(I just posted this in a discussion on alt.security.pgp, and thought it might also be of interest to the List. _Vin) ALCO Jakarta <alcojkt@bit.net.id> queried the Newsgroup:

Could anyone give me a quick trun-down on the difference between these two programs and which one is more secure? Is the latter more practical to use than PGP 2.6.2?

That's comparing real crypto vs a sophisticated version of the Captain Crunch crypto ring. PGP in all of its forms uses strong crypto, which is why it is difficult to legally export it from the US to any overseas entity, except branches and subsidiaries of US firms. (Thus, the effort to sustain the international version of PGP, and PhilZ's long travail while the US govt tried to investigate how those sneaky non-Yanks got their hands on this oh-so-useful RSA/IDEA utility.) Norton Secret Stuff secures the data using the 32-bit Blowfish encryption algorithm -- which is why it's approved for unrestricted export outside the US by the U.S. government. It's far better than, say, ROT13 -- but it would not provide meaningful confidentiality or security for anything of any worth, or anything which might otherwise spur a curious and clever grad student to spend somewhere between a couple hours (with a college computer lab at his proposal) to a few days (on a fast PC) doing a brute force search of all possible 32-bit keys. A more complex comparison would put PGP against Norton's YEO, but that too is an apples to oranges matchup, albiet with strong crypto on both sides. PGP was designed to be a mail encyptor. YEO -- with RSA + RC4, RC5, DES, DES3, and Blowfish too, I think -- was designed as a file and disk encryptor. Each is optimized for its primary function. The lack of published source code is an issue, but if you see such a product being purchased by multinationals or US defense contractors you can be certain the implementation -- which is the real arena of vulnerability, once the algorithm is chosen -- has been carefully studied by informed cryptographers. (For non-American product, look for similar purchases by government-connected agencies in the vendor's nation.) You don't sound like the source code is going to do _you_ any good, right? Like most buyers, you have to trust the judgement of talented pros somewhere.

I use PGP and don't find it's use so difficult to master even as a rookie in cryptographic matters. But this Secret Stuff program is commerical so I don't trust it's degree of security to gov't snooping based on my suspicion of corporate submission to gov't will. Is that a reasonable assumption?

Actually, corporate or commercial products are better than that. Secret Stuff is overtly weak crypto. It's also free from Symantec. Norton YEO from Symantec, or any competitive heavy-duty product like RSA SecurPC, will be clearly labelled as to the relative strength (key length) of their crypto -- strong for domestic user; weak for the intl mass market -- in terms anyone with a basic understanding of crypto and crypto export regs can understand. Export permits for the strong domestic versions of products like these will be all but impossible to obtain for mass market sales to non-American individuals. (Neither of these firms probably sells or even tries to sell the export version overseas; the weaker products exist largely because US corporate buyers demand an interoperable product that _can_ be shipped to overseas associates.) Export permits to ship the strong-crypto version of these products American corporations will require that the vendor have a key recovery mechanism -- no big deal, since we are dealing with stored files, so backup access is a standard requirement for disaster recovery -- which is to be held by the US firm in a location which makes it accessible to legal US court orders. Any and all US firms will respond to a legal court order to provide information. (Commercial firms in other nations will provide any info they hold when confronted with a court order too, right?) It is always rash to expect any commercial firm in any nation to be either a martyr or an arbiter of moral or political issues. Corporate officers have fiduciary responsibilities and they can be replaced. Corporations get a set of rules from the society in which they operate, and then -- within the context of those rules -- they seek to maximize their profit and their stockholders' return on investment with a certain degree of ruthless intensity. That's the nature of the beast. When corporate self-interest and some corporate executive's personal philosophy line up, we get some interesting fireworks -- sometimes even heroic moments which dramatically change the course of a government's industrial policy, as in the US banks vehement rejection of the NSA's CCEP and Clipper programs. The apparent exception really validates the rule. It's really rare for the US govt to try to overtly challenge or crush an American firm like they did with RSADSI for a decade. The NSA tried to bully the US banking industry and got handed its collective head -- and got branded as naive and turned into something of a laughingstock as well. On the other hand, commercial vendors which provide a product for sale have to describe and warranty that product as having certain properties. If those products are used by individuals or commercial customers and fail to measure up to their advance billing, the vendor is thereafter liable for significant (even company-threatening) losses, in both recompense and punitive damages. That's commercial law in the US -- no matter what sort of mealy-mouth language might be in the shrink-wrap license. US lawyers get a blueprint of an altar upon which they can sacrifice such firms when they get their law degree. Corporate "submission to gov't will" is a real issue, particularly for vendors of privacy and security tech -- but for US firms, it is far more likely to play out formally (as with a court order for a message recovery key) or in some negotiated backroom deal where the government demands some feature added, or asks for some feature to be removed from free-market product, before the vendor is given some commercial advantage like a government contract, or GSA approval, or an export permit. You see the whole American IT industry being put through this sort of blackmail in the current US crypto export policy. Only vendors which have or agree to design key/message "recovery" mechanisms in file or communications crypto apps get export permits to ship their 56-bit versions of their crypto products -- or (among other vendors,) crypto-enhanced applications like RDBSs and operating systems -- to the international market. Nothing subtle or secret about that -- and historically, the model has probably been pretty much the same, if less blatent. US export controls in crypto exist to bludgeon the vendors, so that the US govt can obtain something it wants in that company's domestic or overseas product lines. (It certainly does not restrict the international bad guy's access to strong crypto, no matter what the latest Four Horseman propaganda is.) Today, I think this leverage is probably being applied more on the big US vendors of operating systems and networking software and major applications -- all of which require crypto for their commercial products today -- than it is upon the puny crypto vendors (who are, relatively speaking, small potatos and aren't allowed to sell strong versions of their products -- even with message-recovery -- to anyone interesting, anyway;-) In commercial encryption products, the hidden backdoors of myth and legend are far less likely, given the liability issue and US commercial law. Overt and well-labelled backdoors are a different story. <sigh> Surete, _Vin "Cryptography is like literacy in the Dark Ages. Infinitely potent, for good and ill... yet basically an intellectual construct, an idea, which by its nature will resist efforts to restrict it to bureaucrats and others who deem only themselves worthy of such Privilege." _ A thinking man's Creed for Crypto/ vbm. * Vin McLellan + The Privacy Guild + <vin@shore.net> * 53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548