PGP Software - Is it safe?

Discussion in 'Computer Security' started by Mike Reed, Apr 23, 2004.

  1. Mike  Reed

    Mike Reed Guest

    Hi all,
    I downloaded an encryption program from MIT called PGP - supposedly a heavy
    weight encryption suite of programs. Has anyone used it before? if so is it
    reliable? I got it from here. http://web.mit.edu/network/pgp-form.html
    Cheers,
    Mikey!!
    Mike Reed, Apr 23, 2004
    #1
    1. Advertising

  2. Mike  Reed

    Jim Watt Guest

    On Fri, 23 Apr 2004 06:56:37 +0000 (UTC), "Mike Reed"
    <> wrote:

    >Hi all,
    >I downloaded an encryption program from MIT called PGP - supposedly a heavy
    >weight encryption suite of programs.


    >Has anyone used it before?


    yes

    > if so is it reliable?


    yes

    Why not go to Google and see if there is any mention of the
    program on the Internet, read any pages you find about it.


    --
    Jim Watt
    http://www.gibnet.com
    Jim Watt, Apr 23, 2004
    #2
    1. Advertising

  3. Mike  Reed

    billh Guest

    "Mike Reed" <> wrote in message
    news:c6aen4$k1u$...
    > Hi all,
    > I downloaded an encryption program from MIT called PGP - supposedly a

    heavy
    > weight encryption suite of programs. Has anyone used it before? if so is

    it
    > reliable? I got it from here. http://web.mit.edu/network/pgp-form.html
    > Cheers,
    > Mikey!!
    >
    >

    I use PGP frequently to manually encrypt personal info on my hard-drive; I
    don't use it for email so I can't comment on that feature. It works well for
    my use and I have never had a corrupted file.
    I don't think the MIT distribution is the latest one though. I believe the
    current version is around V8.03 which I think I got from Network Associates
    (free version). However, I think Network Associates was no longer going to
    support PGP. Like Jim Watt said, do a Google Search on PGP.

    Billh
    billh, Apr 23, 2004
    #3
  4. Mike  Reed

    Solbu Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    For info on PGP and the various versions & plugins,
    I strongly suggest the pages created and maintained by Tom McCune.

    http://www.mccune.cc/PGP.htm

    - --
    Solbu - http://www.solbu.net
    Remove 'ugyldig' for email
    PGP key ID: 0xFA687324
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.2 (GNU/Linux)

    iD8DBQFAjN+nT1rWTfpocyQRAqVoAKC2S5VfwlCgIJqH6chM83000nSwvQCg9eBz
    O9EBXy4+X0Egf7fPuL7fsOU=
    =oucY
    -----END PGP SIGNATURE-----
    Solbu, Apr 26, 2004
    #4
  5. "billh" <> wrote in
    news:9%aic.85348$:

    >
    > "Mike Reed" <> wrote in message
    > news:c6aen4$k1u$...
    >> Hi all,
    >> I downloaded an encryption program from MIT called PGP - supposedly a

    > heavy
    >> weight encryption suite of programs. Has anyone used it before? if so
    >> is

    > it
    >> reliable? I got it from here.
    >> http://web.mit.edu/network/pgp-form.html Cheers,
    >> Mikey!!
    >>
    >>

    > I use PGP frequently to manually encrypt personal info on my
    > hard-drive; I don't use it for email so I can't comment on that
    > feature. It works well for my use and I have never had a corrupted
    > file. I don't think the MIT distribution is the latest one though. I
    > believe the current version is around V8.03 which I think I got from
    > Network Associates (free version). However, I think Network Associates
    > was no longer going to support PGP. Like Jim Watt said, do a Google
    > Search on PGP.
    >
    > Billh
    >
    >


    the MIT ver. is the one thats a freebie. but it's apparently got some
    serious flaws. but good enough to test out the app and see out it works.

    the the current one, you got to buy it. http://www.pgp.com/

    *yes, sometimes you have to pay for quality products. you can't mooch
    everthing for free all the time*



    --
    Secure Lockdown
    CISSP, MCSE, Security+, Linux+
    Secure Lockdown, Apr 27, 2004
    #5
  6. Mike  Reed

    Bill Unruh Guest

    Secure Lockdown <> writes:

    ]"billh" <> wrote in
    ]news:9%aic.85348$:

    ]>
    ]> "Mike Reed" <> wrote in message
    ]> news:c6aen4$k1u$...
    ]>> Hi all,
    ]>> I downloaded an encryption program from MIT called PGP - supposedly a
    ]> heavy
    ]>> weight encryption suite of programs. Has anyone used it before? if so
    ]>> is
    ]> it
    ]>> reliable? I got it from here.
    ]>> http://web.mit.edu/network/pgp-form.html Cheers,
    ]>> Mikey!!
    ]>>
    ]>>
    ]> I use PGP frequently to manually encrypt personal info on my
    ]> hard-drive; I don't use it for email so I can't comment on that
    ]> feature. It works well for my use and I have never had a corrupted
    ]> file. I don't think the MIT distribution is the latest one though. I
    ]> believe the current version is around V8.03 which I think I got from
    ]> Network Associates (free version). However, I think Network Associates
    ]> was no longer going to support PGP. Like Jim Watt said, do a Google
    ]> Search on PGP.
    ]>
    ]> Billh
    ]>
    ]>

    ]the MIT ver. is the one thats a freebie. but it's apparently got some
    ]serious flaws. but good enough to test out the app and see out it works.

    ]the the current one, you got to buy it. http://www.pgp.com/

    ]*yes, sometimes you have to pay for quality products. you can't mooch
    ]everthing for free all the time*

    Nuts. Who is mooching. Some people feel that software should be
    available, just like Science is, to anyone.
    Get gpg, an open source version of pgp. PGP is also free for
    non-commercial use AFAIK.
    Depends on what you want it for. If it is for encrypting files, there
    are lots of encryption programs-- blowfish, AES, 3DES,... For email gpg
    or pgp are more or less the standards.
    Bill Unruh, Apr 27, 2004
    #6
  7. Mike  Reed

    billh Guest

    "Secure Lockdown" <> wrote in message
    news:Xns94D7E04C7FF87securelockdown2123@66.185.95.104...
    > "billh" <> wrote in
    > news:9%aic.85348$:
    >
    > >
    > > "Mike Reed" <> wrote in message
    > > news:c6aen4$k1u$...
    > >> Hi all,
    > >> I downloaded an encryption program from MIT called PGP - supposedly a

    > > heavy
    > >> weight encryption suite of programs. Has anyone used it before? if so
    > >> is

    > > it
    > >> reliable? I got it from here.
    > >> http://web.mit.edu/network/pgp-form.html Cheers,
    > >> Mikey!!
    > >>
    > >>

    > > I use PGP frequently to manually encrypt personal info on my
    > > hard-drive; I don't use it for email so I can't comment on that
    > > feature. It works well for my use and I have never had a corrupted
    > > file. I don't think the MIT distribution is the latest one though. I
    > > believe the current version is around V8.03 which I think I got from
    > > Network Associates (free version). However, I think Network Associates
    > > was no longer going to support PGP. Like Jim Watt said, do a Google
    > > Search on PGP.
    > >
    > > Billh
    > >
    > >

    >
    > the MIT ver. is the one thats a freebie. but it's apparently got some
    > serious flaws. but good enough to test out the app and see out it works.
    >
    > the the current one, you got to buy it. http://www.pgp.com/
    >
    > *yes, sometimes you have to pay for quality products. you can't mooch
    > everthing for free all the time*
    >
    >
    >
    > --
    > Secure Lockdown
    > CISSP, MCSE, Security+, Linux+


    Suggest you have a look at the site you referenced taking into account the
    usage of the product. PGP V8.03 is available to students and others for
    personal non-commercial use. You don't get all the features but you do get
    basic encryption capabilities. Would scarcely call it mooching when they are
    giving it away.
    Billh
    billh, Apr 28, 2004
    #7
  8. "billh" <> wrote in
    news:E2Djc.68786$:

    > PGP V8.03 is available to students and
    > others for personal non-commercial use.


    can you pls post link where you can get that?

    i looked briefly, and can't see it readily availle for free download on
    their main site anywhere...

    thanx


    --
    Secure Lockdown
    CISSP, MCSE, Security+, Linux+
    Secure Lockdown, Apr 28, 2004
    #8
  9. (Bill Unruh) wrote in news:c6kt9u$62k$1
    @string.physics.ubc.ca:

    > Nuts. Who is mooching. Some people feel that software should be
    > available, just like Science is, to anyone.
    > Get gpg, an open source version of pgp. PGP is also free for
    > non-commercial use AFAIK.
    > Depends on what you want it for. If it is for encrypting files, there
    > are lots of encryption programs-- blowfish, AES, 3DES,... For email gpg
    > or pgp are more or less the standards.


    i didn't say there weren't open source alternatives....

    i was refering to PGP as per the MIT site and the commercial one.

    :-(

    --
    Secure Lockdown
    CISSP, MCSE, Security+, Linux+
    Secure Lockdown, Apr 28, 2004
    #9
  10. In article <Xns94D9B5A0114C7securelockdown2123@66.185.95.104>, on Wed, 28 Apr 2004 21:51:19 GMT,
    Secure Lockdown <> wrote:

    | "billh" <> wrote in
    | news:E2Djc.68786$:
    |
    | > PGP V8.03 is available to students and
    | > others for personal non-commercial use.
    |
    | can you pls post link where you can get that?
    |
    | i looked briefly, and can't see it readily availle for free download on
    | their main site anywhere...

    <http://www.pgp.com/products/freeware.html>

    HTH

    <davidp />

    --
    David Postill
    David Postill, Apr 29, 2004
    #10
  11. Mike  Reed

    Beachcomber Guest


    >-----BEGIN PGP SIGNED MESSAGE-----
    >Hash: SHA1
    >
    >For info on PGP and the various versions & plugins,
    >I strongly suggest the pages created and maintained by Tom McCune.
    >
    >http://www.mccune.cc/PGP.htm
    >


    I use PGP ver. 6.0.2i. IMO, it was one of the last full-featured
    versions that was freely given away (apparently as a prototype for a
    commecial product).

    Later "Free" version of PGP were stripped of important and useful
    features such as "Disk Tools" that allowed you to encrypt entire
    volumes of hard disk space. The "Pay" versions apparently include
    some variation of this, though.

    While PGP ver 6.0.2i worked great on WIN98, there apparently are some
    minor bugs (icons not showing up in the proper place, etc.) with WIN
    XP. It doesn't stop the basic operation of the program, you just need
    to be aware of some minor work-arounds.

    Beachcomber
    Beachcomber, Apr 29, 2004
    #11
  12. David Postill <> wrote in
    news::

    > http://www.pgp.com/products/freeware.html


    kind-a pointless without these, isn't it?

    - Does not include automatic encryption of email file attachments
    - Does not provide plug-in integration with Outlook, Outlook Express, or
    other email applications on any platform

    --
    Secure Lockdown
    CISSP, MCSE, Security+, Linux+
    Secure Lockdown, Apr 29, 2004
    #12
  13. In article <Xns94DAB61FB7343securelockdown2123@66.185.95.104>, on Thu, 29 Apr 2004 21:54:09 GMT,
    Secure Lockdown <> wrote:

    | David Postill <> wrote in
    | news::
    |
    | > http://www.pgp.com/products/freeware.html
    |
    | kind-a pointless without these, isn't it?

    So buy one of the desktop versions ...

    | - Does not include automatic encryption of email file attachments
    | - Does not provide plug-in integration with Outlook, Outlook Express, or
    | other email applications on any platform

    <shrugs />

    I'm happy with it. Works via the clipboard. Thats good enough for me.

    I suppose I could write a macro that saved me some of the keystrokes
    wasted but I really can't be bothered ...

    <davidp />

    --
    David Postill
    David Postill, Apr 30, 2004
    #13
  14. Mike  Reed

    Dave Guest

    There are a number of alternatives to PGP - such as Crypteze - that
    use the built-in encryption capabilities (RSA, etc.) of Windows and
    Outlook/Outlook Express. For just secure e-mail you could of course
    acquire a digital ID from any of various providers such as Verisign.

    In general, the encryption capablities offered by Windows can be
    regarded as being very safe.

    Dave
    Dave, May 2, 2004
    #14
  15. Mike  Reed

    Bill Unruh Guest

    (Dave) writes:

    ]There are a number of alternatives to PGP - such as Crypteze - that
    ]use the built-in encryption capabilities (RSA, etc.) of Windows and
    ]Outlook/Outlook Express. For just secure e-mail you could of course
    ]acquire a digital ID from any of various providers such as Verisign.


    ]In general, the encryption capablities offered by Windows can be
    ]regarded as being very safe.

    What evidence do you have for this? It is impossible to test the
    security of an encryption system just by looking at the input and
    output. Unless the encryption is completely and totally stupid, the
    output will look random. You MUST look at the source code for the
    encryption routines, and must look to see how they are handled.

    A number of years ago a paper was published showing how the factors in
    RSA could be encoded in the public key, so that anyone in the know could
    decrypt any message trivially easily, but this info was completely
    invisible to those not in the know. Ie, not only the encryption system
    but also ( or especially) the key generation algorithm need to be public
    ( Recall also the Netscape disaster, where their ultra secure keys were
    shown to have only something like 15 bits of randomness due to
    incompetence in the generation of the random numbers).

    I would not trust the MS encryption for anything but hiding your cookie
    recipie from your mother-in-law.
    Bill Unruh, May 3, 2004
    #15
  16. (Bill Unruh) wrote in news:c75uup$5ce$1
    @string.physics.ubc.ca:

    >
    > What evidence do you have for this?


    uber crypto papers.

    > It is impossible to test the
    > security of an encryption system just by looking at the input and
    > output. Unless the encryption is completely and totally stupid, the
    > output will look random.


    collisions


    > You MUST look at the source code for the
    > encryption routines, and must look to see how they are handled.
    >
    > A number of years ago a paper was published showing how the factors in
    > RSA could be encoded in the public key, so that anyone in the know could
    > decrypt any message trivially easily, but this info was completely
    > invisible to those not in the know. Ie, not only the encryption system
    > but also ( or especially) the key generation algorithm need to be public
    > ( Recall also the Netscape disaster, where their ultra secure keys were
    > shown to have only something like 15 bits of randomness due to
    > incompetence in the generation of the random numbers).
    >
    > I would not trust the MS encryption for anything but hiding your cookie
    > recipie from your mother-in-law.


    MS just got into bed with RSA. i think the next few generaions of MS OS and
    NOS will be more security focused. perhaps the programmers are still going
    to release stuff that has not been properly and thorouly tested (based on
    standards that should be in place considering they are the major OS out
    there), but i believe there is going to be more focus on security.


    --
    Secure Lockdown
    CISSP, MCSE, Security+, Linux+
    Secure Lockdown, May 4, 2004
    #16
  17. Mike  Reed

    Dave Guest

    Secure Lockdown <> wrote in message news:<Xns94DEE27CA199Esecurelockdown2123@66.185.95.104>...
    > (Bill Unruh) wrote in news:c75uup$5ce$1
    > @string.physics.ubc.ca:
    >
    > >
    > > What evidence do you have for this?

    >
    > uber crypto papers.
    >
    > > It is impossible to test the
    > > security of an encryption system just by looking at the input and
    > > output. Unless the encryption is completely and totally stupid, the
    > > output will look random.

    >
    > collisions
    >
    >
    > > You MUST look at the source code for the
    > > encryption routines, and must look to see how they are handled.
    > >
    > > A number of years ago a paper was published showing how the factors in
    > > RSA could be encoded in the public key, so that anyone in the know could
    > > decrypt any message trivially easily, but this info was completely
    > > invisible to those not in the know. Ie, not only the encryption system
    > > but also ( or especially) the key generation algorithm need to be public
    > > ( Recall also the Netscape disaster, where their ultra secure keys were
    > > shown to have only something like 15 bits of randomness due to
    > > incompetence in the generation of the random numbers).
    > >
    > > I would not trust the MS encryption for anything but hiding your cookie
    > > recipie from your mother-in-law.

    >
    > MS just got into bed with RSA. i think the next few generaions of MS OS and
    > NOS will be more security focused. perhaps the programmers are still going
    > to release stuff that has not been properly and thorouly tested (based on
    > standards that should be in place considering they are the major OS out
    > there), but i believe there is going to be more focus on security.


    Given the prevalence of Microsoft/RSA encryption (EFS, SSL, S/MIME,
    etc.) and the lack of exploits, I believe it is fair to say that it is
    quite safe.

    If there is a weakness in the MS/RSA encryption, it lies in the
    general lack of security of Windows and that of human factors -
    assuming the use of relatively strong algorithms and keys (128 bit
    RC2, 3-DES, minimum 1024 bit keys).

    However, there are measures you can take to further protect your keys,
    and thus your data, such as enabling "high" protection so as to
    password-protect your private key.
    Dave, May 4, 2004
    #17
  18. (Dave) wrote in news:ce582329.0405040342.13618f27
    @posting.google.com:

    > However, there are measures you can take to further protect your keys,
    > and thus your data, such as enabling "high" protection so as to
    > password-protect your private key.


    also, don't forget to lock it in the safe...

    :p)

    --
    Secure Lockdown
    CISSP, MCSE, Security+, Linux+
    Secure Lockdown, May 5, 2004
    #18
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Christian Werner

    Mozilla Mail and PGP

    Christian Werner, Sep 18, 2003, in forum: Firefox
    Replies:
    3
    Views:
    1,239
    Christian Werner
    Sep 19, 2003
  2. Calimero

    Thunderbird and pgp

    Calimero, Jan 8, 2004, in forum: Firefox
    Replies:
    1
    Views:
    662
    Christian Werner
    Jan 10, 2004
  3. English Patient
    Replies:
    3
    Views:
    1,813
    Old Gringo
    Oct 4, 2004
  4. Soapy
    Replies:
    1
    Views:
    673
    The Magnificent Bastard
    Aug 16, 2004
  5. Soapy
    Replies:
    1
    Views:
    738
    Steve Leyland
    Aug 16, 2004
Loading...

Share This Page