best pgp software question - PGP

This is a discussion on best pgp software question - PGP ; I think this thread got off from the original topic, as practically speaking gnupg or PGP will do what the poster wants. I most cases, if people intercepting data see that it is encrypted and they have strong reason to ...

+ Reply to Thread
Page 3 of 3 FirstFirst 1 2 3
Results 41 to 58 of 58

Thread: best pgp software question

  1. Re: best pgp software question

    I think this thread got off from the original topic, as practically speaking
    gnupg or PGP will do what the poster wants. I most cases, if people
    intercepting data see that it is encrypted and they have strong reason to find
    out what the content of the data is, there are usually cheaper and easier ways
    to go about getting it than trying to decrypt it.

    I asked one of my professors who is an expert mathematician and cryptologist,
    about this issue once, and he said that most of the ways organizations like the
    NSA get to your data is through implementation flaws (OS, encrypting program,
    key-loggers, encoding methods) not through algorithm flaws. He also said he
    thought it VERY unlikely the NSA could, in a reasonable time frame,
    "brute-force" a 256-bit symmetric key like AES.

    If we assume the computer system itself, encryption implementation, and encoding
    methods are secure (the biggest pitfall), and we assume there are no known ways
    better than brute-force to crack a symmetric cipher like AES, a 256 bit key
    would mean, on average, a search through 2^255 key permutations. While no one
    (outside the government) knows the NSA's capabilities, assume they can try
    1,000,000,000,000,000 (one quadrillion) keys a second, the average time needed
    to find the key would be 1.83*e^54 years. The universe is estimated to be about
    20 billion years old. I've heard based on our understanding of particle
    physics, there is not enough energy in the known universe to run these kind of
    calculations.

    So if done absolutely right, the encryption itself is solid. It's everything
    around it that usually breaks down.

    ~David~

  2. Re: best pgp software question

    clark wrote:
    > On 5 May 2006 22:57:46 -0700, "jennifer1988"
    > wrote:
    >
    > >John Wunderlich wrote:
    > >> "jennifer1988" wrote in
    > >> news:1146809706.745775.253190@j73g2000cwa.googlegr oups.com:
    > >>
    > >> > I apologize for this very basic question. I have a number of files
    > >> > that I want to encrypt with pgp. They are letters, legal documents
    > >> > and other similar files that I don't want anyone to see. I'm
    > >> > looking for a software package to buy. Something free is good too
    > >> > if it does what I want. I have many folders and many files. I
    > >> > could take all the files in a folder, put them in a zip file and
    > >> > then encrypt the zip file. Or, I might want to encrypt each file
    > >> > individually. Is there a software package that will take 100 or so
    > >> > files and encrypt each one of them individually with a few strokes
    > >> > by me? What software is best?
    > >> >
    > >>
    > >> I would recommend the (IMHO) excellent freeware "Truecrypt".
    > >> It works by creating a virtual disk that exists as an encrypted
    > >> container file on your compter and when given the correct password will
    > >> mount as a drive on your compter. Once mounted, you have free access
    > >> to read/write anything on this virtual disk until it is dismounted --
    > >> at which time it reverts to an encrypted container file. Many options.
    > >> Much less messy than working with encrypted zip files.
    > >>
    > >> The functionality is similar to "PGP Disk" at a fraction of the cost
    > >> and does not depend on PGP being installed on a given system.
    > >>

    > >
    > >Thanks for telling me about it. How secure is it?

    >
    > Truecrypt has a good pedigree, and the designers use serious methods
    > of protection based on known-good practice.
    >
    > If you choose a strong password and keep it secret the security
    > offered in Truecrypt is strong (high) security.
    >
    > Do not forget to keep a copy of that password somewhere safe as if you
    > forget your password, there is no way to recover the data.
    >
    > The documentation is good and they have a "Beginners Tutorial" to get
    > you going.
    >
    > And Truecrypt is a free product.
    >


    Is it better than PGP? What are its advantages over PGP?

    > And remember that that using any combination of current or past names
    > and numbers (telephone, street address, SSN, friends names, lover's
    > names, children's names, pet's names, birthdays, model of car,
    > favorite colors, cuss words, slang terms, or famous passages of text)
    > will allow your password to be recovered in a short period of time.
    >
    > This is true for any security product, yet over 95% of people's
    > passwords are derived from those very same parameters, so the large
    > majority of folks are not using strong passwords.
    >
    > A good, strong password is generally hard to remember at first, and
    > that is why you need to be able to refer to it, until it gets
    > engrained in your memory.
    >


    In your opinion, should passwords be longer than 16 characters?

    > >
    > >Jennifer
    > >
    > >>
    > >>
    > >> HTH,
    > >> John



  3. Re: best pgp software question

    Tom McCune wrote:
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: RIPEMD160
    >
    > "jennifer1988" wrote in
    > news:1146978712.563514.20970@j73g2000cwa.googlegro ups.com:
    >
    > > Thanks for all the information.
    > > I too am afraid of anything that's closed sourced. But, I also wonder
    > > if the NSA has
    > > a supercomputer no one knows about that has cracked PGP. And I wonder
    > > if the NSA has a secret satellite that can hear everyone's keystrokes.
    > > Maybe it would be safe to try and use PGP in a deep underground cave.
    > > Jennifer

    >
    > I don't know about these possibilities, but in my opinion, if the NSA is
    > really after my data, there is probably little I can do to prevent them
    > from getting it. At least for me, protecting against attack by the NSA is
    > just not worth the time, effort and expense it would take.
    >


    Sure, if they were after you, that's true. I don't have anything
    illegal to hide. Some people, like me, believe law-abiding citizens
    have the right to some privacy. Even if it's nothing special, I want
    the right to keep it private from anyone. The NSA wants to see
    everything, not matter what it is. They want to destroy privacy.

    > -----BEGIN PGP SIGNATURE-----
    > Version: PGP Desktop 9.0.6 (Build 6060)
    > Comment: My PGP FAQ: http://www.mccune.cc/PGP.htm
    >
    > iQEVAwUBRF3fcWDeI9apM77TAQPQSAf9FZS9TscpcjBJZgVTv1 vl9r7sWGBhULdV
    > 3G26PBbmrzlqwNHVVP4cu+zugcPBC/aiARrkNPDI3/Wbkk/eA4yU2TfhOKnGt/Uz
    > XJ2zkxu0LP6NqboH2+3PSjnMaFFmHsTo5rGDjfHO0GkIeDADXC XBBafb06twDWzn
    > xHZDkzZCz702e5afHEEnLTAlmStstLAzjIWtAIH8bD2zl2nn+C 1cLQJ+G44oLYjx
    > DzEBHGfCqmXUlgmS4Jy0DXRg9PNqxpssH2pA4MueHq6EyYBWtL mmhxzv2Qidk0dR
    > ZM8fWm564BaqrSz+3cTzPZmqjIDcFavkOuUseMk6TFuk+bDC/ZQVHA==
    > =XcIM
    > -----END PGP SIGNATURE-----



  4. Re: best pgp software question

    Borked Pseudo Mailed wrote:
    > jennifer1988 wrote:
    >
    > > Thanks for all the information.
    > > I too am afraid of anything that's closed sourced.

    >
    > Why would you feel fear?


    I fear them because they could have backdoors no one knows about.

    > Closed source encryption algorithms and
    > applications just aren't as trustworthy.


    Ok. So why don't you feel fear?

    > Peer review is essential for
    > algorithms and highly desirable for applications using well reviewed
    > algorithms, but it's not any sort of guarantee.
    >


    True. But it's better than nothing.

    > > But, I also wonder if
    > > the NSA has
    > > a supercomputer no one knows about that has cracked PGP.

    >
    > You're either worrying way to much about information isn't that important,
    > or way to little about "State Secret" caliber data. In which case you
    > wouldn't be discussing it here, so we have to assume the former.
    >


    You can assume the former. I believe in the principle of privacy, even
    of my boring things.

    > What do you have, that the NSA or anyone would want to waste time
    > decrypting?
    >


    Nothing criminal or anything like that. The NSA wants to take away my
    privacy. I hate anyone who wants to take away a freedom.

    > There's no such thing as absolute security in the practical world, it's
    > all about risk assessment and mitigation. If you need to secure something
    > you need to make an intelligent decision about how to secure it from the
    > sort of attacker you're likely to encounter. If you're dealing in NSA
    > level information you're already screwed the pooch by asking about it in a
    > public forum. You should be using private couriers with fake passports,
    > exploding briefcases, and cyanide pills.
    >


    I need to get those.

    > > And I wonder if
    > > the NSA has a secret satellite that can hear everyone's keystrokes.

    >
    > Why would the need a satellite? It's much more cost effective to sit
    > across the street in a van.
    >


    True. But they could be data mining, looking at millions of people at
    one time.

    > > Maybe
    > > it would be safe to try and use PGP in a deep underground cave. Jennifer

    >
    > Maybe the cave doesn't matter. Your biggest threat is during transmission,
    > and more importantly, your own recklessness in divulging the very
    > existence of your cave hideout.
    >
    > Strike two......


    True. But I'm sure the NSA has thought of people in caves long before I
    did.

    Jennifer


  5. Re: best pgp software question

    David Eather wrote:
    > I heard once (on a post on sci.crypt)that v9 of PGP will run for 30
    > days as a full featured demo and then switches to a free ware mode (no
    > disk encryption) Hope that help (HA)
    >


    Is there something better than v9?

    > > I apologize for this very basic question. I have a number of files that
    > > I want to encrypt with pgp. They are letters, legal documents and other
    > > similar files that I don't want anyone to see. I'm looking for a
    > > software package to buy. Something free is good too if it does what I
    > > want. I have many folders and many files. I could take all the files in
    > > a folder, put them in a zip file and then encrypt the zip file. Or, I
    > > might want to encrypt each file individually. Is there a software
    > > package that will take 100 or so files and encrypt each one of them
    > > individually with a few strokes by me? What software is best?
    > >
    > > I went to:
    > >
    > > http://www1.pgpstore.com/product.htm...currencies=USD
    > >
    > > and looked at:
    > >
    > > PGP Desktop Home 9.0
    > >
    > > This is the link:
    > >
    > > http://www1.pgpstore.com/product.htm...currencies=USD
    > >
    > > It costs 99 dollars. Would anyone recommend that one or not? Is there
    > > one better? Is there one cheaper?
    > >
    > > Please help.
    > >
    > > Jennifer
    > >

    > )



  6. Re: best pgp software question

    charlie kroeger wrote:
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: RIPEMD160
    >
    > 05/07/2006
    >
    > jennifer1988 wrote:
    >
    > >> Ok. What I worry about though is hardware or spyware that records or
    > >> hears keystrokes. That seems to me hard to guard against.

    >
    > That's a scary thing to be sure. I don't know what to tell you. For
    > myself, I use Password Safe to copy directly to the clipboard some
    > impossible password (all of them are in fact impossible to remember
    > that's what machines are for) and then it's pasted into an
    > application. Of course if you are being logged they will log your
    > password to open Password Safe anyway so you're humped there too.
    > It's like James Thurber said, "there's no security in numbers or
    > anywhere else." Welcome to the world Wash.
    >


    Even in George Orwell's 1984, there seemed to be places to hide from
    Big Brother's eyes.

    Suppose you do this: erase a hard drive, install the OS, then install
    PGP, that guards against spyware.

    > >> Ok. But is it possible that the NSA has a highly advanced supercomputer
    > >> that no one knows about that has cracked PGP and has a backdoor? Or
    > >> maybe the NSA has a secret satellite that can hear the keystrokes of
    > >> everyone?

    >
    > Have you heard of quantum computers? I pasted this directly from the
    > Wikipedia, the free encyclopedia:
    >
    > A quantum computer is any device for computation that makes direct
    > use of distinctively quantum mechanical phenomena, such as
    > superposition and entanglement, to perform operations on data. In a
    > classical (or conventional) computer, the amount of data is measured
    > by bits; in a quantum computer, it is measured by qubits. The basic
    > principle of quantum computation is that the quantum properties of
    > particles can be used to represent and structure data, and that
    > quantum mechanisms can be devised and built to perform operations
    > with this data.
    >
    > Experiments have been carried out in which quantum computational
    > operations were executed on a very small number of qubits. Research
    > in both theoretical and practical areas continues at a frantic pace,
    > and many national government and military funding agencies support
    > quantum computing research, to develop quantum computers for both
    > civilian and national security purposes, such as cryptanalysis.
    >


    Thanks for posting this. It is scary. Even when there are limits to
    supercomputers, they'll increase speed and effectiveness with better
    algorithms.

    > It looks like puny algorithms and passphrases would be cracked
    > before lunchtime. I also read that you're right, the sound of your
    > keyboard can reveal what keys you're touching. As for secret
    > satellites I bet they're up there already with names like the Cheney
    > fighting module and the Bush advanced laser detecting appliance.
    >


    Maybe they have some Orwellian name like 'Freedom Protector' or 'civil
    liberty protector'

    > >> Please send them to me. I looked and looked and couldn't find them.

    >
    > I'll make it so.
    >


    Thanks.

    > >> Thanks.
    > >> Peace, sadly - probably not possible today,
    > >> Jennifer

    >
    > I'll have to dust off my windows side of the computer blow out the
    > cobwebs. I will send the file in question and my off newsgroup
    > address to confirm it passed through the hotmail filters.
    >


    Thanks.

    Jennifer

    > C.
    > -----BEGIN PGP SIGNATURE-----
    > Version: GnuPG v1.4.3 (GNU/Linux)
    >
    > iD8DBQFEXaRd9HLs2IZF4wURA0LqAKC67xLRIVsQjtQFRiHPDh RpL2Lb7QCgvzoG
    > yKZStuBBc3jkpyQ2du+oGz0=
    > =eyAU
    > -----END PGP SIGNATURE-----



  7. Re: best pgp software question

    jennifer1988 wrote:

    > Borked Pseudo Mailed wrote:
    >> jennifer1988 wrote:
    >>
    >> > Thanks for all the information.
    >> > I too am afraid of anything that's closed sourced.

    >>
    >> Why would you feel fear?

    >
    > I fear them because they could have backdoors no one knows about.


    Source code isn't a guarantee that a program has no back doors, nor is it
    the only way to find them if they exist. It's certainly helpful, but I'd
    sooner trust a closed source application using standard algorithms offered
    by a reputable author than an open source implementation of an untested
    algorithm devised by some guy who calls himself "Mr. Krypto".

    If you fear back doors, you need to fear them in all applications. Even
    more pressing is the issue of simple mistakes. They're both threats to
    your security that have from time to time "magically appeared" in crypto
    software of both open and closed source varieties. If your data relies on
    a dire need for absolute cryptographic security, you're completely out of
    luck. What you need to be considering is a strong dose of physical
    security, maybe with a crypto chaser.

    >> Closed source encryption algorithms and applications just aren't as
    >> trustworthy.

    >
    > Ok. So why don't you feel fear?


    Two reasons:

    1. My data isn't so important that I have to worry about the NSA or the
    FBI dorking around with it. The threats I see on the horizon are
    incompetent wannabes like the guy who tries to steal my laptop and finds
    out all my vital information is in an encrypted container. I'm confident
    my passwords and scanned images of official documents are safe from that
    sort of attack.

    2. I'm fully aware of the risks and benefits of encryption, and have a lot
    of trouble feeling fear for anything I understand. Fear is generally
    something you feel either because you see an imminent threat, which I
    don't, or a result of facing the unknown.

    If I WAS afraid in any way that I might fall victim to some sort of back
    door, then I would certainly take additional steps to make sure my data
    was removed from any possibility of compromise. Like a secret panel in
    the back of a closet with an electrified door leading to a hardened bunker
    guarded by packs of rabid Rottweilers. Something like that. ;-)

    >
    >> Peer review is essential for
    >> algorithms and highly desirable for applications using well reviewed
    >> algorithms, but it's not any sort of guarantee.
    >>

    > True. But it's better than nothing.


    Usually. If you don't place too much faith in it, it's fine. It's
    something to consider when choosing security applications, especially so
    when examining what algorithms are used. All other things being equal it's
    more prudent to choose open source crypto over closed source, but it's not
    the sole deciding factor. If you place too much faith in open source, you
    run the risk of making a bad decision because of that ill placed faith.

    >> > But, I also wonder if
    >> > the NSA has
    >> > a supercomputer no one knows about that has cracked PGP.

    >>
    >> You're either worrying way to much about information isn't that
    >> important, or way to little about "State Secret" caliber data. In which
    >> case you wouldn't be discussing it here, so we have to assume the
    >> former.
    >>

    > You can assume the former. I believe in the principle of privacy, even of
    > my boring things.


    Then you'll be more than protected if you simply stick with any time
    tested crypto application offered by a reputable company. Closed source or
    otherwise. You're hiding stuff from associates and the occasional crook,
    not the super secret crypto cracking division of some joint NSA/FBI task
    force on Jennifer's evil data.

    The majority of the more widely respected crypto programs happen to be
    open source, and for good reasons, but at our mere mortal levels it's more
    of a matter of personal comfort than any real threat of compromise.

    >> What do you have, that the NSA or anyone would want to waste time
    >> decrypting?
    >>

    > Nothing criminal or anything like that. The NSA wants to take away my
    > privacy. I hate anyone who wants to take away a freedom.


    They do at that I suppose, but wasting time on you would mean OBlahBlah
    Bin Terrorizin would have that much less resource dedicated to him. And if
    they ever actually DID anything with your information at all it would be a
    sure sign whatever program you're using is FUBAR, and that company as well
    as their ability to back door real BadGirls(tm) would be down the toilet.

    >> There's no such thing as absolute security in the practical world, it's
    >> all about risk assessment and mitigation. If you need to secure
    >> something you need to make an intelligent decision about how to secure
    >> it from the sort of attacker you're likely to encounter. If you're
    >> dealing in NSA level information you're already screwed the pooch by
    >> asking about it in a public forum. You should be using private couriers
    >> with fake passports, exploding briefcases, and cyanide pills.
    >>

    > I need to get those.


    Tell the truth now..... you just want hunky guys in fresh pressed suits
    who reek of mystery and gunpowder hanging around. ;-)

    >> > And I wonder if
    >> > the NSA has a secret satellite that can hear everyone's keystrokes.

    >>
    >> Why would the need a satellite? It's much more cost effective to sit
    >> across the street in a van.
    >>

    > True. But they could be data mining, looking at millions of people at one
    > time.


    They can do that from the comfort of any piece of backbone Internet
    connection. Much more cost effective than developing the technology to
    listen to keystrokes from the vacuum of space Id' wager.

    >> > Maybe
    >> > it would be safe to try and use PGP in a deep underground cave.
    >> > Jennifer

    >>
    >> Maybe the cave doesn't matter. Your biggest threat is during
    >> transmission, and more importantly, your own recklessness in divulging
    >> the very existence of your cave hideout.
    >>
    >> Strike two......

    >
    > True. But I'm sure the NSA has thought of people in caves long before I
    > did.


    Ahhh but therein lies the rub. They were unaware of YOURS until you went
    and spilled the beans here in Usenetland. Now your cave is useless, and
    you've learned the most valuable crypto lesson you ever will. Unless
    there's some fatal flaw in your crypto, which nothing can guarantee
    doesn't exist, it's you the user who is by FAR the weakest link. Crypto of
    the modestly good sort used effectively is a LOT more secure than the
    worlds best crypto used sloppily.

  8. Re: best pgp software question

    On 8 May 2006 21:06:18 -0700, "jennifer1988"
    wrote:

    [snip known history]
    >
    >Is it better than PGP? What are its advantages over PGP?


    If all you want is to create an area is secure, where you can place
    your documents and feel reasonably sure (given a strong password) that
    they are safe from the eyes of others, then yes it is.

    I'm just going to give you Truecrypt's advantages. Do some homework on
    the PGP.

    The advantages, to me, are Truecrypt's simplicity of operation and the
    methods they used to craft the security.

    They are using LRW mode for disk encryption'

    http://www.truecrypt.org/user-guide/...s-of-operation


    Truecrypt provides source code so it can be scrutinized and
    re-compiled by all.

    They provide for plausible deniability by construction of their disk
    volumes which are not distinguishable from random data.

    You can easily change your password if you want and not lose any of
    the data.

    It works under Windows and Linux.

    It is free of charge and the people that write it are very serious
    about what they are doing.


    [snip known history]
    >
    >In your opinion, should passwords be longer than 16 characters?
    >


    What you are looking for is entropy, which is a 5 dollar word for
    randomness.

    If you are going to use every available character from 00-FF Hex in
    completely random fashion then 16 characters is really good.

    That would give you close to 128-bit entropy.

    But you wont be doing that, so you'll need a way to stretch out your
    passphrase into something that contains enough entropy, but that you
    can enter on a keyboard and remember.

    http://world.std.com/~reinhold/diceware.html

    You can start with the link above if you really want to know about
    some of the issues relating to passwords and their creation.



  9. Re: best pgp software question

    jennifer1988 wrote:


    > The NSA wants to take away my privacy. I hate anyone who wants to take away a freedom.


    After 9/11, privacy and freedom are not the same thing.

    You have your freedom from giving up a little of your privacy.

    Like it, or not, that's the way it works.

  10. Re: best pgp software question

    noload wrote:

    > jennifer1988 wrote:
    >
    >
    > > The NSA wants to take away my privacy. I hate anyone who wants to take away a freedom.

    >
    > After 9/11, privacy and freedom are not the same thing.
    >


    That is the lie that the Bush Administration would have us believe. I refuse.

    > You have your freedom from giving up a little of your privacy.
    >


    That is a contemptible lie. Giving up any privacy is the beginning of the
    surrender of all freedom.


    > Like it, or not, that's the way it works.


    No, It isn't.

    When society reaches the point where it's mandatory to have ID, then it is
    time to move. The problem with the world now is that there are very few places
    left to move TO, most of them being extremely inhospitable.



  11. Re: best pgp software question

    In article <8M-dnUxLCdmqCP3ZnZ2dnUVZ_s6dnZ2d@northstate.net>,
    noload@dot.com says...
    > jennifer1988 wrote:
    >
    >
    > > The NSA wants to take away my privacy. I hate anyone who wants to take away a freedom.

    >
    > After 9/11, privacy and freedom are not the same thing.
    >
    > You have your freedom from giving up a little of your privacy.
    >
    > Like it, or not, that's the way it works.
    >


    No, that is the way we move away from freedom. Privacy and anonymity
    are the roots of all freedom.

    While they systematically remove the checks and balances and ignore laws
    as not relevant to them, they chant "If you have nothing to hide you
    have nothing to fear" and "only criminals have something to hide". It's
    the mantra of the day.

    I reply to that: "If _you_ have nothing to hide then you should have
    nothing to fear from proper judicial oversight". Yet, they keep working
    to remove it. Well, it's not me that is hiding here and if their words
    of "only criminals have something to hide" have any truth, why are they
    hiding from proper oversight?

    /steve
    --
    Cotse.Net Privacy Service
    Advanced e-mail, ssh, proxies, web hosting, and more.
    Your Shield From The Internet
    http://www.cotse.net

  12. Re: best pgp software question

    "jennifer1988" wrote in
    news:1147147578.833286.162380@v46g2000cwv.googlegr oups.com:
    [...]
    > clark wrote:
    >> If you choose a strong password and keep it secret the security
    >> offered in Truecrypt is strong (high) security.
    >>
    >> Do not forget to keep a copy of that password somewhere safe as
    >> if you forget your password, there is no way to recover the data.
    >>
    >> The documentation is good and they have a "Beginners Tutorial" to
    >> get you going.
    >>
    >> And Truecrypt is a free product.
    >>

    >
    > Is it better than PGP? What are its advantages over PGP?


    Security-wise, it's probably equivalent to PGP. I prefer it because
    it's independent of PGP. I once used PGP Disk and when I updated my
    version of PGP, my PGP disk was no longer accessible. I had to
    uninstall PGP and re-install the older PGP to recover the data.
    Since then, PGP has improved the effects of updating, but it still
    left a bad taste in my mouth...

    >
    >> And remember that that using any combination of current or past
    >> names and numbers (telephone, street address, SSN, friends names,
    >> lover's names, children's names, pet's names, birthdays, model of
    >> car, favorite colors, cuss words, slang terms, or famous passages
    >> of text) will allow your password to be recovered in a short
    >> period of time.
    >>
    >> This is true for any security product, yet over 95% of people's
    >> passwords are derived from those very same parameters, so the
    >> large majority of folks are not using strong passwords.
    >>
    >> A good, strong password is generally hard to remember at first,
    >> and that is why you need to be able to refer to it, until it gets
    >> engrained in your memory.
    >>

    >
    > In your opinion, should passwords be longer than 16 characters?


    Obviously the longer the better. That's why they're now called
    "passphrases" instead of "passwords". Truecrypt also has option of a
    "key file" where you can point it to a file on your disk and it will
    use the contents of that file to generate the crypto key. The file
    better not change, though.

    HTH,
    John

  13. Re: best pgp software question

    On Tue, 09 May 2006 21:48:06 +0100, Anonymous wrote:

    >
    > When society reaches the point where it's mandatory to have ID, then it is
    > time to move. The problem with the world now is that there are very few places
    > left to move TO, most of them being extremely inhospitable.


    Let's hope that some catastrophe, natural or manmade, will clean out the
    excess and get the world population down to something reasonable. One
    billion sounds like a nice round number, giving the world plenty of people
    to keep the high-tech stuff going, while giving everyone lots of room.

    No one will give a damn then about IDs and what's going on in the Middle
    East, or the rest of the insane stuff we live with today.

    I say the sooner the better.




  14. Re: best pgp software question

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    On 8 May 2006 21:06:18 -0700, "jennifer1988" wrote:

    Hi Jennifer

    >Is it better than PGP? What are its advantages over PGP?


    I prefer it to PGP because it has more options (algos). It doesn't require
    installation* and has nice little features such as key files and hidden
    volumes. It is also a very stable application. It has never failed me.

    >In your opinion, should passwords be longer than 16 characters?


    Depends on what its for. I tend to never use less than 15 characters for
    passwords unless the system doesn't support passwords of that length.
    Normally I have 8-10 words as my passphrase so around 50 characters total.

    For a Windows password there are a lot of advantages to using >14
    characters, one of the biggest being that it stops the LM hash being stored.
    Read http://blogs.technet.com/robert_hens...28/199610.aspx
    for more information.

    For PGP I never use a password, only a passphrase.

    * Administrator access is needed to the system to run in "traveller" (not
    installed) mode. If you install TrueCrypt it is then possible for a non
    admin (power user) to use TrueCrypt however I could be wrong on this, its
    been a while since I checked.

    Morgan

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.3 (MingW32) - GPGshell v3.51
    Comment: Key not available on key servers
    Comment: Please get from http://mrp.freeshell.org

    iQEVAwUBRG8XvV3QLDLuwbSdAQIO+Af/eteUmuSZCq9lmt9swFGyxOYdwlbDrzI/
    fuSwXapoO5vUD1Ke5qKSsbDZtdcdhndziVFGr4a2MvnR7gGoUI s+myB2O05T2El+
    ErDznILPJnsHU8kvjXPWj07yjbrI4X3pDWgjiOn3Ppc03+JoR4 +Kd3ySEl/aRIC9
    TMqoYE9YCsfrl8paB+tslRcheI+xDjr67LxHeqbCRNPjGXmmyA xi27PuqY9mjlW2
    UT0ppwViOmawiLIdus4gRS3jHnFGK6K5tepyIkVMCKZVM7bh86 +0ilFSl09uwcDv
    7a7+j4ynZlCqYF7/i6aRF5F0wvw4XMEUc9Uz6y5jNyrbrYneV2PifQ==
    =YhW1
    -----END PGP SIGNATURE-----


  15. Re: best pgp software question

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Morgan wrote in
    news:qh5u62h6br1ssl0jc8i84vtv82i6hkfv3k@4ax.com:

    >>Is it better than PGP? What are its advantages over PGP?

    >
    > I prefer it to PGP because it has more options (algos). It doesn't
    > require installation* and has nice little features such as key files and
    > hidden
    > volumes. It is also a very stable application. It has never failed me.



    My news server has not retained prior posts in this thread, but this
    appears to be in relation to TrueCrypt. Based on this assumption, I can't
    resist stating that PGP's Virtual Disk now defaults to using 256 bit AES
    for the symmetric algorithm. Recent versions also have options of 128 bit
    CAST and 256 bit Twofish. Personally, I just can't think of a reason why
    including additional algorithms serves any real purpose in increasing
    security. I don't recall the details now, and whether this was related to
    either TrueCrypt or an ancestor of it, but I have seen at least one other
    such product that included multiple symmetric options, with some being very
    secure, and with at least one such option being quite weak.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP Desktop 9.0.6 (Build 6060)
    Comment: My PGP FAQ: http://www.mccune.cc/PGP.htm

    iQEVAwUBRG8qtWDeI9apM77TAQh9rwf/Xl/OVo8u9Px4IcvgEPwSSGBJmw9JNVhk
    kazAxLpdZiejBWR7uLwMHpnJcNO7BPqMh0wT1KIpe8xpvAY9vj NhXuj7f+LX+YbD
    Xoz9giE84ln0fp0gYKKEu2QF5yLSQRJkFYphb84/4sbJxBmJGilf/UP4GDwtDlb6
    QlIf81bFQieSElX4Q9FAH9b3NzjWEXujjFsiKCJ8Ldb9OOwgvZ qEBtRfMYI8uvjn
    E3Kf5YjuLJl709MxbwwgVScqhtbRRTiF8driWDt3a3XKmRbfrg yb7g1u7CZOSKyq
    zdWU4KxyNsPxDhlWgLdKldsPsdjQypCZ50YpdHAnesYnwCR2uT i6Gg==
    =Bk9b
    -----END PGP SIGNATURE-----

  16. Re: best pgp software question

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    On Sat, 20 May 2006 14:42:00 GMT, Tom McCune
    wrote:


    >My news server has not retained prior posts in this thread, but this
    >appears to be in relation to TrueCrypt. Based on this assumption, I can't
    >resist stating that PGP's Virtual Disk now defaults to using 256 bit AES
    >for the symmetric algorithm. Recent versions also have options of 128 bit
    >CAST and 256 bit Twofish. Personally, I just can't think of a reason why
    >including additional algorithms serves any real purpose in increasing
    >security. I don't recall the details now, and whether this was related to
    >either TrueCrypt or an ancestor of it, but I have seen at least one other
    >such product that included multiple symmetric options, with some being very
    >secure, and with at least one such option being quite weak.


    Hi Tom. Yes the post was regarding TrueCrypt.

    I guess it is more for performance than for security (although TrueCrypt
    also allows for two and three level encryption with different algorithms
    such as AES-Twofish-Serpent, I do not know mathmatically what extra
    protection this gives you thought.

    The biggest reason I prefer TrueCrypt over PGPdisk is portability (no
    install need, no license problems) and its features such as hidden volumes
    and being able to use a raw device (such as an external HDD).

    While PGPdisk is very nice, the fact it is only available as part of the PGP
    suite makes it difficult to use on a mobile device unless you purchase
    multiple licenses. A stand alone version of PGPdisk for $50 or so would be
    great IMHO.

    Morgan


    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.3 (MingW32) - GPGshell v3.51
    Comment: Key not available on key servers
    Comment: Please get from http://mrp.freeshell.org

    iQEVAwUBRG9wqF3QLDLuwbSdAQJlnAgAvsTvI6pUgMgx3HKyJF BXb4EUMYa2e0cQ
    MxcFqYlvtUVSbg+S8bfofdaoKbw3LKxrgehEo6bzuQbcAv5gs6 C7XH+6iOEfXXGY
    J75PinQEIRloiiTTVY+2vZl+tDmCMy3x4ffdD1GtSpKXu6xHkS TvOFcYdbFu2NUj
    7g/FlaCbcVu++uYehrSTbMC+XRJXkZZPTzZN9l6HSo9hg5IJacIbg 1Pk1fgWJpGh
    kvY5GtnbowZ22TYPQSzJhYFpAsLcsoz+IRW75YBPgTc0vIHsZv Jy9y5YPxHwpVXC
    r1hRvKIA/R0FPrzIYH5vBwFy1H9UVlxxHd2XdUzxFI3Kyu/ABxeSMg==
    =OVws
    -----END PGP SIGNATURE-----

    --

    Morgan

    PGP Keys http://mrp.freeshell.org

    Entropy isn't what it used to be

  17. Re: best pgp software question

    jennifer1988 wrote:
    > David E. Ross wrote:
    >> jennifer1988 wrote:
    >>> I apologize for this very basic question. I have a number of files that
    >>> I want to encrypt with pgp. They are letters, legal documents and other
    >>> similar files that I don't want anyone to see. I'm looking for a
    >>> software package to buy. Something free is good too if it does what I
    >>> want. I have many folders and many files. I could take all the files in
    >>> a folder, put them in a zip file and then encrypt the zip file. Or, I
    >>> might want to encrypt each file individually. Is there a software
    >>> package that will take 100 or so files and encrypt each one of them
    >>> individually with a few strokes by me? What software is best?
    >>>


    At present, I mainly use GnuPG to sign files, so I have a way of
    checking later to see if the file was modified since it was signed. I
    will also be using GnuPG in tandem with Gizmo and Zfone for VOIP in the
    near future. For encrypting individual files or collections of files,
    however, I strongly recommend you consider using truecrypt. All of the
    softwares I have named here are $-free, open-source projects that
    support both Linux and WindowsXP. (I don't have WindowsXP on my
    computer.) I also think it is smart to use an on-screen keyboard any
    time you have to type in a GnuPG or a truecrypt password.

    --


  18. Re: best pgp software question

    only asking wrote:
    > At present, I mainly use GnuPG to sign files, so I have a way of
    > checking later to see if the file was modified since it was signed. I
    > will also be using GnuPG in tandem with Gizmo and Zfone for VOIP in the
    > near future.


    Oops. I misspoke. Zfone does *not* require GnuPG or anything like it:

    Zfone uses a new VoIP encryption protocol called ZRTP to secure Internet
    telephone calls. The protocol provides a high level of security because
    it doesn't rely on public key infrastructure (PKI), key certification,
    trust models or certificate authorities. *** ZRTP does the key
    agreement process on a peer-to-peer basis, using a new key for each
    telephone call.***
    [from http://www.voip-news-net.com/2006/05...or_windo.html]

    And Gizmo has nothing to do with encryption, it's just handles the VOIP.

+ Reply to Thread
Page 3 of 3 FirstFirst 1 2 3