Announcement: Very Good Privacy
I have written an encryption program called Very Good Privacy for Windows 95/NT. It supports drag-and-drop encryption using the following algorithms: ASCII (Caesar), BlowFish, DES, IDEA, NewDES, RC4, Safer SK-128, and Vigenere. After the files are encrypted, the user has the option of securely deleting the source files using a stream of random text. Very Good Privacy is shareware with a $5-$10 registration fee. Please note: Pretty Good Privacy is only "pretty good" but Very Good Privacy is "very good." :-) VGP can be downloaded at: http://www.geocities.com/SiliconValley/Pines/2690 If you have any questions, please e-mail vgp@cryogen.com
On Fri, 29 Nov 1996, Mark Rosen wrote:
I have written an encryption program called Very Good Privacy
Trademark violation here. Probably not a good thing.
95/NT. It supports drag-and-drop encryption using the following algorithms: ASCII (Caesar), BlowFish, DES, IDEA, NewDES, RC4, Safer SK-128, and Vigenere. After the files are encrypted, the user has the option of
<< text deleted >>
Good Privacy is only "pretty good" but Very Good Privacy is "very good."
I'm not sure how an encryption product that uses encryption algorithms weaker than Pretty Good Privacy can be described as being better than PGP. Especially when all the algorithms listed have known problems of one kind, or another. << And yes, I know that the known problems -- in some instances --- are entirely theoretical in nature. >> xan jonathon grafolog@netcom.com SpamByte: The amount of spam Sanford Wallace sends to AOL in one 24 hour period. Roughly 1 000 Terabytes sent every 24 hours. T3 Connection: The connection that AOL needs to deal with the spam Sanford Wallaces send to them in one day, so that legitimate users can contact people at AOL.
-----BEGIN PGP SIGNED MESSAGE----- On Sat, 30 Nov 1996, jonathon wrote:
On Fri, 29 Nov 1996, Mark Rosen wrote:
I have written an encryption program called Very Good Privacy
Trademark violation here. Probably not a good thing.
Nope. "Pretty Good" is trademarked, but "Very Good" isn't.
I'm not sure how an encryption product that uses encryption algorithms weaker than Pretty Good Privacy can be described as being better than PGP.
Both programs use IDEA. How is this weaker?
Especially when all the algorithms listed have known problems of one kind, or another. << And yes, I know that the known problems -- in some instances --- are entirely theoretical in nature. >>
RC4 has stood up to cryptanalysis. It's secure as long as the same key isn't used twice. Mark - -- finger -l for PGP key PGP encrypted mail prefered. 0xf9b22ba5 now revoked -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMqB58CzIPc7jvyFpAQGEgwf/VZ8gf+W84DV0cSCSnUNgKEqF/G2fKX4C bJAkY1FSz3edH4Y+KyWkVIVkpLRmBTSNTV45secSeyVGdvnjAX4zcnUld6hOIGSc bqE6hge9CQpWxsojckulwNTPphL4ZRLLA4UJViObOYZs8jJi6b4aZ8FPHfQwCdBh H64rGSGsEFj3WuDoH4nVgnNzwxXxLLllTAOOic8HFqRn2BeqxGRlkvGTraxE+on/ pKQ55CUQNBUu7L05lGp4njc1qZRpe9EeCLChRCEP6FVmy9iBtIRFH+lzRquDR+A4 lARm8zR1QKwDcCSzz8OPN52Lp/rICmcHWR7Lfhw/Vy8D6NxqG1lmuA== =CPKh -----END PGP SIGNATURE-----
On Sat, 30 Nov 1996, Mark M. wrote:
On Sat, 30 Nov 1996, jonathon wrote:
On Fri, 29 Nov 1996, Mark Rosen wrote:
I have written an encryption program called Very Good Privacy Trademark violation here. Probably not a good thing. Nope. "Pretty Good" is trademarked, but "Very Good" isn't.
Very Good Privacy is violating the trademark of Pretty Good Privacy. At least this is a simple, straightforward easy to see and easier to sue on violation than most other trademark violation cases are.
I'm not sure how an encryption product that uses encryption algorithms weaker than Pretty Good Privacy can be described Both programs use IDEA. How is this weaker?
IDEA & RC4 were the only algorithms listed that AC2 doesn't list as having a security flaw. And that isn't even true, if one considers "weak keys" to be a security flaw, for IDEA. Some of the others are breakable on the fly, by a human.
RC4 has stood up to cryptanalysis. It's secure as long as the same key isn't used twice.
"Not used twice" is the operative phrase. xan jonathon grafolog@netcom.com SpamByte: The amount of spam Sanford Wallace sends to AOL in one 24 hour period. Roughly 1 000 Terabytes sent every 24 hours. T3 Connection: The connection that AOL needs to deal with the spam Sanford Wallaces send to them in one day, so that legitimate users can contact people at AOL.
-----BEGIN PGP SIGNED MESSAGE----- On Sun, 1 Dec 1996, jonathon wrote:
I'm not sure how an encryption product that uses encryption algorithms weaker than Pretty Good Privacy can be described Both programs use IDEA. How is this weaker?
IDEA & RC4 were the only algorithms listed that AC2 doesn't list as having a security flaw. And that isn't even true, if one considers "weak keys" to be a security flaw, for IDEA.
My point was that both programs use IDEA, so you couldn't characterize on as weaker than the other one. Weak algorithms are an option, but that doesn't make the program any weaker. Nearly every algorithm has some weak keys. One out of every 2^96 IDEA keys are weak. If this is considered a security flaw, then every algorithm with a keyspace of less than 96 bits is a "security flaw" because someone could pick the correct key on the first try. Besides, it's easy to prevent weak keys from being chosen, even though it obviously isn't necessary.
Some of the others are breakable on the fly, by a human.
RC4 has stood up to cryptanalysis. It's secure as long as the same key isn't used twice.
"Not used twice" is the operative phrase.
That doesn't mean it shouldn't be an option. I encrypt my files with different passphrases, so RC4 wouldn't be a problem in a case like that. Mark - -- finger -l for PGP key PGP encrypted mail prefered. 0xf9b22ba5 now revoked -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMqEqQyzIPc7jvyFpAQHTIQf+LtUIH50HH7FKUGq4i9RgM3yDwXLkL1eV zQJeO862DGGLF/mYy/vs7UH1NQsTu3XR2pT9tWnurboSJgS8qekUfslGo6wb+gyT u4RoYV7a+h8A2JTUPQKLbJt6uYVw1jLCFfHlo6xkFP9TGedsVWwdB0hE+gX2EJHl ckMcFKpdNWkYAcdwhKRdXz/737JDlFvNi4s0DyZ5AgP/bcEVqeb7IpBJPEDlu0Jf GiwJvxtJ7SAcuvkDSUghKVeS8/uL3S6IRY4Gl+t5SYpO2Pf8bGUW3hl60w7dWQa/ WABQ4iDltFYPzBKoskW4vvaOc4bP7FfqVNgmeQyhKdXBd8nXh60tog== =T2Lb -----END PGP SIGNATURE-----
participants (3)
-
jonathon -
Mark M. -
Mark Rosen