|Cryptome DVDs are offered by Cryptome. Donate $25 for two DVDs of the Cryptome 12-years collection of 46,000 files from June 1996 to June 2008 (~6.7 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of cryptome.org, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org, and 23,000 pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost.|
3 August 2008
Date: Sun, 03 Aug 2008 09:04:38 -0700 Subject: CRYPTOME: Response to hushmail-pry.htm From: "S Brian Smith" <sbs[at]hushmail.com> Hello, This post is in error: http://cryptome.org/hushmail-pry.htm The post refers to the wrong file for the comparison. The check should have been done against this file: applets/HushEncryptionEngine.jar That is the file actually used on the website. It is processed with Proguard to reduce the download size, and has no debug information. If you checksum that file, the checksum will match the file on the website. The file mentioned in the post, HushEncryptionEngine_3-0-0-30.jar, contains debugging information and is not processed by Proguard. Therefore it does not match the file for download on the website. Regards, Brian Smith Hush Communications
Date: Sun, 3 Aug 2008 18:40:48 +0200 From: "Rafal Kwasny" <mag[at]entropy.be> Subject: Cyptome. Hushmail Applet I recently saw info about hushmail http://cryptome.org/hushmail-pry.htm. However author compared wrong files, hushmail applet is available in /applets/ directory within .zip file https://www.hushmail.com/downloads/HushEncryptionEngine_3-0-0-30.zip and it is the same file as serverd via WWW.
2 August 2008
Hushmail exposed? Some people started to ask me questions like: "Is Hushmail still safe?", and I wanted to investigate this further... and I found it: Hush provides full source code for review of their HEE (Hush Encryption Engine) in: https://www.hushmail.com/help-downloads (Direct Download) https://www.hushmail.com/downloads/HushEncryptionEngine_3-0-0-30.zip within this file (HushEncryptionEngine_3-0-0-30.zip) there is a file called "HushEncryptionEngine_3-0-0-30.jar". "HushEncryptionEngine" is the Java executable responsible for the process of encryption of messages in Hushmail (Java enabled version). The hash of this file is: 0e6efd6b236cbb2a73049a65d6d9c5e23ac3d25b (SHA-1 Hash) But this isn't the same file avaiable by Hushmail in their servers: https://mailserver1.hushmail.com/shared/HushEncryptionEngine.jar https://www.hushtools.com/shared/HushEncryptionEngine.jar The hash of this version is: 09e56f59a8392522543af1a1a95cb80729aa62c6 (SHA-1 Hash) and the file definitely isn't the same avaiable in the file "HushEncryptionEngine_3-0-0-30.zip" (but it should be). You can confirm this opening the mentioned files with a tool like 7-Zip or WinZip. Again: The hash from the original version included with the source code released by Hush: 0e6efd6b236cbb2a73049a65d6d9c5e23ac3d25b (SHA-1 Hash) And the hash from the version available in Hushmail website: https://mailserver1.hushmail.com/shared/HushEncryptionEngine.jar and https://www.hushtools.com/shared/HushEncryptionEngine.jar is: 09e56f59a8392522543af1a1a95cb80729aa62c6 (SHA-1 Hash) Cryptome readers may draw the conclusions by themselves.