as secure as your password/passphrase.. a password is the weakest link...
Understood. Hush put the EF logo on their product. If you speak DNS, look at the MX for 'elitefitness.com' and you'll see that ALL elitefitness.com mail goes directly to hushmail's server, not ours. (Makes my life more complicated, in fact....) If you don't trust Elite Fitness mail, you don't trust Hushmail. It's just that simple.
By the way -- I'm not an EF employee. I work at EF's ISP, and George is one of our more demanding customers. He's the most customer-oriented guy I've ever met, and he takes any problem with this site personally.
digger said:
I know I am connecting to Hush, I know the MX record points to Hush, and I know that I no applet loads prior to me connection to Hush.
I was just going after the most paranoid scenario I could think of. That involves George learning Java, modifying Hush's applet to send our PW's or decrypted mail (after our login at hush) to some FBI.elitefitness.com server. Then he sends his doctored applet to Hush and asks then to use on mailserver1 for all EF customers.
That's kinda ridiculus though. Hush isn't going to enter into and SLA with someone that provides THEM modified code. Well at least I wouldn't. Furthermore, Hush probably wouldn't allow their reputation for secure communication to be risked this way even if they were open to the idea of allowing customers to modify their applet.
We've had customers ask us to simply allow them to do the branding changes to products they were reselling. Our answer was an adamant no, I am sure Hush looks at it the same way.
Similar threads
