Newbie SDA question - PGP

This is a discussion on Newbie SDA question - PGP ; I need to occasionally send self-decrypting archives to various clients, who may be using Windows or Mac, and making it as convenient for them as possible (without keys on their end). The files need to be as bulletproof as possible. ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Newbie SDA question

  1. Newbie SDA question

    I need to occasionally send self-decrypting archives to various
    clients, who may be using Windows or Mac, and making it as convenient
    for them as possible (without keys on their end). The files need to
    be as bulletproof as possible.

    I'm considering getting PGP Desktop for Windows and PGP Desktop for
    Mac from pgp.com, determining which platform a particular client needs
    for a particular file, and encrypting as needed. But sometimes the
    same file needs to be sent to a Windows user AND a Mac user. I'd
    rather not have to encrypt twice (because the files can sometimes be
    VERY large... 50Mb and up), so I'm also considering StuffIt .sitx:

    http://www.stuffit.com/compression/sitxformat.html

    which can be decrypted on Mac or Windows using the StuffIt program.

    Can anyone tell from the info given on the stuffit page (all they say
    is 512-bit encryption) whether .sitx is even close to the security of
    a PGP SDA? And also, I assume the 40-bit encryption of their .sit and
    ..zip could easily be cracked?

    Sorry for the naive questions. I know nothing about encryption.


    p.s. Two things I've wondered about the PGP SDA:

    Is the security dependent on the complexity and length of the
    password?

    Is it as secure as PGP with keys? (I've seen conflicting opinions)

    Thanks!

  2. Re: Newbie SDA question

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    xtooebb@yahoo.com (Bob Grover) wrote in
    news:ba70bf5c.0405221433.5d59bed8@posting.google.c om:


    > Can anyone tell from the info given on the stuffit page (all they say
    > is 512-bit encryption) whether .sitx is even close to the security of
    > a PGP SDA? And also, I assume the 40-bit encryption of their .sit and
    > .zip could easily be cracked?


    512 bit symmetric encryption is now breakable. That is very
    significantly weaker than the minimum 1024 key allowed by current PGP
    versions. A typical home computer can break 40 bit symmetric encryption
    within a few hours.

    > Sorry for the naive questions. I know nothing about encryption.


    Those are good questions well worth asking.

    > p.s. Two things I've wondered about the PGP SDA:
    >
    > Is the security dependent on the complexity and length of the
    > password?


    Yes. PGP SDAs use 128 bit CAST5 that appears completely secure.

    > Is it as secure as PGP with keys? (I've seen conflicting opinions)


    At least in theory, it is possible to have passphrases stronger than the
    128 bit symmetric encryption, but it is not usually so in practice. PGP
    public keys larger than 3000 bits are stronger than 128 bit symmetric
    encryption. So, the answer to your question depends on your key size,
    and how good your SDA passphrase is.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.3
    Comment: My PGP Page & FAQ: http://www.McCune.cc/PGP.htm

    iQEVAwUBQK/y+mDeI9apM77TAQIg4QgAlY1/a3Iu2om8mFjX8TzLWi9XYX/zRCPO
    ulJSImss32Uxha13VNks6ViHXhCdAQM/+cY5hW9eTzNFpYUkHphFaAykaeP3Bq4Z
    rzFzhEHdfEmdeQuA7Rfq4F67SRit5FOyAL6m4geKPXjIGYdKZF C+yDcmXDXcokOI
    wSqCX1yIzmVDQhi3mscluSwa4j1QccbT+0g5azPb44zfZ5i8SA vu8V/JgihM6Ez5
    aJfJKajB8PIsD2vFEMH87AZEhaa6mliV5a0z69lT2xcSvuSO1r CnR4xRl/BowBcK
    lmZGq8Yiicow1VyzUK69BLM+4cVQehvNH7D+5XYCD217NMmSNU aeXQ==
    =x8Il
    -----END PGP SIGNATURE-----

  3. Re: Newbie SDA question


    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Tom McCune wrote:
    > 512 bit symmetric encryption is now breakable.


    Lol, I think you meant assymetric.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.3

    iQA/AwUBQK/2eEHhrzGF76A2EQJAoQCaAruS3Go8dg83ScruEG4CF1ova1gAo MfL
    nAwyG89tRFz6S7VST3llYxWy
    =DzTv
    -----END PGP SIGNATURE-----



  4. Re: Newbie SDA question

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    "Rob" wrote in
    news:KESrc.289$B22.2437304@news-text.cableinet.net:

    >> 512 bit symmetric encryption is now breakable.

    >
    > Lol, I think you meant assymetric.


    YES - Definitely asymmetric- Thank you.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.3
    Comment: My PGP Page & FAQ: http://www.McCune.cc/PGP.htm

    iQEVAwUBQK/8nmDeI9apM77TAQLWwggAo0qOw/3z7Z1DgIpjCVgporBCsMH1kVCL
    LEY1FAxSRI5fAIbHPOMIUSSnC7w9DquX+bUeQgnquTGJlPL616 CqrHhuWQEC/HVA
    Z9cBBVUWk4WyOxjn/rc0xlTW12fnnAXkpVPzR7zmHIFqC4B3OHsLap/D5zJRHsqW
    85YsDCIJ04TI3Nbmh6st7pe2IdwP3NpUVLSwsPg4K/tGmku3jZsjEXf94nr3VEe2
    6tpRNuJxa+Ya3YETrPsXkXYwbykovY4goB44dPhaZy3csvR1Px RjS+DuGNnxzFJ7
    RMphuGW0NHCHNJqKEHnxB3ugyGIXOAr5D/USrTiqE23jHs4XlHMUeQ==
    =n1AH
    -----END PGP SIGNATURE-----

+ Reply to Thread