The reason behind why your Elite mail is still safe

mvmaxx

mvmaxx

New member
Ok, since this whole Elite thing seems to be spinning out of control I'd like to try to squash one rumor. Now before I get into this I will say that I have experience with security and PKI technology but I am not the end all knowledge on security so I welcome any and all rebuttals to this. I'd like to debate this so we get to the bottom of it.

Your elite e-mail is not compromised. The Elite staff does not have access to it even if they wanted to.

Why not? Read on if you want to be bored by the technical details. :D

Because of the technology that Hush uses. Hush uses their own proprietary Hush encryption engine, which utilizes Public Key Infrastructure (PKI). This is used in the Elitefitness.com accts as well as hush.com, hushmail.com and cyber-rights.net.

The way this works is you first download a private key when signing up with Hush. You then create your passphrase and combined they create an encrypted private key which is stored on the Hush global servers. You will use this key along with your passphrase to decrypt messages. You use the recipients' public key to "encrypt" messages.

Now let's say that the Elite staff or Hush staff has access to both your private and public keys. They can't decode any messages or log on to your account as the private key is encrypted and needs the passphrase to decrypt it before it can be used.

So it doesn't really matter if they have access to the PGP keys or not. They can only access your account if they have your passphrase.

AHHHH BUT HERE'S THE CAVEAT If you use the same passphrase for your Elitefitness.com login that you do for your elitefitness.com e-mail account then yes they could access it as they have access to the password you use when you login to the Elite "board."

So as long as your passwords are different from your e-mail to the site login you should be fine.
 
So far I've had three people present arguments.

One person said that Elite has access to your PGP keys (public and private).

My response is it doesn't matter as the private key is useless unless decrypted via the passphrase.

Another mod said that a source had his e-mail acct "hacked" by the feds shortly before getting busted.

My response to this is the feds can get your IP off of Elite w/o a problem. If you don't use a proxy then they can grab your IP and hack into your "computer" (note: not your e-mail acct). Then once they get access to your computer they can install a trojan or keylogger and grab your passphrase when you go to enter it.
 
I dont know about all of this, but Elite owns all of the accounts NOT hush, they just use the hush technology. WHen this went down, my person email had its passphrase changed. My account was not delete, but my passphrase was changed. With that, emails could be read, correct? Not that I care, I am not involved in anything.
 
kronk said:
I dont know about all of this, but Elite owns all of the accounts NOT hush, they just use the hush technology. WHen this went down, my person email had its passphrase changed. My account was not delete, but my passphrase was changed. With that, emails could be read, correct? Not that I care, I am not involved in anything.
Click to expand...


I realize that Elite owns the accounts and even if they store the public keys on their own servers, which I don't believe is happening, then they would still need your passphrase to access your e-mail or decrypt your messages.

If your passphrase had changed then maybe you used that password somewhere else such as your Elite login at one point or somebody compromised your own computer.

I'm just saying from a technical standpoint I really don't see how anyone at Elite could access your account.
 
mvmaxx said:
I realize that Elite owns the accounts and even if they store the public keys on their own servers, which I don't believe is happening, then they would still need your passphrase to access your e-mail or decrypt your messages.

If your passphrase had changed then maybe you used that password somewhere else such as your Elite login at one point or somebody compromised your own computer.

I'm just saying from a technical standpoint I really don't see how anyone at Elite could access your account.
Click to expand...

Actually they can change your password, like mine was changed. If they have your password they can read your emails. I am not implying anything here, but there is much more to this than meets the eye I think. My password was changed by Elite themselves.
 
If it is on thier servers, THEY CAN GET IT. PERIOD. They can replace your pass phrase and then logn as "you".

If they dont have direct access to the mail server, then it MAY be safe.

Chem
 
mvmaxx said:


AHHHH BUT HERE'S THE CAVEAT If you use the same passphrase for your Elitefitness.com login that you do for your elitefitness.com e-mail account then yes they could access it as they have access to the password you use when you login to the Elite "board."

So as long as your passwords are different from your e-mail to the site login you should be fine.
Click to expand...

Owners/Admins cannot see a members password on vbulletin operated sites like Steroidology, Elite, etc...

If I was to go to my Admin section here and look at your profile, for the "Password" field it would just be blank.
 
kronk said:
My password was changed by Elite themselves.
Click to expand...

That is very disturbing. Im not jumping on sides here but there have been several instances that I know of where people have told me that when they went into their EliteFitness mail, there were messages that showed up as already read and the individual had not read it yet.
 
BiggieSwolls said:
That is very disturbing. Im not jumping on sides here but there have been several instances that I know of where people have told me that when they went into their EliteFitness mail, there were messages that showed up as already read and the individual had not read it yet.
Click to expand...


That is a glitch with all hush systems. It has nothing to do with anyone hacking into accounts.
 
kronk said:
Actually they can change your password, like mine was changed. If they have your password they can read your emails. I am not implying anything here, but there is much more to this than meets the eye I think. My password was changed by Elite themselves.
Click to expand...


How do they change your password if they don't know the original to access your e-mail acct?

I can tell you why yours was compromised. It's because you probably checked it from one of Elite's computers when you were acting as an admin. I'm sure those computers all have keystroke loggers on them.
 
mvmaxx said:
Ok, since this whole Elite thing seems to be spinning out of control I'd like to try to squash one rumor. Now before I get into this I will say that I have experience with security and PKI technology but I am not the end all knowledge on security so I welcome any and all rebuttals to this. I'd like to debate this so we get to the bottom of it.

Your elite e-mail is not compromised. The Elite staff does not have access to it even if they wanted to.

Why not? Read on if you want to be bored by the technical details. :D

Because of the technology that Hush uses. Hush uses their own proprietary Hush encryption engine, which utilizes Public Key Infrastructure (PKI). This is used in the Elitefitness.com accts as well as hush.com, hushmail.com and cyber-rights.net.

The way this works is you first download a private key when signing up with Hush. You then create your passphrase and combined they create an encrypted private key which is stored on the Hush global servers. You will use this key along with your passphrase to decrypt messages. You use the recipients' public key to "encrypt" messages.

Now let's say that the Elite staff or Hush staff has access to both your private and public keys. They can't decode any messages or log on to your account as the private key is encrypted and needs the passphrase to decrypt it before it can be used.

So it doesn't really matter if they have access to the PGP keys or not. They can only access your account if they have your passphrase.

AHHHH BUT HERE'S THE CAVEAT If you use the same passphrase for your Elitefitness.com login that you do for your elitefitness.com e-mail account then yes they could access it as they have access to the password you use when you login to the Elite "board."

So as long as your passwords are different from your e-mail to the site login you should be fine.
Click to expand...

You computer nerd. I need to buy you some nerd glasses for you to wear to work with your nerd co-workers.
 
chemripped said:
If it is on thier servers, THEY CAN GET IT. PERIOD. They can replace your pass phrase and then logn as "you".

If they dont have direct access to the mail server, then it MAY be safe.

Chem
Click to expand...

They use the HUSH e-mail system.

When you log in to the elite mail, it opens a frame set that connects you (securely) to hush's servers.

Cyber-rights.net is the same way.

However, there are a couple of e-mails that are hosted by elite themselves and do NOT go through the hush servers.

If I recall, GS's e-mail addy is one and probably most of the admin's of the board (along with the support e-mail).

I would say that elite's encrypted mail is still safe, but there are several alternatives to it, so why risk it.
 
Last edited:
XBiker said:
They use the HUSH e-mail system.

When you log in to the elite mail, it opens a frame set that connects you (securely) to hush's servers.

Cyber-rights.net is the same way.

However, there are a couple of e-mails that are hosted by elite themselves and do NOT go through the hush servers.

If I recall, GS's e-mail addy is one and probably most of the admin's of the board (along with the support e-mail).

I would say that elite's encrypted mail is still safe, but there are several alternatives to it, so why risk it.
Click to expand...


Now this would make sense. If George set up Elite accounts for the mods and they resided on a local server (non Hush) then yes they would have access to it. You'll notice when you login with Elite, Cyber or Hush they redirect you to (https://mailserver1.hushmail.com/hushmail/hushmail.php). If that wasn't happening with the mod accounts then it most likely was being hosted by Elite themselves.
 
BiggieSwolls said:
That is very disturbing. Im not jumping on sides here but there have been several instances that I know of where people have told me that when they went into their EliteFitness mail, there were messages that showed up as already read and the individual had not read it yet.
Click to expand...

Happend to me when I was a mod too.

very very not good
 
mvmaxx said:
Now this would make sense. If George set up Elite accounts for the mods and they resided on a local server (non Hush) then yes they would have access to it. You'll notice when you login with Elite, Cyber or Hush they redirect you to (https://mailserver1.hushmail.com/hushmail/hushmail.php). If that wasn't happening with the mod accounts then it most likely was being hosted by Elite themselves.
Click to expand...

I was being a little more specific to the ADMIN's e-mail and the suport folk as well as GS himself.

I sent an e-mail to the support via my elite encrypted account and it wouldn't encrypt the message.

This told me that there were no keys to de-encrypt on the other end when the e-mail was received. Those of you that know IT and encryption know that the keys work in pairs (on both ends).

As for the MODS on the board, the ones I correspond with normally have the end to end encryption, so the addy is hosted on the hush servers and the encryption is working.

Only the internal admins of elite would know what addy's are hosted via the elite system and NOT on the hush system. However, the lack of end to end encryption (when sending to a NON-encrypted addy) would be a good way to tell.
 
StoneColdNTO said:
So you are saying that Cyber-Rights does not control my e-mail passwords and such. I have a hard time believing that........
Click to expand...

E-mail them and tell them you have lost it.

They'll tell you tough titty.

The key pair is pretty tight and the encrypting/decrypting is dependent on the passphrase.

The encryption itself is based on algorithms that are generated when you open your account.

While the FEDS have broken most encryption, it's still very difficult to do on the fly. If they capture an encrypted stream and can save it, then they have a much better chance of letting the pointy headed guys run their magic on it.
 
Re: Re: The reason behind why your Elite mail is still safe

BiggieSwolls said:
Owners/Admins cannot see a members password on vbulletin operated sites like Steroidology, Elite, etc...

If I was to go to my Admin section here and look at your profile, for the "Password" field it would just be blank.
Click to expand...

It's the same as at Steroidsupport. I can back Biggie up on that one.
 
StoneColdNTO said:
So you are saying that Cyber-Rights does not control my e-mail passwords and such. I have a hard time believing that........
Click to expand...


No one "controls" your e-mail passwords but yourself. That's the point I'm trying to get across. Your passphrase that you use to login to your cyber-rights acct does not exist ANYWHERE. It's in your head. The public and private keys are stored on the "Hush" servers, whether you use cyber, elite, hush or hushmail. When you enter your passphrase it decrypts your private key and gives you access to your messages.

Therefore, your e-mail cannot be accessed or "hacked into" unless someone knows your passphrase. Even if I was a Security Engineer at Hush themselves I wouldn't be able to access it. As XBiker said, if you forget your password there is no reset button, you're screwed.
 
XBiker said:
I was being a little more specific to the ADMIN's e-mail and the suport folk as well as GS himself.

I sent an e-mail to the support via my elite encrypted account and it wouldn't encrypt the message.

This told me that there were no keys to de-encrypt on the other end when the e-mail was received. Those of you that know IT and encryption know that the keys work in pairs (on both ends).

As for the MODS on the board, the ones I correspond with normally have the end to end encryption, so the addy is hosted on the hush servers and the encryption is working.

Only the internal admins of elite would know what addy's are hosted via the elite system and NOT on the hush system. However, the lack of end to end encryption (when sending to a NON-encrypted addy) would be a good way to tell.
Click to expand...


That's an excellent way to tell. I can't say I ever sent an e-mail to EF Sam or George so I couldn't say one way or another. But if you sent an e-mail and it wouldn't encrypt then you're correct, it's because you didn't have access to the recipients public key to encrypt the message. Therefore it wasn't residing on a hush server.
 
You must log in or register to reply here.

Similar threads

needlover6
Enjoy your weekend with some of the female escorts in Jaipur
Replies
0
Views
1K
needlover6
needlover6
Andre-Myogen
The Anabolic Revolution is now on Social Media
Replies
2
Views
875
Andre-Myogen
Andre-Myogen
L
Hit me with your best advice. What caused the biggest change for you?
Replies
16
Views
756
LateStart
L
Andre-Myogen
MyoGen - The Anabolic Revolution Is Here
Replies
15
Views
2K
scorob777
scorob777
L
Issues Using The Steroid Profile
Replies
2
Views
607
longfeathers
L
Back
Top