Chris Avery wrote:
1. PGP 5.0 -- good software? If not, what problems? Why to use DSS vs/
RSA keys? How is 5.0 different than 2.6.3i ? Which is better?
I can only speak from experience that PGP 5.0 is "good software" in that it has not caused me any problems. In the DSS/Diffie-Hellman vs. RSA debate, you would do well to go to www.rsa.com and read their FAQ on both cryptosystems. 5.0 is different from 2.6.3i in the following ways: 5.0 can create DSS/Diffie-Hellman key pairs, 2.6.3i cannot. 2.6.3i can create RSA key pairs, 5.0 cannot. 5.0 can utilize both kinds of key pairs whereas 2.6.3i can only utilize RSA key pairs. As well, 5.0 is legal to use in the US while 2.6.3i violates copyright protection. Only you can decide which is better for your purpose(s), however.
2. Are emails encrypted using PGP 5.0 decypherable by PGP 2.6.3i (and
vice versa?) Using RSA keys?
2.6.3i is completly compatible with 5.0 (and vice versa) _except_ if it involves DSS/Diffie-Hellman key pairs.
3. I understand certain encryption s/w cannot be legally exported, I am
aware that such s/w is nevertheless being used (and built) abroad. My
queries: Is purely domestic use being threatened by the pending
legislation? Is it already illegal to send an encrypted msg out of the
US? If so, is it illegal to receive an encrypted msg from outside the US?
As I recall, domestic use is being threatened by a law that would make illegal the use of cryptosystems without escrowed keys. At present time though, it is legal to send enciphered messages to and from the US.
4. How strong is strong?
From Applied Cryptography (Second Edtion) by Bruce Schneier (which you should buy a copy of) ... "The wise cryptographer is ultra-conservative when choosing public- key key lengths. To determine how long a key you need requires you to look at both the intended security and lifetime of the key, and the current state-of-the-art of factoring. Today, you need a 1024-bit number to get the level of security you got from a 512-bit number in the early 1980s. If you want your keys to remain secure for 20 years, 1024 bits is likely too short."
5. Is international data traffic somehow monitored (or monitorable) to
detect encrypted traffic?
Of course it is! One of the uses of crytography is to secure those messages that would otherwise be monitored in plaintext. It goes without saying that the ciphertext can be monitored, as well. -- dkp at iname dot com * Exit the System. 4B63 E55D 1C92 68E3 8700 0EBF 5CDD 5538 --