Pretty Good Privacy

Brian High kv9x at scn.org
Thu Mar 18 08:35:01 PST 1999 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Seattle Community Network Users, and others: 

I am so excited about this, I am sending this letter F.Y.I. (For Your Information).  If you already know about PGP or 
are not interested, just ignore this. 

However, since you are SCN users, you are probably interested in Community Networking, free software, and privacy 
issues.  If this is indeed the case, read on! 

I have been reading up on encryption ... fascinating.  As far as encryption "for the masses", the most famous product 
is PGP (Pretty Good Privacy). 

It was developed by a process similar to Linux -- open source, etc., but due to patent complications, it had to be 
released as freeware for non-commercial use and payware for commercial use. 

It was written by a man who got a B.S. in Comp.Sci who was an anti-nuke activist. (Phil Zimmerman) 
( http://www.nai.com/products/security/phil/phil.asp ) 

He started PGP, Inc. when the patent difficulties were resolved. ( http://www.pgp.com )  PGP, Inc. has merged with 
other companies (including McAffee) to form Network Associates. 

PGP is now used by human rights organizations to protect their informants, and refugee organizations in eastern 
Europe, among other worthy uses. ( http://www.nai.com/products/security/phil/phil-letters.asp ) 

PGP was written in C, initally for DOS.  Now it runs on many platforms.  It is based in a command-line interface and 
can encrypt anything, not just email.  There is even an "add-on" that lets you encrypt your entire hard-drive!  There 
is also Windows and Mac versions. ( http://www.pgpi.com/products/ ) 

I have been reading this book: PGP: Pretty Good Privacy, by Simson Garfinkel (O'Reilly and Assoc.)  It is really 
interesting as the first half is the history of encryption, especially computer implementations. ( 
http://www.oreilly.com/catalog/pgp/ ) 

The main algorithms used in PGP were developed in the 70s and 80s.  They were created by MIT and Stanford 
professors of Mathematics, among others.  They have been under considerable peer review and cracking efforts.  No 
weaknesses have been found.  It is estimated that even with the most powerful computers trying an exhaustive "brute 
force" attack on a PGP key, the solution would take so long, the sun would explode first. 

One of the algorithms used is RSA, which most email and web encryption uses.  For instance, Thawte "certs" use 
RSA and are available for free. ( http://thawte.com )  These certs work with MS Outlook Express and Netscape 4.0+ 
Mail.  The certs are validated by an international protocol.  I have used a Thawte cert with Outlook Express and it 
was quite easy to use.  However, if you change your email server or login information (like userid) you need to get a 
new cert. 

PGP works with Eudora and Emacs, among other mail programs, but not most of the other popular ones, 
unfortunately.  This may change as PGP becomes more popular.  PGP keys are validated by your friends -- your 
"web of trust".  You generate your own keys, whenver you want. 

There has also been conflicts with the US N.S.A. (National Security Agency - "Never Say Anything").  They call 
encryption software "munitions" and forbid export of it.  However, PGP was (illegally) exported and is now used 
widely around the world.  An international version ( http://www.pgpi.com/ ) is available outside the U.S.  It is 
compatible with the US version of PGP. 

So, consider downloading it (US download only: http://web.mit.edu/network/pgp.html ) and trying it out.  It is free, 
after all, and you might enjoy the privacy it can give you. 

- --Brian High 
 

PGP Key Servers (WWW) 
http://www.uk.pgp.net/pgpnet/www-key.html 

My PGP public key as found in a key server:
http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0xD13C5EE7

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQA/AwUBNvEoE12bHdDRPF7nEQKK6QCePeVGusZCc1U0h/gShOhyQ+peHw8An0gI
WZhvYiGvCCZS2CCBCdZShufo
=SKyD
-----END PGP SIGNATURE-----

* * * * * * * * * * * * * *  From the Listowner  * * * * * * * * * * * *
.	To unsubscribe from this list, send a message to:
majordomo at scn.org		In the body of the message, type:
unsubscribe scn
==== Messages posted on this list are also available on the web at: ====
* * * * * * *     http://www.scn.org/volunteers/scn-l/     * * * * * * *

More information about the scn mailing list