Pretty Good Privacy
Brian High
kv9x at scn.org
Thu Mar 18 08:35:01 PST 1999
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Seattle Community Network Users, and others:
I am so excited about this, I am sending this letter F.Y.I. (For Your Information). If you already know about PGP or
are not interested, just ignore this.
However, since you are SCN users, you are probably interested in Community Networking, free software, and privacy
issues. If this is indeed the case, read on!
I have been reading up on encryption ... fascinating. As far as encryption "for the masses", the most famous product
is PGP (Pretty Good Privacy).
It was developed by a process similar to Linux -- open source, etc., but due to patent complications, it had to be
released as freeware for non-commercial use and payware for commercial use.
It was written by a man who got a B.S. in Comp.Sci who was an anti-nuke activist. (Phil Zimmerman)
( http://www.nai.com/products/security/phil/phil.asp )
He started PGP, Inc. when the patent difficulties were resolved. ( http://www.pgp.com ) PGP, Inc. has merged with
other companies (including McAffee) to form Network Associates.
PGP is now used by human rights organizations to protect their informants, and refugee organizations in eastern
Europe, among other worthy uses. ( http://www.nai.com/products/security/phil/phil-letters.asp )
PGP was written in C, initally for DOS. Now it runs on many platforms. It is based in a command-line interface and
can encrypt anything, not just email. There is even an "add-on" that lets you encrypt your entire hard-drive! There
is also Windows and Mac versions. ( http://www.pgpi.com/products/ )
I have been reading this book: PGP: Pretty Good Privacy, by Simson Garfinkel (O'Reilly and Assoc.) It is really
interesting as the first half is the history of encryption, especially computer implementations. (
http://www.oreilly.com/catalog/pgp/ )
The main algorithms used in PGP were developed in the 70s and 80s. They were created by MIT and Stanford
professors of Mathematics, among others. They have been under considerable peer review and cracking efforts. No
weaknesses have been found. It is estimated that even with the most powerful computers trying an exhaustive "brute
force" attack on a PGP key, the solution would take so long, the sun would explode first.
One of the algorithms used is RSA, which most email and web encryption uses. For instance, Thawte "certs" use
RSA and are available for free. ( http://thawte.com ) These certs work with MS Outlook Express and Netscape 4.0+
Mail. The certs are validated by an international protocol. I have used a Thawte cert with Outlook Express and it
was quite easy to use. However, if you change your email server or login information (like userid) you need to get a
new cert.
PGP works with Eudora and Emacs, among other mail programs, but not most of the other popular ones,
unfortunately. This may change as PGP becomes more popular. PGP keys are validated by your friends -- your
"web of trust". You generate your own keys, whenver you want.
There has also been conflicts with the US N.S.A. (National Security Agency - "Never Say Anything"). They call
encryption software "munitions" and forbid export of it. However, PGP was (illegally) exported and is now used
widely around the world. An international version ( http://www.pgpi.com/ ) is available outside the U.S. It is
compatible with the US version of PGP.
So, consider downloading it (US download only: http://web.mit.edu/network/pgp.html ) and trying it out. It is free,
after all, and you might enjoy the privacy it can give you.
- --Brian High
PGP Key Servers (WWW)
http://www.uk.pgp.net/pgpnet/www-key.html
My PGP public key as found in a key server:
http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0xD13C5EE7
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQA/AwUBNvEoE12bHdDRPF7nEQKK6QCePeVGusZCc1U0h/gShOhyQ+peHw8An0gI
WZhvYiGvCCZS2CCBCdZShufo
=SKyD
-----END PGP SIGNATURE-----
* * * * * * * * * * * * * * From the Listowner * * * * * * * * * * * *
. To unsubscribe from this list, send a message to:
majordomo at scn.org In the body of the message, type:
unsubscribe scn
==== Messages posted on this list are also available on the web at: ====
* * * * * * * http://www.scn.org/volunteers/scn-l/ * * * * * * *
More information about the scn
mailing list