a couple PGP questions

Discussion in 'Computer Security' started by eee, Nov 4, 2004.

  1. eee

    eee Guest

    I got pgp freeware 8.1. Haven't installed yet.

    I see you can create different types of keys but I want to be backward
    compatible. What kind of keys should I create that are compatible with older
    pgp versions people are still using?


    I see some people are encrypting files with pgp. can I do this with the
    freeware version?


    eee
     
    eee, Nov 4, 2004
    #1
    1. Advertisements

  2. RSA goes back further than DH. It should not influence your choice.
    Very few current users have a version that cannot do both.
    Keep away from IDEA for session keys. There are patents which
    discourage some from its use, and slightly limit the way that GPG (Gnu
    Privacy Guard) may be distributed. That means that your correspondence
    with GPG users may not be as smooth as it might have been.

    Take PGP's defaults and you won't go far wrong.
    yes.
    You miss out on PGP disk I think. It is an encrypted container file. I
    find it quite useful, and it alone makes the $35 personal edition worth
    the money for me.
     
    Elliott Roper, Nov 4, 2004
    #2
    1. Advertisements

  3. eee

    nemo outis Guest


    If you are serious about security, then open-source should be
    high on your list of desiderata (not that it is a panacea by any
    means). Accordingly, version 6.5.8 (the last with source code)
    should be your mainstay (I will avoid subtleties such as MIT v
    CKT versions).

    Regards,
     
    nemo outis, Nov 5, 2004
    #3
  4. eee

    Tom McCune Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    nemo (nemo outis) wrote in
    PGP has never really been open source, but except for 7.x versions,
    it has nearly always had source code available for review. All 8.x
    versions have complete source code available for review. I would
    recommend the current 8.1 version.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.1
    Comment: My PGP Page & FAQ: http://www.mccune.cc/PGP.htm

    iQEVAwUBQYrk6WDeI9apM77TAQIVOwf/Zd2iSSeGidKVQeRbF0y2v7+/1IwVyoiG
    jLOEcYzwKYCxefSMp4V1ZkOgS9ehyRCpvr9LVX3j8z/yvIad2tHAuUueC5QVuyMu
    ZDNVlewrIYn0DJ503nyzKMTd62aG/HU4DlOJoFFbEbbj1ePOGo68o9xvMPQIstmd
    +AA7lE8TpSzREzJl6CGDGuUWuTXH1+ZwE1O8eNX3Iuh7mrA9ZVNp7FWJSEJKDYoJ
    ANZO57WCPiOF95x6fnN6PwEFLQ/Cs/vwbCfEUAzscmLsIKVvZPlf9/k3tAcRnsA2
    Kpx+qWwateQIPSkZVYhG8rFs+bQ3gxKgMj9GsM13gdOfgjwVWogQxQ==
    =3GdX
    -----END PGP SIGNATURE-----
     
    Tom McCune, Nov 5, 2004
    #4
  5. eee

    Johan Wevers Guest

    That depends on your definition of open source. I've always used
    self-compiled 2.6 versions, and still use them besides GnuPG.
    Can you build the complete pgp 8.x package from the distributed source code?
    AFAIK only the crypto functions were open source. Or has this changed?
     
    Johan Wevers, Nov 5, 2004
    #5
  6. eee

    Mxsmanic Guest

    Yes, if you have the right compiler software.
    Last I looked, it was all there, but that was several versions ago.
     
    Mxsmanic, Nov 5, 2004
    #6
  7. eee

    Tom McCune Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    4all.nl (Johan Wevers) wrote in

    As I understand it, if it were open source, then others would be
    allowed to make their own compilation and distribute it. Although
    that has been done, the only builds that I'm aware of PGP owners ever
    really even tacitly permitting were the "i" builds.
    Yes, as already stated, the PGP 8.x builds are complete in the source
    code release. You are probably thinking of the 7.1 source code
    release that was only for the sdk (and which was the only 7.x source
    code release). That was towards the end of NAI ownership of PGP.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.1
    Comment: My PGP Page & FAQ: http://www.mccune.cc/PGP.htm

    iQEVAwUBQYwEBGDeI9apM77TAQKaZwgAgW7mrxxjsTuDsFUM8OIfwVO8xLDpe7z9
    ZdM2Gfp2rA5oCThmwbhlgx4cgskm07pzr5cgu9b0t3XCcwoPwS6IFIrN1FeVCgWp
    LImoYswDLmwM1D2yO5th0/8kaxTVyNfzGXu2QYviFuXll+cZEjXGq1ThFPpkSwxS
    HwrrbbuJnL/J3bVIrMvHNHUPNY8iX6+vDySXz+mZBjo4ThVwB8WgF6Q3krbmfrV+
    mZYjOkQevr2VpWVYs0UOB4cFShWI9RBpXsHLuf0dsQVhyploqTrjeEmChmLevmL8
    kcV7DFdvPgUUB5Rj3L06Ei+6Abk4ZkICIRt7YA8RPoHD8WzMXLX8EQ==
    =as4R
    -----END PGP SIGNATURE-----
     
    Tom McCune, Nov 5, 2004
    #7
  8. eee

    Zuxy Guest

    A DSS/DH keypair with CAST5 cipher and SHA-1 hash should work for all.
    Yes you can.
     
    Zuxy, Nov 8, 2004
    #8
  9. eee

    Johan Wevers Guest

    That's along the lines of the GNU and BSD licenses, but it's debatable if
    this is required to call something open source.
    Patent issues were more liberal outside the USA, so adapted i versions
    would meet fewer legal problems. And further, if we look at 2.6.x, why
    would someone _want_ to adapt a crippled US version like 2.6.2 if a
    better one, like 2.6.3ia, is available?
     
    Johan Wevers, Nov 9, 2004
    #9
  10. eee

    Johan Wevers Guest

    Not for 2.x versions, which are still widely used (although GnuPG has
    decreased the need for it).
     
    Johan Wevers, Nov 9, 2004
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.