On Sat, 17 Aug 2013 12:30:40 +0300 ianG <i...@iang.org> wrote: > This was always known as the weakness of the model. The operator > could simply replace the applet that was downloaded in every instance > with one that had other more nefarious capabilities. There were > thoughts and discussions about how to avoid that, but a simple, mass > market solution was never found to my knowledge [0] which rendered > the discussions moot. > > I don't think the company ever sought to hide that vulnerability. > > Also, that vulnerability was rather esoteric as it required quite > serious levels of cooperation. So the bar was still high.
I am not sure I see how serious levels of cooperation would be required. Adding a backdoor to the Java applet that forwards a passphrase or secret key to Hushmail does not sound terribly hard to do (it sounds like less than 10 lines of code). It sounds like something that would almost certainly be done if the company ever decided to build a "lawful interception" system. -- Ben -- Benjamin R Kreuter UVA Computer Science brk...@virginia.edu KK4FJZ -- "If large numbers of people are interested in freedom of speech, there will be freedom of speech, even if the law forbids it; if public opinion is sluggish, inconvenient minorities will be persecuted, even if laws exist to protect them." - George Orwell
signature.asc
Description: PGP signature
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
