Subject: Re: Ping victor
References: <4e7a4ec4$0$5505$c3e8da3$eb767761@news.astraweb.com>
<pfmk77ts8kfqjjd3vjbioqe809eh9nfh3i@4ax.com>
Message-ID: <20110924211510.EC9428145C@fleegle.mixmin.net>
Date: Sat, 24 Sep 2011 22:15:10 +0100 (BST)
Newsgroups: alt.fan.utb.naughty-boy
Author-Supplied-Address: Baal<AT>nym<DOT>mixmin<DOT>net
From: <Use-Author-Supplied-Address-Header@[127.1]>
Path: news.nzbot.com!spool1.sonic-news.com!pull-news.sonic-news.com!s05-b05.iad!npeersf02.iad.highwinds-media.com!npeer03.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!news.glorb.com!news.mixmin.net!mail2news.mixmin.net!not-for-mail
Lines: 329
Injection-Info: mail2news.mixmin.net; mail-complaints-to=abuse@mixmin.net
Xref: news.nzbot.com alt.fan.utb.naughty-boy:4661
X-Received-Date: Sat, 24 Sep 2011 21:15:15 UTC (s05-b05.iad)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
HMS Victor Victorian wrote in alt.fan.utb.naughty-boy on Wednesday 21
September 2011 17:42 in Message-ID: <pfmk77ts8kfqjjd3vjbioqe809eh9nfh3i@4ax.com>:
> On 21 Sep 2011 20:53:28 GMT, "'C-O,Z*-M.O S+" <me@who.com> wrote:
>
>> Dear Victor
>> I do hope I can enrol you onto my ad hock security pgp-training course!
>>
>> I understand it is a non-urgent project but none the less, believe it
>> would be worthwhile to add the new skills to your armoury
>> Yours faithfully
>> Cos
>
> Dear Cosmos,
>
> You are my last letter for this evening. How very curious that I also
> had an individual heretofore unknown to me write me at my addie with a
> very detailed request for the same.
'Twas I, I believe.
> Have I missed something? Happens, you know!
I believe Cozmos is mistaken when he states that this is 'non-urgent' as
so-called 'lawful access' legislation coming down the pipe in Canada will
completely gut Hushmail's already-questionable security model.
In my view, Hushmail has been in the doghouse since 2007, when the DEA's
"Operation Raw Deal" went down.
As you may recall from my message, the U.S. Drug Enforcement Administration
(DEA) managed to obtain some 12 CDs worth of decrypted email between one
Tyler Stumbo, his Chinese bulk steroid supplier, as well as various
customers of Stumbo's.
Stumbo and his associates believed that because Hushmail was headquartered
in Vancouver, B.C., it was beyond the reach of American law-enforcement.
Nominally, this is true -- warrants issued by U.S. courts are of no force
nor effect in Canada -- however, they did not take into account the
existence of the Mutual Law Enforcement Assistance Treaty (MLAT).
Furthermore, Stumbo and his various associates swallowed -- hook, line and
sinker -- the outright lies then made by Hushmail that:
* Even their own staff couldn't read their customers' email;
* That no IP address logging was carried out so as to map IP addresses to a
particular Hushmail account holder;
* That, if the authorities were to subpoena a Hushmail account holder's
messages, all they would receive in response were PGP encrypted messages.
These claims are documented in copies of Hushmail's FAQ as archived by the
Internet Archive's Wayback Machine.
As can be seen from their own FAQs, Hushmail flat-out lied to their own
customers -- no surprise here, for if their customers knew the truth, they
wouldn't have used Hushmail in the first place, but rather explored more
secure alternatives.
The supreme irony here is that, by 2007, secure alternatives (in the form of
nymservers and remailers) had been in existence for a dozen years or more.
Had Stumbo, his Chinese suppliers and customers made proper use of these
tools, many of them -- including Stumbo himself -- would likely not be
rotting in jail cells right now.
- From the Hushmail FAQ dated 2001-06-25 as saved by the Internet Archive
(Wayback Machine):
34. Does HushMail have a "back door" that can be accessed by government
agencies?
No. Email, which includes attachments, sent between Hush users is
completely encrypted.
35. What if my message is subpoenaed?
Hush will answer valid, court-issued subpoenas. However, if the mail
is fully encrypted, the subpoenaed version will not resemble the
original text version.
You can see here that Hushmail are implying that encrypted data will be
supplied in response to a subpoena; a later revision of Hushmail's FAQ
explicitly makes this claim.
49. Does HushMail have access to my private keys?
Hush never actually possesses the private keys of any of its
users. Private keys are created on the local machines of Hush
users when they create their accounts, and are symmetrically
encrypted, one key for both encryption and decryption with
individual Hush user passphrases. Then, the encrypted private
keys are sent to the Hush server and are stored there. Further,
a secure one-way hash of each individual user's passphrase is
generated on the user's local machine. The one-way hash is,
then, stored on the Hush server. This one-way hash can only be
derived from an individual passphrase, but the passphrase
cannot be recovered from the one-way hash.
When a Hush user logs on to www.hushmail.com and enters their
passphrase, the passphrase is hashed in the same way, and the
one-way hash is sent to the Hush server for authentication.
Passphrases are never sent to the Hush server, so Hush never
has access to them, nor can Hush retrieve them. For example,
after an individual passphrase has been authenticated, the
Hush server sends the user's browser (Netscape ™/Internet
Explorer ™) the encrypted private key. The private key is
then, decrypted, locally, using the Hush user's passphrase.
At that point, the user can read their messages.
57. Does Hush track IP addresses of visitors or address holders?
No.
58. Do you keep logs of IP addresses of people logging in?
No.
* * *
As can be seen from a later revision of the FAQ in February 2002, Hushmail's
stance on what they could/would provide if presented with a subpoena is even
more explicit.
Also notice the change to their IP logging policy -- from a strict "no logs"
policy to a policy of, "We keep logs, but not so as to affect your anonymity."
Another blatant lie, as the Stumbo case amply demonstrates.
- From Hushmail's main FAQ February 2002:
37. Does HushMail have a "back door" that can be accessed by government
agencies?
No. Email, which includes attachments, sent between Hush users is
completely encrypted.
38. What if my message is subpoenaed?
Hush, like any company or individual, is legally bound to respond
to court-issued subpoenas. However, because not even Hush can access
the encryption keys of individual users, in the case of a subpoena
Hush would only be able to provide the encrypted (coded) version of
the transmitted email.
Unlike the earlier FAQ entry on subpoenas, this is unambiguous; they're not
skirting the issue, but rather confronting it directly. Hushmail, essentially,
was pledging here not to rat-out their customers to the authorities.
This, and the IP logging policy reproduced below, was likely what Tyler
Stumbo and many others relied-upon when they decided to choose Hushmail for
their privacy needs.
Hushmail's failure here was to store the users' private half of the PGP key-
pair; if they didn't store the private half, then they would have HAD no way
to decrypt the users' messages. This is the way nymservers currently operate;
they only have the public half of the users' PGP keypair, so they CANNOT be
forced to decrypt a users' messages.
- From Hushmail's Technical FAQ February 2002:
18. Does Hush track IP addresses of visitors or address holders?
Hushmail.com does log IP addresses to analyze market trends and
gather broad demographic information for aggregate use. However,
HushMail.com will never log your IP address in such a way that it
can be associated with your HushMail email address or identity.
The procedure does NOT affect the anonymity of the user at any
stage.
19. Do you keep logs of IP addresses of people logging in?
Hushmail.com does log IP addresses to analyze market trends and
gather broad demographic information for aggregate use. However,
HushMail.com will never log your IP address in such a way that
it can be associated with your HushMail email address or identity.
The procedure does NOT affect the anonymity of the user at any
stage.
Hushmail FAQ 2002-02-03 as saved by the Internet Archive (Wayback Machine).
Source: http://web.archive.org/web/20010215032439/http://www.hushmail.com/about_hushmail/faq/#gq34
* * *
If Hushmail had lived up to their promises as outlined in their FAQs, Stumbo,
his suppliers, and his associates would have had nothing to worry about --
but that's not what happened -- not by a long-shot.
Stumbo and his associates failed to anticipate four things:
1) The existence of a Mutual Law-Enforcement Assistance Treaty (MLAT)
between the U.S. and Canada (among other countries).
Under the provisions of MLAT, the U.S. government (or one of its various
agencies, like the DEA) can request that the Canadian government order the
courts to issue a search warrant valid in Canada to provide any information
the U.S. government or one of its agencies is seeking. That is how they got
around the jurisdictional issues.
2) Because Stumbo and his associates all used Hushmail, this provided the
authorities with "one stop shopping" as it were -- it made their jobs so
much easier than it would have otherwise been if they had been forced to
go after email service providers in any number of foreign jurisdictions.
3) Because their email was encrypted, and they believed it was impervious to
police scrutiny, they were rather more candid, and far less circumspect
than they perhaps might otherwise have been, if they thought their emails
were subject to scrutiny by the authorities.
4) The final (not to mention fatal) flaw lies in the design of the Hushmail
service itself. This fatal flaw in Hushmail's design was in violating one
of the cardinal design principles of public key cryptography -- namely
the separation of public and private halves of the key pairs.
To understand what I mean, you have to know a little about the history of
cryptography, and /why/ public-key cryptography was developed. The age-old
problem plaguing cryptography since before the days of Julius Caesar was
that of key distribution. You can think of a key as a type of password, i.e.
a means to encrypt (and later decrypt) a message. So, in other words, the
same password (or key) is used to encrypt the message on the sender's end,
and decrypt the message on the receiver's end.
Sending an encrypted message is easy; the problem is, how do you get the key
to decrypt the message to the intended recipient of the message? Therein
lies the rub. If you send the key along with the message, anyone who
intercepts the message also gets possession of the key to decrypt it, thus
defeating the point of using encryption in the first place.
Because of this problem, until about 20 years ago, cryptography largely
remained the province of governments. Keys were distributed by diplomatic
couriers -- like the ones you see in movies with briefcases chained to their
wrists.
Around 1970, Ellis and Cocks who worked for the ultra-secret GCHQ (the U.K.
analog to the American NSA) developed what they characterised as 'non-
secret' encryption, which later was independently re-discovered by Martin
Hellmann, and Whitfield Diffie.
Public key cryptography solved the key-distribution problem by breaking a
encryption key into two independent, but related, halves: a public half, and
a private half. The public half, as the name implies, could be distributed
publicly, while the private half had to remain a closely guarded secret.
The public key is used to encrypt messages, while the private half is used
to decrypt them.
Where Hushmail screwed the pooch was in retaining BOTH halves of the PGP
keypair, for their users. Now mind, the secret key is protected by a pass-
phrase, and Hushmail did warn users to choose a secure passphrase. In fact,
they recommended Diceware, which is an excellent method to generate secure
passphrases. (See: http://www.diceware.com/ for details.)
The problem is, having possession of the secret key means that all that is
required for your security to evaporate is for Hushmail to capture the pass-
phrase. Apparently they accomplished this by modifying their much-vaunted
Java applet -- regular customers got the non-modified applet, while those
named on a warrant got an applet modified so as to capture the passphrase.
(I'm sure that those of you who are Hushmail users are familiar with the
fact that a fresh copy of the Hushmail Java applet is downloaded to your
computer each time you login.)
For those not using the Hushmail Java applet, the secret key was decrypted
on a Hushmail server, making the decrypted private key available for capture.
With the secret key and your passphrase, decryption of your stored email is
trivial. That, in a nutshell, is how Tyler Stumbo, his Chinese suppliers and
his associates were all undone.
It's a bit like locking up your valuables in an apparently solid looking
safe, only later to find out that the safe was actually made of papier-mâché,
and was sliced-open with a box-cutter.
Hushmail users are essentially trading convenience for security, as Stumbo
and his associates found out much to their chagrin. If Stumbo had used
another email provider, used PGP/GPG, and took steps to conceal his IP
address, he might possibly not be serving time today for trafficking in
steroids.
As I alluded to at the beginning of this message, legal changes will be
coming down the pipe in Canada that will make it easier for law-enforcement
to get information without having to get a warrant from the courts. This was
expected to be tabled in Parliament as part of the government's massive anti-
crime omnibus bill. Thankfully, when the omnibus bill was tabled September
20th, lawful access was nowhere to be seen -- but that doesn't mean that it's
off the table, entirely. Police have been lobbying hard for this type of
power for more than 10 years now, and I don't expect the pressure from them
to let-up anytime soon.
As Hushmail is headquartered in Canada, it will be subject to such
legislation if and when it is passed. Even for non-Canadian users of Hushmail,
this will prove to be ominous, as proposed changes to MLAT may allow even
foreign police forces to get the same information as Canadian police all
without requiring a warrant, or even evidence that a crime has been committed.
> Sincerely,
> V
> God Save the Queen.
> God Bless the Prince of Wales.
> God Preserve the Windsors.
> Rule Britannia!
Baal <Baal@Usenet.org>
PGP Key: http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0x1E92C0E8
PGP Key Fingerprint: 40E4 E9BB D084 22D5 3DE9 66B8 08E3 638C 1E92 C0E8
Retired Lecturer, Encryption and Data Security, Pedo U, Usenet Campus
- --
Sed quis custodiet ipsos Custodes?" -- "Who will watch the Watchmen?"
-- Juvenal, Satires, VI, 347. circa 128 AD
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJOfjShAAoJEAjjY4weksDoI2oIAK92rxDtZolIISmQ2hWdeOxH
uzcDijhg7UDiz5EqBMDq3/MMDVadVJxKUu7S3F54RxKELmEFpV3e2XjWrWZaevjr
yeU9bdZfV/r14Y+ayV+QNUi71ZOwf+ky/Mc406Qse7nGzegbzsc00vgEQ8gs26mB
MWSTYh7vsfzKTVvSjSGkBq2vJpxjkOFSDGgH0mKn9bpTEMYb8GMINcCWStDvkOXN
8cbWSYL7t+cn/46Vy9wHNUaMUje6t5jtohid+WAjzOXrcovy0KYwUNjtmsIGClMu
izE2/XLMISLVI+HMudZE2jmpUn8EpD1pKbzj1F/uEphQsLtFJANiRJrKX51UFoc=
=GB17
-----END PGP SIGNATURE-----
|
| Follow-ups: | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 |
|