Pretty Good Privacy

  Locations of visitors to this page
be notified of website changes? subscribe
Crypto Freedom!

 

Privacy

Zimmermann Legal Defense

CypherPunks

Pretty Good Privacy

Why PGP?

PGP FAQ

My PGP Story

Factoring

BlackNet Attack

MIT v. PRZ?

MajorDomo + PGP

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

Pretty Good Privacy

What is Pretty Good Privacy (PGP)?

Briefly, PGP is software that allows you to send and recieve email and files knowing that

the sender of information is who they claim to be

the information hasn't been tampered with en route

that only the intended recipient can read the communique

PGP is available for almost every modern computing system available. PGP is inextricably linked to it's author, Philip Zimmermann, and his persecution by the U.S. Government. (The story behind the Zimmermann Legal Defense Fund is a must-read.)

PGP in a nutshell

Here is the canned email I used to send people who asked about PGP in those dark days before the web existed:

X-Distribution-Policy: re-distribute freely; attribute appropriately.

Date: Tue 14 Dec 1993 00:37:12 -0800
From: msattler@GeekTimes.com (Michael 'Mickey' Sattler, San Francisco)
Subject: Encrypt now; ask me how.

There are various reasons to use encryption: you don't want anyone to get a hold of the symphony you're writing, you don't want your co-workers to know your sexual orientation, you want to protect your source code, and so on.

How secure do you want your data to be? Protecting your anniversary shopping list from your WordPerfect-using spouse necessitates a very different level of security than protecting trade secrets from your competitors. Since encryption is basically a transformation of plaintext to ciphertext, more secure transformations take more time (and are more of an inconvience to you).

Simple transformations will let you hide plaintext from the casual viewer. rot13, which rotates the letters 13 places, ie. 'A' becomes 'N', may provide the level of security you need. Compression software will transform your data into an unreadable form unless the viewer knows the software you used to compress it; if it allows you to password-protect the compressed archives then you're pretty well covered (and you'll be using less disk space).

Industrial-strength data encryption comes in many forms. UNIX "crypt" provides good encryption. Commercial software that implements the Data Encryption Standard (DES) offers low, middle, and high levels of security. DES-1 was recently broken with a network of PCs, DES-2 is still considered secure. DES can't be sent outside of the USA because its key-size is artificially limited (the key-size determines the level of security, all other things being equal).

The cremé de la cremé of data encryption is Philip Zimmerman's PGP (Pretty Good Privacy), available for (I think) UN*X, DOS, Windows, Mac, and Amiga. PGP exploits the fact that very large numbers can be very difficult to factor. PGP creates a key-pair using prime numbers. One you make public, the other you keep private. To send me a message you combine my public key with your private key. When I get the message, I read the message I use your public key with my private key. We get each other's public keys via email from each other or a key-server. (All this is part of the PGP docs, which are unpolished but worth the reading.) I'll also be glad to help you out.

I have other information about cryptography algorithms and software available.

You might also be interested in reading the scattered exchanges of the cypherpunks; send to cypherpunks-request@toad.com the message

SUBSCRIBE firstname lastname

(where of course you substitute your firstname and lastname). Enjoy!

PRZ's PGP Book

> I was shopping for books today and ran across "The official PGP
> Guide" by Phil Zimmermann. Do any of you know if it is any good?
> I might get it even if its bad, just to help the guy out, but I'd
> appreciate any reviews.

As an author, I can say that Phil's share of a the money you spend on a book is almost certainly less than ten per cent of the cover price. Buy Philip's book if you want a book about PGP. Donating to the Zimmermann Legal Defense Fund gets money to the people who have helped Phil in a more direct way.

Using PGP to Authenticate Routing Information

Merit, Inc. maintains the Internet routing database. Merit has ported PGP version 2.6 into the RIPE routing registry software. The new privacy feature makes it possible to use PGP's popular cryptographic algorithm to authenticate data submitted through e-mail to the Routing Arbiter Database (RADB) and other RIPE-181-style registries. To implement PGP, simply enter 'PGP- FROM my.email.address' in the RADB Maintainer object's 'auth:' field. You then use a public domain PGP client to sign your e-mail with your secret key. The RADB software uses your public key to verify your signature. The PGP encryption schema is known to be very difficult to break. PGP can also provide confidentiality by encrypting any data in such a way that only the recipient can read the message. For more information, contact Laurent Joncheray.

Have you found errors nontrivial or marginal, factual, analytical and illogical, arithmetical, temporal, or even typographical? Please let me know; drop me email. Thanks!
 
What's New?  •  Search this Site  •  Website Map
Travel  •  Burning Man  •  San Francisco
Kilts! Kilts! Kilts!  •  Macintosh  •  Technology  •  CU-SeeMe
This page is copyrighted 1993-2008 by Lila, Isaac, Rose, and Mickey Sattler. All rights reserved.