Encrypted Web Pages?
Martin Fick
mogulguy at yahoo.com
Mon Dec 17 19:57:26 UTC 2007
--- Martin Fick <mogulguy at yahoo.com> wrote:
> --- Michael Holstein <michael.holstein at csuohio.edu>
> wrote:
> >
> > My thought on Java was to be able to
> > automate the key scheme within the
> > browser, versus requiring them download
> > a .gz.gpg file and decrypt it on their
> > own. A (sort-of) working example of
> > this is how HushMail does it (using
> > Java to code the PGP stuff).
>
> Forgive me for not understanding, but
> what prevents HushMail from decoding
> the messages?
Ah, from HushMail themselves:
https://www.hushmail.com/hushmail/showHelpFile.php?file=compatibility/java/index.html
"Attacker controls webserver while
you are accessing your email
With Java:
Not protected, but evidence of the
attack will remain on your computer
Without Java:
Not protected, no evidence of attack
on your computer"
Seems pretty untrustworthy to me. There
is a hidden messaging/mail service in
torland which should be more trustworthy
than HushMail, but, of course, I don't
think that it is integrated with the
browser like I would like.
-Martin
____________________________________________________________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
More information about the tor-talk
mailing list