1. How many servers does my mail go through as it crosses the Internet?
2. What role does Java™ play in the Encrypted-Mail solution?
3. What is Open PGP and how is it involved in the Encrypted-Mail solution?
4. What is AES, and how is it involved in the Encrypted-Mail solution?
5. How can it be proved that the encryption used by Encrypted-Mail is actually secure?
6. How can I be sure the applet I run is really Encrypted-Mail's?
7. Does Encrypted-Mail have access to my private keys?
8. When I set up an address, do I need to send my public key to my messaging partner?
9. Since the encryption is done on my local machine, why can't I keep the private key on my computer?
10. My browser says I have an expired Thawte certificate. How do I renew it?
11. Is there any way the recipient of a Encrypted-Mail message knows the IP number I am sending from?
12. Does Encrypted-Mail track IP addresses of visitors and address holders?
13. Do you keep logs of IP addresses of people logging in?
14. Will there ever be a non-Java™ version of Encrypted-Mail?
15. I can't ping or traceroute to the Encrypted-Mail servers; Does this mean there is a problem?
16. Can Encrypted-Mail protect against keystroke recording?

To see the pathway of your sent email, open an MS-DOS client while connected to the Internet and type:

tracert computer.name[ENTER]

"computer.name" represents the address that appears after the "@" symbol of the address being sent a message. A list of every machine the message is routed through will appear. Each of these machines and every machine on the same local network of any of the machines listed have access to the message. If a network has hundreds of machines on it, the message is that much more susceptible or vulnerable to unauthorized review or storage. Ultimately, this exercise displays the number of routers involved in transporting a message from a Encrypted-Mail user's computer to the Encrypted-Mail servers.

Java™ allows Web-browsers to download and run small applications, known as "applets", on the fly. Encrypted-Mail messages are encrypted on the client machine, within the Java™ applet. Messages do not have to travel to a remote server before they are encrypted. The Java™ applet is loaded directly into the browser to encrypt the email before it's sent. Email must be sent and received to and from Encrypted-Mail addresses to fully utilize the security of this applet-based cryptosystem.

Open PGPis a protocol for encrypting email using public key cryptography. It is based on PGP as originally developed by Phil Zimmermann. The Open PGP protocol defines standard formats for encrypted messages, signatures, private keys, and certificates for exchanging public keys. Over the past decade, PGP, and later Open PGP, has become the standard for nearly all of the world's encrypted email. By becoming an IETF standard (RFC 2440), Open PGP may be implemented by any company without payment of any licensing fees. Encrypted-Mail version 2.x is Open PGP compliant. This compliance with the Open PGP standard makes Encrypted-Mail accessible to more email users than ever before, thus ensuring that it continues to be the #1 choice in secure email systems.

Encrypted-Mail uses industry standard algorithms as specified by the Open PGP standard (RFC2240) to ensure the security, privacy and authenticity of your email. AES (Advanced Encryption Standard) is a type of 128-bit symmetric block cipher. When combined mathematically with a Encrypted-Mail passphrase, the AES algorithm encrypts the private keys of Encrypted-Mail users. This occurs before the key is stored on Encrypted-Mail's very secure key server. The only thing that can decrypt the private key is a Encrypted-Mail passphrase combined with the AES algorithm.

Encrypted-Mail is proud of its reputation for security and has had a lot of positive feedback from industry, experts and users. The Java source code for the HushEncrytionEngine™ is available to everyone, free of charge. Security experts and computer enthusiasts worldwide have the unrestricted ability to test the strength of the Encrypted-Mail cryptographic system. The source code can be reviewed and downloaded from our downloads page.

The Encrypted-Mail applet is digitally signed with a certificate owned by Hush Communications. The first time you log into your account, your Web browser will ask you to accept the certificate. If the certificate says, "Hush Communications" you can be sure the applet comes from Encrypted-Mail.

Encrypted-Mail never actually possesses the private keys of any of its users. Private keys are created on the local machines of Encrypted-Mail users when they create their accounts, and are symmetrically encrypted with individual Encrypted-Mail user passphrases. Then, the encrypted private keys are sent to the Encrypted-Mail server and are stored there.

In storage, your private keys are indexed by a one-way hash of the username and passphrase in such a way that they cannot be identified by anyone who does not know the passphrase. So not only are your private keys encrypted in storage, they are also stored anonymously. Anyone trying to steal your private keys from our servers would have to crack the passphrase on every single private key until they found yours. This would be vastly more difficult than just trying to crack one passphrase.

When a Encrypted-Mail user logs on to Encrypted-Mail and enters their passphrase, the passphrase is used to make the one-way hash needed to look up the private key. The private key is then downloaded into the browser, and decrypted using the passphrase.

No. Both the public and private keys are kept on the secure Encrypted-Mail servers. Encrypted-Mail users' private keys are encrypted by their Encrypted-Mail passphrase before they're stored. Public keys are retrieved automatically by the applet when Encrypted-Mail users want to send messages.

If the private key were to be stored on a local machine, it would not be possible to use Encrypted-Mail from any other client machine. One of the key features of Web-based email is the ability of Web-based email users to access their mail from anywhere in the world.

Some Encrypted-Mail users have older browsers and, when the certificates they contain expire, users must follow the procedure to renew the certificates. To install a new Thawte™ Certificate onto a Web browser.

For Netscape™:

1. In some cases, if you are using Netscape™, you must remove your old certificate before installing the new, up-to-date certificate. To do this:
2. Go to Communicator -> Tools -> Security Info.
3. Click on "signers" under "certificates".
4. Select "Thawte Server CA".
5. Click delete.
6. Access http://www.thawte.com/serverbasic.crt
7. Continue through the installation dialog.
8. For the name of the certificate, enter "Thawte Server CA".

For Microsoft's Internet Explorer™:

1. Access http://www.thawte.com/serverbasic.crt
2. When prompted, choose to open the file from its current location.
3. When the certificate information box appears, choose to "install" the certificate.
4. For the name of the certificate, enter "Thawte Server CA".

No.

Encrypted-Mail.com does log IP addresses to analyze market trends and gather broad demographic information for aggregate use. However, Encrypted-Mail.com will never log your IP address in such a way that it can be associated with your Encrypted-Mail email address or identity. The procedure does NOT affect the anonymity of the user at any stage.

Encrypted-Mail.com does log IP addresses to analyze market trends and gather broad demographic information for aggregate use. However, Encrypted-Mail.com will never log your IP address in such a way that it can be associated with your Encrypted-Mail email address or identity. The procedure does NOT affect the anonymity of the user at any stage.

Not yet. However, Encrypted-Mail is currently developing a variety of online communications products.

Ping and Traceroute are network diagnostic tools that enable system administrators to determine the availability and network routing to hosts across the Internet. These tools can also be used maliciously, to disrupt the normal functions of hosts and networks, and therefore are not appropriate for use on Encrypted-Mail servers. Attempts to reach the Encrypted-Mail network using ping or traceroute will fail, but this is normal and does not indicate any disruption in service.

Encrypted-Mail cannot protect the user against this kind of security threat as our system is designed to ensure secure transmission of data between computers only. If a Encrypted-Mail user's private computer has been compromised or if they are accessing their Encrypted-Mail account from the workplace where keystroke recording software is installed, their Encrypted-Mail passphrase may be accessed by a third party.

To combat keystroke recording software, we suggest you:

• Change your Encrypted-Mail passphrase regularly
• Choose a secure passphrase
• Update your virus checking software regularly
• Send sensitive communications through your private/home computer