Projects / CryptoHeaven

CryptoHeaven

CryptoHeaven offers secure email and online file sharing/storage. Its main features are secure and highly encrypted services such as group collaboration, file sharing, email, online storage, and instant messaging. It integrates multi-user based security into email, instant messaging, and file storage and sharing in one unique package. It provides real time communication for text and data transfers in a multi-user secure environment. The security and usability of CryptoHeaven is well-balanced; even the no-so-technically oriented computer users can enjoy this crypto product with very high level of encryption.

Tags
Licenses
Operating Systems
Implementation

RSS Recent releases

Release Notes: Addition of recipient's 'Read' timestamp to chat messages. Fixes access trace of messages/files to reliably show all records.

Release Notes: An enhanced secure random number generator that incorporates sha256 secure hashing for creating symmetric keys. Simplifies sending to regular email addresses. Better copy and paste support in table views. Fixes flickering while performing drag and drop. Fixes a bug in the choosing of file attachments. Better support for clicks on encoded URLs, and support for new manifest permissions attributes.

Release Notes: This is a maintenance release focusing on stability and performance.

Release Notes: This is a maintenance release focusing on stability and encrypted file transfer performance.

Release Notes: This release improved stability on intermittent connections and cellular networks. The chat window received cosmetic changes. Occasional issues with downloading files created on Mac OS X into Windows were fixed. Some repetitive online/offline notifications were cleaned up.

RSS Recent comments

24 Dec 2010 14:38 JoshLo Thumbs up

Thanks for this great app, I started using it for personal secure email but ended up setting up a group business account for work. We are very satisfied with CryptoHeaven!

Josh.

21 Mar 2002 15:48 marklan Thumbs up

Great stuff about CryptoHeaven is what I found...
I have already posted my comment in other places, and I'll copy them here as people may be interested:

Looking at the CryptoHeaven source (www.cryptoheaven.com/D...) code (downloadable at the CH web site ( www.cryptoheaven.com/D...) ) I can confirm that all of the messages and files stored on the server are in an encrypted form. Too bad the server code is not available, but noone wants to work for free so I can understand that...

Basically the administrators of the system have no way of knowing what is being stored on the servers because all root keys in the encryption chains end up on customer's PCs (always encrypted) or stored encrypted with customer's own passphrases which never leave their computers, nor are stored anywhere. As far as I can tell, this is a major difference between CryptoHeaven and most other online storage providers which only make the connectivity SSL secure, but not the data residing on the servers to which sys admins have access to.

The system looks to be one of a few which really delivers the level of security it claims leaving little unsaid. Although it seems possible to privately implement additional algorithms like ECC and use it to communicate with your buddies (because the code is freely available), the copyright forbids it, and there are good reasons for that too. What I would like to see is integration with PGP so that we can start sending and receiving secure mail with an already established PGP user base.

I have read somewhere that symmetric key length and hash length used are not equivalent in their cryptographic strength. This claim is irrelevant as the hash seems to be used "for display purpose only" and not in the security protocols. I have yet to see a non-encrypted hash of anything on the system, so this looks good too.

Interesting is that they cannot reset your password in case you loose it. My explanation for this is because your private key (if stored on the server) is encrypted with the hash of your password, so you must have your original password to be able to decrypt your private key. If they were to reset it, your private key would have to be re-crypted with the hash of your new password, but to do that you still need the old password to decrypt it in the first place. Cleaver.

Passwords are often the weakest links in security and to rectify that, YOU CAN STORE YOUR PRIVATE KEY LOCALLY (always encrypted). This is something that is not possible with systems like Hushmail and many others.

Perhaps ability to sign other's keys and revoke signatures would create additional web of trust, but, oh well, you can't have everything.

The functionality is great; someone wrote they are putting 'all the eggs in one basket', however it may be an attempt to do just that, there is still long way to go. Never less, it is a very usable and user-friendly product which is much more than just online storage!

14 Mar 2002 21:17 unixman

Re: more functionalities than PGP

> yeah,
> file sharing, chatting just to name
> two great features other than secure
> email. I personally like it a lot, and
> would recommend it!

It is just a service, can live without it. What about opening the code for the backend? Now that's recommendable!

Cheers,

--
UM

12 Feb 2002 13:17 andy737 Thumbs up

more functionalities than PGP
yeah,
file sharing, chatting just to name two great features other than secure email. I personally like it a lot, and would recommend it!

They offer pretty cheap premium accounts. $2.4 per month - that's peanuts

Screenshot

Project Spotlight

Embedthis Appweb

A fast little Web server for embedding.

Screenshot

Project Spotlight

naken_asm

A microcontroller assembler.