Do you use a free Web-based email service? Excite, Hotmail, Yahoo, and numerous other companies offer free Web-based email to anyone who wants an account and can adhere to their acceptable use policies. These services are useful for many reasons, but they offer little value to the average business user. However, one free mail service does offer value to businesses through its support for the encryption of email messages and attachments. That service is HushMail.
Hush Communications launched the HushMail Web-based mail service in May 1999. The service uses a standard Web browser and a Java client to encrypt email. The related encryption keys and passphrase hashes are stored on the HushMail system—nothing is stored locally on a client system—which reduces loss in the event of a system compromise. With HushMail, you can integrate relatively strong encryption for email in about 3 seconds flat—that's about how long it takes to type the HushMail URL into your Web browser! Tempting, isn't it?
HushMail currently uses the Blowfish encryption algorithm with a 1024-bit key, which is strong enough to keep most intruders at bay. All encryption operations take place on a user's local machine via the Java client so messages are encrypted before they travel through HushMail for delivery to other HushMail users. When you send mail to non-HushMail accounts, HushMail can apply a digital signature to the message so that the recipient can verify the sender's identity by checking the message against the sender's public key, which is available on the Hushmail Web site.
HushMail is pretty slick, and Blowfish is certainly a good encryption algorithm to use for protecting email. But HushMail's use of Blowfish will end soon now that Phil Zimmerman has joined the team at Hush Communications as chief cryptographer: OpenPGP will replace the Blowfish algorithm. As you know, Zimmerman, creator of the Pretty Good Privacy (PGP) algorithm, had been working with Network Associates (NAI) on the commercial PGP product line. But Zimmerman left NAI over differences. Comments printed in a Vnunet.com article cited Zimmerman as saying PGP 5 wouldn't have any backdoors because he directly supervised the code development. Zimmerman was also miffed that NAI refused to publish its PGP source code. However, the OpenPGP source code is readily available.
If you're looking for an inexpensive solution for secure email, HushMail might be just what you need. Be sure to take a look.
Before I sign off this week, I want to introduce our newest columnist, Jonathan Hassel. Jonathan has joined the Windows 2000 Magazine team to write a biweekly column for Small Office/Home Office (SOHO) users. His first column is online now, so be sure to check it out.