Cyphernomicon Top
Cyphernomicon 2.6

MFAQ--Most Frequently Asked Questions:
PGP


    2.6.1. There's a truly vast amount of information out there on PGP,
            from current versions, to sites, to keyserver issues, and so
            on. There are also several good FAQs on PGP, on MacPGP, and
            probably on nearly every major version of PGP. I don't expect
            to compete here with these more specialized FAQs.
           - I'm also not a PGP expert, using it only for sending and
              receiving mail, and rarely doing much more with it.
           - The various tools, for all major platforms, are a specialty
              unto themselves.
    2.6.2. "Where do I get PGP?"
    2.6.3. "Where can I find PGP?"
           - Wait around for several days and a post will come by which
              gives some pointers.
           - Here are some sites current at this writing: (watch out for
              changes)
    2.6.4. "Is PGP secure? I heard someone had...."
           - periodic reports, urban legend, that PGP has been
              compromised, that Phil Z. has been "persuaded" to....
           + implausible for several reasons
             - Phil Z no longer controls the source code by himself
             - the source code is available and can be inspected...would
                be very difficult to slip in major back doors that would
                not be apparent in the source code
             - Phil has denied this, and the rumors appear to come from
                idle speculation
           + But can PGP be broken?
             - has not been tested independently in a thorough,
                cryptanalytic way, yet (opinion of tcmay)
             - NSA isn't saying
             + Areas for attack
               + IDEA
                 - some are saying doubling of the number of rounds
                    should be donee
               - the random number generators...Colin Plumb's admission
    2.6.5. "Should I use PGP and other crypto on my company's
            workstations?"
           - machines owned by corporations and universities, usually on
              networks, are generally not secure (that is, they may be
              compromised in various ways)
           - ironically, most of the folks who sign all their messages,
              who use a lot of encryption, are on just such machines
           - PCs and Macs and other nonnetworked machines are more
              secure, but are harder to use PGP on (as of 1994)
           - these are generalizations--there are insecure PCs and
              secure workstations
    2.6.6. "I just got PGP--should I use it for all my mail?"
           - No! Many people cannot easily use PGP, so if you wish to
              communicate with them, don't encrypt everything. Use
              encryption where it matters.
           - If you just want more people to use encryption, help with
              the projects to better integrate crypto into existing
              mailers.
    2.6.7. NSA is apparently worried about PGP, worried about the spread
            of PGP to other countries, and worried about the growth of
            "internal communities" that communicate via "black pipes" or
            "encrypted tunnels" that are impenetrable to them.
  

Next Page: 2.7 Clipper
Previous Page: 2.5 Crypto

By Tim May, see README

HTML by Jonathan Rochkind