Encrypted Web Pages?

Martin Fick mogulguy at yahoo.com
Mon Dec 17 19:57:26 UTC 2007


--- Martin Fick <mogulguy at yahoo.com> wrote:
> --- Michael Holstein <michael.holstein at csuohio.edu>
> wrote:
> > 
> > My thought on Java was to be able to 
> > automate the key scheme within the 
> > browser, versus requiring them download 
> > a .gz.gpg file and decrypt it on their 
> > own. A (sort-of) working example of 
> > this is how HushMail does it (using 
> > Java to code the PGP stuff).
> 
> Forgive me for not understanding, but 
> what prevents HushMail from decoding
> the messages?

Ah, from HushMail themselves:

https://www.hushmail.com/hushmail/showHelpFile.php?file=compatibility/java/index.html

  "Attacker controls webserver while 
   you are accessing your email

   With Java:
   Not protected, but evidence of the 
   attack will remain on your computer

   Without Java:
   Not protected, no evidence of attack 
   on your computer"

Seems pretty untrustworthy to me.  There
is a hidden messaging/mail service in 
torland which should be more trustworthy 
than HushMail, but, of course, I don't
think that it is integrated with the 
browser like I would like.

-Martin



      ____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping



More information about the tor-talk mailing list