![]() After entering the login information, the user can create an email address using one of the provided mail servers. There are several types of accounts and each one of them offers a limited amount of space for storing messages and files. The program supports any version of the Windows operating system, including XP and Windows 7.Īfter having installed CryptoHeaven, running it for the first time will require the user to enter a username and a password or create a new account in case he hasn't one yet. ![]() If Java Runtime Environment is not installed, the CryptoHeaven installation process will do that automatically. The software is not difficult to install and requires little intervention from the user. All the sent and received messages using this service will be automatically encrypted using a strong unbreakable algorithm. This is basically an email client that allows you to connect to the CryptoHeaven website using a username and password and choose a preferred email address. A good idea would be using a third party email provider that offers encryption, allowing you to send safe emails. The solution would be using an encryption system for sending emails but, unfortunately, most email providers don't offer this, even in the paid version. That's because the number of hackers is rising more and more and the methods of hacking email accounts are becoming more and more advanced. The functionality is great someone wrote they are putting 'all the eggs in one basket', however it may be an attempt to do just that, there is still long way to go.Having an email address is not as secure as you think, despite the popularity of this service. Perhaps ability to sign other's keys and revoke signatures would create additional web of trust, but, oh well, you can't have everything. This is something that is not possible with systems like Hushmail and many others. Passwords are often the weakest links in security and to rectify that, YOU CAN STORE YOUR PRIVATE KEY LOCALLY (always encrypted). If they were to reset it, your private key would have to be re-crypted with the hash of your new password, but to do that you still need the old password to decrypt it in the first place. My explanation for this is because your private key (if stored on the server) is encrypted with the hash of your password, so you must have your original password to be able to decrypt your private key. Interesting is that they cannot reset your password in case you loose it. I have yet to see a non-encrypted hash of anything on the system, so this looks good too. This claim is irrelevant as the hash seems to be used "for display purpose only" and not in the security protocols. I have read somewhere that symmetric key length and hash length used are not equivalent in their cryptographic strength. What I would like to see is integration with PGP so that we can start sending and receiving secure mail with an already established PGP user base. Although it seems possible to privately implement additional algorithms like ECC and use it to communicate with your buddies (because the code is freely available), the copyright forbids it, and there are good reasons for that too. The system looks to be one of a few which really delivers the level of security it claims leaving little unsaid. As far as I can tell, this is a major difference between CryptoHeaven and most other online storage providers which only make the connectivity SSL secure, but not the data residing on the servers to which sys admins have access to. Too bad the server code is not available, but noone wants to work for free so I can understand that.īasically the administrators of the system have no way of knowing what is being stored on the servers because all root keys in the encryption chains end up on customer's PCs (always encrypted) or stored encrypted with customer's own passphrases which never leave their computers, nor are stored anywhere. Looking at the CryptoHeaven source code (downloadable at the CH web site ) I can confirm that all of the messages and files stored on the server are in an encrypted form. I have already posted my comment in other places, and I'll copy them here as people may be interested:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |