Help Home | How It Works | General FAQ | Technical FAQ | Definitions | Privacy Links

High Level Technical Description

All discussion assumes that the Elite Fitness Stealth Messaging user has a Java ™ Enabled Web-browser, implementing JVM 1.1.5 or higher and the most recent version of SSL, Secure Sockets Layer. An example of such a browser would be Netscape Navigator ™ 4.72 or Microsoft's Internet Explorer ™ 5, running on a Windows ™ platform.

The founding principle of Elite Fitness Stealth MessagingMail is that the user need not trust either the Internet or the Elite Fitness Stealth Messaging service to be assured that a secure system is being used.

First, an overview of address creation:

  1. The user downloads the "New Account" Java Applet, via the World Wide Web, and picks an email address name.
  2. The user is asked to move his or her mouse to generate random numbers.
  3. Both public and private key are generated, using a 1,024-bit Diffie-Helman scheme.
  4. The user enters, and confirms, their self-created passphrase.
  5. The passphrase, seen as a key, is used to symmetrically encrypt the private key.
  6. The encrypted private key and plaintext public key are sent to the Elite Fitness Stealth MessagingMail server.

Some finer clarifications:

1a. The "NewAccount "Java Applet is transferred to the client machine via an SSL connection. Elite Fitness Stealth Messaging recommends that the connection be 128-bit strong encryption, in order to strongly authenticate the client software origin. The hash of the applet can be compared for extra rigor.

2a. Exactly 1,024-bits of random numbers are generated, calculated from the X and Y coordinates of the mouse movements. The exact algorithm is present in the source code, which can be reviewed at http://www.hush.ai/. These random bits are then "mixed up" a second time using a secure one-way hash algorithm (SHA), to alleviate any possible skew from differing JVM performance or Elite Fitness Stealth Messaging user mouse patterns.

3a. The 1,024-bits of randomly generated code is the Elite Fitness Stealth Messaging user's private key. The public key is mathematically generated from it, using the ElGamal scheme. The p and g numbers are strong pre-generated constants given in the applet. The Elite Fitness Stealth Messaging user has now created his or her keypair.

4a. The Elite Fitness Stealth Messaging user creates any passphrase he or she wishes. The strength of the system directly correlates to how hard it would be to guess or brute force attack this passphrase. Elite Fitness Stealth Messaging strongly recommends that its users create strong passphrases.

5a. Using a 128-bit key, derived from the Elite Fitness Stealth Messaging user's passphrase, the Blowfish symmetric algorithm is applied to the user's private key, thus, generating an encrypted private key.

6a. A secure one-way hash of the Elite Fitness Stealth Messaging user's passphrase, using SHA, is also partially sent to the Elite Fitness Stealth MessagingMail server, for validation of the Elite Fitness Stealth Messaging user at a later date. All the information sent between the Elite Fitness Stealth Messaging applet and the Elite Fitness Stealth MessagingMail server is encrypted using a symmetric, 128-bit, Blowfish algorithm. The key to this symmetric "pipe" is randomly generated each session by the Elite Fitness Stealth MessagingMail server, and is transferred to the client machine via a secure SSL connection.

Next, an overview of the process of sending a Elite Fitness Stealth MessagingMail message:

  1. The Elite Fitness Stealth Messaging user downloads the Elite Fitness Stealth Messaging applet via the World Wide Web, having entered his or her address name.
  2. The Elite Fitness Stealth Messaging applet, running on the client machine, requests the user's passphrase.
  3. The passphrase is entered. Then, it is securely hashed. Part of this hash is sent to the Elite Fitness Stealth MessagingMail server for user validation.
  4. Only if the partial hash is valid, will the Elite Fitness Stealth MessagingMail server send the client Elite Fitness Stealth Messaging applet the Elite Fitness Stealth Messaging user's public key and encrypted private key.
  5. The Elite Fitness Stealth Messaging applet symmetrically decrypts the encrypted private key into its plaintext form.
  6. The Elite Fitness Stealth Messaging user enters the system and can view email, create address aliases, compose email, and utilize other features of the Elite Fitness Stealth MessagingMail service.
  7. When the Elite Fitness Stealth Messaging user composes and sends a message, the Elite Fitness Stealth Messaging applet contacts the Elite Fitness Stealth MessagingMail server and downloads the recipient's public key.
  8. If the recipient is in the sending Elite Fitness Stealth Messaging user's address book, it compares the public key values against an electronic fingerprint for extra security.
  9. The body of the email message being sent is symmetrically encrypted with a randomly generated session key.
  10. Using the recipient's public key, the random session key is asymmetrically encrypted and added to the message that is sent to the recipient.
  11. The entire message is sent to the Elite Fitness Stealth MessagingMail server, which sends the message out to the Internet using SMTP.
  12. When the recipient reads the message, the recipient's private key will decrypt the session key, which will yield access to the plaintext message itself.

Some finer clarifications:

1a. Refer to 1a under the "Address Creation Process" section of this document. Please note a different applet is used in this example.

2a. The passphrase is never transmitted from the client machine.

3a. The Elite Fitness Stealth MessagingMail server only releases encrypted private keys to strongly validated users. This limits possible risk of high-speed, brute force attacks trying to recover either the Elite Fitness Stealth Messaging user's passphrase or plaintext private keys. If the Elite Fitness Stealth MessagingMail server detects multiple tries in a short period, such as someone trying to guess a user passphrase, it will notify a system administrator and/or temporarily stop accepting requests from that address name and/or IP address.

4a. This operation is the same as 5a, except in the reverse.

5a. All public keys of Elite Fitness Stealth MessagingMail users are available. They are retrieved during the encryption process, prior to transmission of the encrypted message

6a. If a sending Elite Fitness Stealth Messaging user distrusts the Elite Fitness Stealth MessagingMail server itself, the sender may put the recipient address in his or her address book. By doing so, the sender can view the hash (or "fingerprint") of the recipient's public key before sending the message. Both sender and recipient may exchange fingerprint information at any time, any way they wish.

7a. The randomly generated Blowfish algorithm is 128-bits long. It is created by differences in keystroke timing from the Elite Fitness Stealth Messaging user after being securely hashed with SHA multiple times.

8a. The Elite Fitness Stealth MessagingMail message format is a hybrid symmetric encryption/public system, created for speed and efficiency. Once messages have been read, they are stored via symmetric encryption. The session key is stored in the email header. Messages sent to oneself are symmetrically encrypted only.