Black Unicorn <unicorn@schloss.li> writes:
So...
Is MD5 essentially history?
Unclear. The collision Dobertin demonstrated does not provide a practical attack on PGP signatures. However, people worry that Dobertin or others will be able to generalise the attack, so caution, and moving away from MD5 is probably a good idea.
Aside from MacPGP 2.6.3, is there a pgp version which will support anything else?
Zbig (MacPGP author for those who haven't looked at the fatmac pgp docs - http://128.146.111.31/~fiedorow/PGP/) also distributes an unofficial SHA1 patch for PGP, which he says has been tested on various archictectures. (This is a patch to MIT pgp262 or MIT pgp263). However AFAIK fatmac is the only distributed version with SHA1 sig capability included. Ordinarily you'd think that there would be a rush to put out a new version of PGP (Say PGP versions 2.6.4 and 2.6.4i respectively for MIT and Stale Schaumaker's interational version). However, I'm not sure of the status of further pgp2.6.x versions. PGPlib (aka pgp3) is supposed to be being released RSN. PGP Inc was formed earlier this year. Initially PGP Inc made noises about litigation over ViaCrypts incorporation of commercial key escrow in some viacrypt versions. Then PGP Inc bought ViaCrypt and it's parent company, to regain the distribution rights sold to ViaCrypt. The people working on pgp3 are doing so as employees of companies, I'm not sure at what point development switched from freeware to commercial, but at this point my understanding is that Derek Atkins is employed by SGI, and Colin Plumb by PGP Inc. Some time ago when there was a question about which companies were crypto friendly on the list, SGI was listed because they were paying Derek to work on pgp3. One presumes this arrangement started before PGP Inc incorporated. Other people at PGP are also working on pgp3 (Hal Finney, who recently started work at PGP Inc, said that he was in a recent list post). I believe Phil Zimmermann made an announcement earlier this year (probably on this list, but perhaps in a USENET group, I forget), that his lawyers were advising him to discourage other people from using the `PGP' name. MIT is distributing pgp2.6.2, and PGPfone also. MIT seems to be involved as a distribution site at least. Also I understand, though there appears to be no available documentation saying as much, that pgp3.0 will not use RSA, nor IDEA, nor MD5, using instead El Gamal for public key encryption and signatures, 3DES (unsure?), and SHA1. Several people have made pointed comments about the delivery time of pgp3, about the danger of S/MIME getting ahead before pgp3 is released. Several people have opined that there would surely be many people willing to help. I suspect however that the offers of help may be complicated by the commercial nature of pgp3. Also in conversation I hear rumors that there are companies at the moment who have access to beta versions of pgp3. Is this so? And if so, might cypherpunks also be considered? As I understand it pgp3 will be available in source form, and will be available without charge for academic and personal use. People who pay for PGP will get shrink wrap, manuals and use of PGPs tech support lines. However, I am not sure what pgp3 includes... Derek's most recent post to the list indicated that it had a command line UI, similar to pgp2.6.x? Now I agree code takes time to write, specs take time to tidy up, etc. But we like to know what's going on... approximately. What will be in pgp3? What's it use for encryption El Gamal, SHA1, what about symmetric cipher, is it 3DES? Even mentioning that pgp3 will include source code, and be freely available is something that is not being advertised? No mention of pgp3 on www.pgp.com, mit; a web search reveals nothing. Cypherpunks crave information about pgp3, any information... Adam -- print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`