Queries from a Cyper-newbie?
Anybody willing to offer a bit of help to a cypher-newbie? I'm trying to sort out a few of the basics: (and if not answers, just a few pointers on where to go for info? ) Thnks. 1. PGP 5.0 -- good software? If not, what problems? Why to use DSS vs/ RSA keys? How is 5.0 different than 2.6.3i ? Which is better? 2. Are emails encrypted using PGP 5.0 decypherable by PGP 2.6.3i (and vice versa?) Using RSA keys? 3. I understand certain encryption s/w cannot be legally exported, I am aware that such s/w is nevertheless being used (and built) abroad. My queries: Is purely domestic use being threatened by the pending legislation? Is it already illegal to send an encrypted msg out of the US? If so, is it illegal to receive an encrypted msg from outside the US? 4. How strong is strong? My MS Explorer has the 128 bit encryption scheme to secure domestic financial transactions (such as credit cards). How "un-encryptable" is this? I read some recent postings here re difficulty of breaking 128 bit keys -- but this had reference to stronger methods of encryption than MS Explorer uses, right? So 128 bits is hard to break (umptyump years, terrawatts, etc.)? Then why does my PGP 5.0 software offer keys that are 768, 1024, etc. up to 4096 bits in length? Are these numbers on the same scale? Any "strength" differences between RSA, DSS, and Diffie-Hellman? IS there some layman-understandable difference between these? 5. Is international data traffic somehow monitored (or monitorable) to detect encrypted traffic? Thanks for any help.
Chris Avery wrote:
1. PGP 5.0 -- good software? If not, what problems? Why to use DSS vs/
RSA keys? How is 5.0 different than 2.6.3i ? Which is better?
I can only speak from experience that PGP 5.0 is "good software" in that it has not caused me any problems. In the DSS/Diffie-Hellman vs. RSA debate, you would do well to go to www.rsa.com and read their FAQ on both cryptosystems. 5.0 is different from 2.6.3i in the following ways: 5.0 can create DSS/Diffie-Hellman key pairs, 2.6.3i cannot. 2.6.3i can create RSA key pairs, 5.0 cannot. 5.0 can utilize both kinds of key pairs whereas 2.6.3i can only utilize RSA key pairs. As well, 5.0 is legal to use in the US while 2.6.3i violates copyright protection. Only you can decide which is better for your purpose(s), however.
2. Are emails encrypted using PGP 5.0 decypherable by PGP 2.6.3i (and
vice versa?) Using RSA keys?
2.6.3i is completly compatible with 5.0 (and vice versa) _except_ if it involves DSS/Diffie-Hellman key pairs.
3. I understand certain encryption s/w cannot be legally exported, I am
aware that such s/w is nevertheless being used (and built) abroad. My
queries: Is purely domestic use being threatened by the pending
legislation? Is it already illegal to send an encrypted msg out of the
US? If so, is it illegal to receive an encrypted msg from outside the US?
As I recall, domestic use is being threatened by a law that would make illegal the use of cryptosystems without escrowed keys. At present time though, it is legal to send enciphered messages to and from the US.
4. How strong is strong?
From Applied Cryptography (Second Edtion) by Bruce Schneier (which you should buy a copy of) ... "The wise cryptographer is ultra-conservative when choosing public- key key lengths. To determine how long a key you need requires you to look at both the intended security and lifetime of the key, and the current state-of-the-art of factoring. Today, you need a 1024-bit number to get the level of security you got from a 512-bit number in the early 1980s. If you want your keys to remain secure for 20 years, 1024 bits is likely too short."
5. Is international data traffic somehow monitored (or monitorable) to
detect encrypted traffic?
Of course it is! One of the uses of crytography is to secure those messages that would otherwise be monitored in plaintext. It goes without saying that the ciphertext can be monitored, as well. -- dkp at iname dot com * Exit the System. 4B63 E55D 1C92 68E3 8700 0EBF 5CDD 5538 --
Anybody willing to offer a bit of help to a cypher-newbie? I'm
-----BEGIN PGP SIGNED MESSAGE----- At 03:45 PM 7/28/97 -0700, you wrote: trying to sort out a few of the basics: Well as long as you ask like that instead of what most newbies do, such as try and subscribe by sending "Add me to the mailing list" to the list.
1. PGP 5.0 -- good software?
It's better integrated for Mac Lusers and Windows 95ers. It is, however, flawed in some respects.
If not, what problems? Why to use DSS vs/ RSA keys? How is 5.0 different than 2.6.3i ? Which is better?
2.6.3i cannot use CAST, or (who would want to , it's DES!) Triple- DES. It does however, can use other hashes with RSA, thanks to someone's discovery on PGP-USERS. 2.6.3i is dos native, and complex. A shell integrates nicely, but it's still not the same.
2. Are emails encrypted using PGP 5.0 decypherable by PGP 2.6.3i (and vice versa?) Using RSA keys?
3. I understand certain encryption s/w cannot be legally exported, I am aware that such s/w is nevertheless being used (and built) abroad. My queries: Is purely domestic use being threatened by the pending legislation? Is it already illegal to send an encrypted msg out of
ONLY using RSA keys. DSS/Diffie-Hellman support is being added to old PGP's. RSAREF is used in PGP 5.0 . MPILIB, Phil Zimmermann's original PGP RSA algorithm implementation is used in international versions. It's becuase of RSA's patent stuff. the US? If so, is it illegal to receive an encrypted msg from outside the US? Unless it is the "shitty 40 bit" type. It can be built abroad, for example, IDEA was made in switzerland, or something like that..., PGP 2.6.3i was made legally, I think. Domestic use is being threatened by Nazi Motherfuckers like Billy-Bob Clinton [spit], The FBI, and the NSA. Oppose them. Go to www.crypto.com and do some of the stuff there. Sending and recieving mail from the outside of the US *is legal*.
4. How strong is strong? My MS Explorer has the 128 bit encryption scheme to secure domestic financial transactions (such as credit cards). How "un-encryptable" is this? I read some recent postings here re difficulty of breaking 128 bit keys -- but this had reference to stronger methods of encryption than MS Explorer uses, right? So 128 bits is hard to break (umptyump years, terrawatts, etc.)? Then why does my PGP 5.0 software offer keys that are 768, 1024, etc. up to 4096 bits in length? Are these numbers on the same scale?
Any "strength" differences between RSA, DSS, and Diffie-Hellman? IS
Unencryptable? What the fuck are you talking about? If you mean crackable, let's just say it'd take several time the age of the Universe to crack it. The RSA keys are weaker than symmetric cyphers, unless we're talking about DSS/Diffie-Hellman keys with 4096bits. They are not on the same scale. there some layman-understandable difference between these? Well, RSA's are patented and RSA is really anal with their patents. DSS/Diffie-Hellman keys are unpatented. You can change hashes on RSA keys (RIPEM160, MD5 [was broken already], and SHA-1). But to use those RSA's with older PGP's, use only MD5.
5. Is international data traffic somehow monitored (or monitorable) to detect encrypted traffic?
It can be detected that you're using encryption. Breaking PGP is another thing. If any other cypherpunks want to correct me here, do so. -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQCVAwUBM9065B0+FhmmTrSJAQEdsgQAmRAJR7CxQCy4Wfny8YM6oJ3chLKnJCnA E45EElRsAVS8zyAWy06/ZJFG8XjInjgAzmx+fRvGoN0qHvObyFfrDMPML0w+405s cddgcApc0DfbjP8narKHVBQnbOhwuSjdDbwTbFF9F+EG0OkXewgYKXS/QnS11ov/ ofr4ooPGcr0= =rowH -----END PGP SIGNATURE-----
participants (3)
-
bennett_t1ļ¼ popmail.firn.edu -
Chris Avery -
Dave K-P