CryptoHeaven Announces New Version 2.0 for Mac OS X

[Marcin]

CryptoHeaven Announces New Version 2.0 <br>
======================================
<p>
<a href="http://www.cryptoheaven.com">CryptoHeaven</a> software v2.0 is available for immediate download from the website. The new software can be installed directly over the previous version. Download the software from:
<a href="http://www.cryptoheaven.com/Download/Download.htm">http://www.cryptoheaven.com/Download/Download.htm</a>
<p>
Existing CryptoHeaven users running Windows can download the minimum update: <a href="http://www.cryptoheaven.com/Download/Files/CryptoHeaven-Setup-min.exe">http://www.cryptoheaven.com/Download/Files/CryptoHeaven-Setup-min.exe</a>
<p>
New Features
<ul>
<li> 1) Support for external email. You now get your own CryptoHeaven email address.
<li> 2) Improved user interface. The new version is now much more user friendly and includes guiding templates.
<li> 3) Numerous usability enhancements.
<li> 4) Instant Messaging enhancements including improved user interaction.
<li> 5) Improved connectivity. The software is now more resistant to poor internet connectivity.
<li> 6) Many other smaller changes and updates.
</ul>

<p>
CryptoHeaven Secure Online Services - Benefits for Business Customers <br>
===============
<p>
CryptoHeaven is particularly well suited for businesses sending sensitive documents between corporate offices or between business partners. All your messages and documents can be accessed securely from any computer connected to the Internet like your home and office PC. Consider using CryptoHeaven for sending all your important documents and save a lot of time and money.
<p>
Use CryptoHeaven technology to replace overnight deliveries or registered mail. There is no longer an excuse for late and expensive deliveries. It only takes a minute to send your document, and it can be received right away - even around the globe.
<p>
It is absurd to go through the expense and time cost of copying inherently digital material to a physical media and delivering it through a courier or mail. CryptoHeaven knows that, and so do you. CryptoHeaven technology offers you peace of mind, consider the following:
<ul>
<li> a) Automatic end-to-end 256-bit encryption.
<li> b) Secure transmission of files of any size or type to a single user or group of users.
<li> c) Secure e-mail with unlimited size attachments.
<li> d) Automatic recipient notification.
</ul>
<p>
CryptoHeaven is not just a very secure e-mail for sensitive document delivery. Use CryptoHeaven for all your important communications. All CryptoHeaven clients have access to the following services from an easy to use interface:
<ul>
<li> a) Secure file sharing.
<li> b) Secure online storage.
<li> c) Secure instant messaging.
</ul>
<p>
Everyone knows the benefits of e-mail for sending casual messages. CryptoHeaven allows you to extend that convenience to sending sensitive business correspondence knowing it will not be intercepted - ever!
<p>
Now you have the power to send any electronic document via CryptoHeaven to anyone, no matter what the content. You no longer have to worry about your messages ending up in your competitor's, news reporter's, government's or anyone else's hands.
<p>
For more information, visit us at <a href="http://www.cryptoheaven.com">http://www.cryptoheaven.com</a>

 

[symphonix]

Well, at least the source code is open. If you are willing to compile it from source, and browse through the code, you can be confident that there are no back-doors.

Their claims that there are no "third party key servers" are, on closer inspection, untrue since CryptoHeaven actually maintain the network for disseminating public keys, and they are a third party.

For me, I'll be sticking with GnuPG. With the right extensions (GPGMail, GPGKeys, and GPGPrefs) I can integrate it neatly into Apple Mail, and I am confident in the system. As for instant messaging, I'll just wait and see ...

 

[Marcin]

"Third party key servers" what you refer would actually be other than yourself and CryptoHeaven so the claim here is correct; there is no one else storing the keys.

Another issue to look at is that all users can store their private key on their local computers, if they choose to do so. This greatly improves the security as no brute force attack against your passphrase can be launched.

Marcin.

 

[symphonix]

Okay, how is CryptoHeaven NOT a third party? There is the person sending an encrypted document, the person recieving it, and CryptoHeaven. One, two, three.

If I use the .pgp.net network, thats a third party. So is CryptoHeaven, they're just using a linguistic technicality to try and impress people who have little understanding of public-key encryption. It is a marketing catch-phrase that has no real meaning.

And as for keeping your private key private, well, that's pretty much the point. That is why its called a private key. You keep it to yourself, keep it backed up, and make sure you have a tough passphrase (mine is 17 characters long) just in case someone gets their hands on it.

If you take the time to read up on public-key crytography, you'll realise that this is a commercialised, polished-up version of well established technologies, and an attempt to hijack an open format and replace it with a proprietary one. Its like the browser wars all over again!

GnuPG integrates neatly with Apple Mail and Entourage, and uses an established format (PGP), as well as plugins for other cryptos (some are more secure than others). CryptoHeaven has some interesting features, but I'll wait for them to prove themselves before I hand my security over to them.

 

[Marcin]

We seemed to misunderstand each other. In your described scenario, you are completely right, however... You were thinking about a traditional scenario of sending a document to another person through a transport layer, where I was thinking of sending documents into an online repository for secure storage. In the scenario of sending a document to another person using CryptoHeaven, it is being delivered to their CryptoHeaven account to be picked up at recipient's convenience from anywhere through the Internet.

CryptoHeaven offers many features that have to do with persistent storage, not just a transport platform between two parties. In that way CryptoHeaven and its user can be the only two parties... For example, one can use it alone to upload files from home and access them at work and vice versa.

Totally agreed that private key is by definition private. A feature of the service is the ability to store files online and access them from anywhere through the internet. For that users need their private key with them wherever they go. CryptoHeaven allows them to store their private key (always encrypted with their passphrase, no matter where it’s stored) on the server and pass a unique passphrase hash challenge to retrieve it and decrypt the key using their passphrase. Having decrypted their private key, a session can be established. For this to be 'secure', a long and difficult passphrase is necessary. Some people only need mild security, others strong and choose a difficult passphrase, but this is the choice of the individuals according to their need. People in need of the highest security store their encrypted private key locally and carry it around on a flash rom or similar peripherals.

I didn't mean to hide my involvement with CryptoHeaven, and you might have thought I was unrelated. We here, at CryptoHeaven, make no attempt to hijack an open format and replace it with a proprietary one. Thus far, there is no standard for accessing secure storage with ability to securely share folders, or for secure instant messengers with customizable persistent logs, so we created our own.

Thanks for stopping by, maybe give CryptoHeaven a go and give us some constructive criticism; we are always looking for things to improve.

Marcin

 

[symphonix]

Arhh, so CryptoHeaven is a 2nd party then.

Oops. Usually after two parties I have a little trouble paying attention to details.

And, to be perfectly honest, my initial impressions of CryptoHeaven are based on the web site, which seems to have quite a lot of advertising on it. Okay, so you have to make money somehow, and you are providing a free service, but it immediately screamed "commercial" at me. Much like Netscape vs. Mozilla - the technology is identical, but Netscape make a large profit from their web-services which they tie into the browser. Does that make Netscape better or worse than its open-source counterpart? Not really.

It does seem, on review, to be a unique solution to the problem of secure storage of data. I was looking at it from the angle of simply sending a secure document from A to B. There are plenty of secure options out there, in established formats such as PGP, RSA and SSH, but nobody has actually set up an easy-to-use, easy-to-understand system like this yet.