Branches
Releases
|
Version
|
Focus
|
Date
|
|
2.8.3
|
Minor feature enhancements |
19-Jun-2008 03:53 |
|
2.8.2
|
Major feature enhancements |
07-Jun-2008 19:57 |
|
2.7.3
|
Major feature enhancements |
26-Nov-2007 19:01 |
|
2.7.1
|
Minor feature enhancements |
02-May-2007 17:50 |
|
2.7.0
|
Major feature enhancements |
22-Jan-2007 11:15 |
|
2.6.1
|
Minor feature enhancements |
19-Jul-2006 21:26 |
|
2.6.0
|
Major feature enhancements |
06-Jun-2006 17:25 |
|
2.5.2
|
Major feature enhancements |
23-Jul-2005 06:43 |
|
2.5.1
|
Minor feature enhancements |
12-Jul-2005 08:02 |
|
2.5.0
|
Major feature enhancements |
18-May-2005 20:51 |
Comments
[»]
Great stuff about CryptoHeaven is what I found...
by Mark - Mar 21st 2002 15:48:46
I have already posted my comment in other places, and I'll copy them here
as people may be interested:
Looking at the CryptoHeaven
source code (downloadable at the CH web site ) I
can confirm that all of the messages and files stored on the server are in
an encrypted form. Too bad the server code is not available, but noone
wants to work for free so I can understand that...
Basically the administrators of the system have no way of knowing what is
being stored on the servers because all root keys in the encryption chains
end up on customer's PCs (always encrypted) or stored encrypted with
customer's own passphrases which never leave their computers, nor are
stored anywhere. As far as I can tell, this is a major difference between
CryptoHeaven and most other online storage providers which only make the
connectivity SSL secure, but not the data residing on the servers to which
sys admins have access to.
The system looks to be one of a few which really delivers the level of
security it claims leaving little unsaid. Although it seems possible to
privately implement additional algorithms like ECC and use it to
communicate with your buddies (because the code is freely available), the
copyright forbids it, and there are good reasons for that too. What I
would like to see is integration with PGP so that we can start sending and
receiving secure mail with an already established PGP user base.
I have read somewhere that symmetric key length and hash length used are
not equivalent in their cryptographic strength. This claim is irrelevant
as the hash seems to be used "for display purpose only" and not in the
security protocols. I have yet to see a non-encrypted hash of anything on
the system, so this looks good too.
Interesting is that they cannot reset your password in case you loose it.
My explanation for this is because your private key (if stored on the
server) is encrypted with the hash of your password, so you must have your
original password to be able to decrypt your private key. If they were to
reset it, your private key would have to be re-crypted with the hash of
your new password, but to do that you still need the old password to
decrypt it in the first place. Cleaver.
Passwords are often the weakest links in security and to rectify that, YOU
CAN STORE YOUR PRIVATE KEY LOCALLY (always encrypted). This is something
that is not possible with systems like Hushmail and many others.
Perhaps ability to sign other's keys and revoke signatures would create
additional web of trust, but, oh well, you can't have everything.
The functionality is great; someone wrote they are putting 'all the eggs
in one basket', however it may be an attempt to do just that, there is
still long way to go. Never less, it is a very usable and user-friendly
product which is much more than just online storage!
[reply]
[top]
[»]
more functionalities than PGP
by andy - Feb 12th 2002 13:17:14
yeah,
file sharing, chatting just to name two great features other than secure
email. I personally like it a lot, and would recommend it!
They offer pretty cheap premium accounts. $2.4 per month - that's peanuts
[reply]
[top]
[»]
Re: more functionalities than PGP
by David Collantes - Mar 14th 2002 21:17:12
> yeah,
> file sharing, chatting just to name
> two great features other than secure
> email. I personally like it a lot, and
> would recommend it!
It is just a service, can live without it. What about opening the code for
the backend? Now that's recommendable!
Cheers,
--
UM
[reply]
[top]
|
