Cryptome DVDs are offered by Cryptome. Donate $25 for two DVDs of the Cryptome 12-years collection of 46,000 files from June 1996 to June 2008 (~6.7 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of,,, and, and 23,000 pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost.

3 August 2008

Date: Sun, 03 Aug 2008 09:04:38 -0700
Subject: CRYPTOME: Response to hushmail-pry.htm
From: "S Brian Smith" <sbs[at]>


This post is in error:

The post refers to the wrong file for the comparison.  The check 
should have been done against this file:


That is the file actually used on the website.  It is processed 
with Proguard to reduce the download size, and has no debug 
information.  If you checksum that file, the checksum will match 
the file on the website.

The file mentioned in the post, HushEncryptionEngine_3-0-0-30.jar, 
contains debugging information and is not processed by Proguard.  
Therefore it does not match the file for download on the website.

Brian Smith
Hush Communications


Date: Sun, 3 Aug 2008 18:40:48 +0200
From: "Rafal Kwasny" <mag[at]>
Subject: Cyptome. Hushmail Applet

I recently saw info about hushmail
However author compared wrong files, hushmail applet is available in
/applets/ directory within .zip file

and it is the same file as serverd via WWW.

2 August 2008

A sends:

Hushmail exposed?

Some people started to ask me questions
like: "Is Hushmail still safe?", and I wanted to
investigate this further... and I found it:

Hush provides full source code for review of
their HEE (Hush Encryption Engine) in:

(Direct Download)

within this file ( 	
there is a file called "HushEncryptionEngine_3-0-0-30.jar".

"HushEncryptionEngine" is the Java executable responsible
for the process of encryption of messages in Hushmail
(Java enabled version). The hash of this file is:

0e6efd6b236cbb2a73049a65d6d9c5e23ac3d25b (SHA-1 Hash)

But this isn't the same file avaiable by Hushmail in their

The hash of this version is:

09e56f59a8392522543af1a1a95cb80729aa62c6 (SHA-1 Hash)

and the file definitely isn't the same avaiable in the file
"" (but it should be).

You can confirm this opening the mentioned files
with a tool like 7-Zip or WinZip.


The hash from the original version included
with the source code released by Hush:

0e6efd6b236cbb2a73049a65d6d9c5e23ac3d25b (SHA-1 Hash)

And the hash from the version available
in Hushmail website:



09e56f59a8392522543af1a1a95cb80729aa62c6 (SHA-1 Hash)

Cryptome readers may draw the conclusions by themselves.