Encryption aims to hush e-mail hackers

In a partnership agreement with Hush Communications, local IT security firm NetSmart will now distribute the Irish-based company's HushMail Private Label encryption product.

With the exception of some "miraculous mathematical breakthrough", NetSmart director Phillip Ridley said the 1024-bit encryption is unbreakable using current technology.

He describes e-mail communications as "notoriously unsafe" because each message sent leaves a copy of itself on the server at each end. These servers are a security hole for hackers, with encryption the most secure solution, he said.

"That way, even if someone intercepts your e-mail, they can't read it because they don't have the key to cracking the code," Ridley said.

"The bad news is that if the key is stored on a Web server it's still vulnerable.

"Our system uses two keys, one for encrypting messages and one for decrypting messages."

The decryption key is protected by a secret passphrase known by the user so it's not left vulnerable on the servers.

The passphrase unlocks messages including attachments such as graphic and audio files and can be set up an afternoon, Ridley said.

Storage of the private key is on a Hush key-server network allowing the user roaming access to the key and associated public key infrastructure (PKI) functions.

Because users authenticate themselves to the system via a password with a 'secure hash' process Ridley said there is no need for the "expensive, time-consuming process of using digital certificates".

"This product is different to traditional PKI offerings because it removes the complexity and usability problems usually associated with this technology," he said.

"PKI has been around for more than 20 years but it is only now with the explosive growth of e-commerce that its use has become critical for electronic transactions."

Ridley said other PKI products handle private keys in two ways.

"The end user either keeps the key on their computer or floppy disk which is secure but infuriating when the keys get lost in hard drive crashes or other failures," he said.

"Another common method is keeping the private key on the server but it doesn't measure up as a reliable security solution.

"We allow users to generate their private key on their computer first and encrypt it with a passphrase which never leaves the user's computer."

The product is Java-based and can be used with Windows 95/98/NT/2000, Linux, and any operating system that can support a Java-enabled browser.

Join the newsletter!

Error: Please check your email address.

More about Hush CommunicationsNetSmart

Show Comments

Market Place