PGP Beta Question....opinions please

[alpha]

Catalogue of dumb questions entry Number 578845-c by Alpha:

I've just downloaded Pretty Good Privacy Latest Windows beta
freeware.......i was planning to use it as a folder lock for my windows
explorer. I have not instaled it yet but this new version appears to
have been designed for the non techie type like me.

Its a real big size prog and i am having second thoughts about if i can
adopt something so big (20MB).....i was assuming this prog is the best
way to protect sensitive files???.....please advise if this is not a
good idea and i would be better off using a smaller freeware prog.....

not sure if i understand how PGP works but i dont like the idea of
attracting the attention of hackers with high tech progs....if this is
an issue with PGP, i will uninstall it for something less hard core.
The way i understand it, PGP uses an external organisation to decrypt
stuff?.....does this mean they also have the potential to view what i
encrypt??

appreciate advice on this issue and perhaps a suggestion for a less
hard core program if you think this more apropriate when the above is
taken into account.

Thanks......A

 

[me]

Catalogue of dumb questions entry Number 578845-c by Alpha:

I've just downloaded Pretty Good Privacy Latest Windows
beta freeware.......i was planning to use it as a folder
lock for my windows explorer. I have not instaled it yet
but this new version appears to have been designed for the
non techie type like me.

Its a real big size prog and i am having second thoughts
about if i can adopt something so big (20MB).....i was
assuming this prog is the best way to protect sensitive
files???.....please advise if this is not a good idea and i
would be better off using a smaller freeware prog.....

not sure if i understand how PGP works but i dont like the
idea of attracting the attention of hackers with high tech
progs....if this is an issue with PGP, i will uninstall it
for something less hard core. The way i understand it, PGP
uses an external organisation to decrypt stuff?.....does
this mean they also have the potential to view what i
encrypt??

appreciate advice on this issue and perhaps a suggestion
for a less hard core program if you think this more
apropriate when the above is taken into account.

Thanks......A

Good source of info, helpful posters: alt.security.pgp
Alternative: GnuPG (tho that might be even more "hard core" .

Good luck.

J

 

[Rili]

I like Truecrypt

http://truecrypt.sourceforge.net/

 

[Mel]

I've just downloaded Pretty Good Privacy Latest Windows beta
freeware.......i was planning to use it as a folder lock for my windows
explorer. I have not instaled it yet but this new version appears to
have been designed for the non techie type like me.

Its a real big size prog and i am having second thoughts about if i can
adopt something so big (20MB).....i was assuming this prog is the best
way to protect sensitive files???.....please advise if this is not a
good idea and i would be better off using a smaller freeware prog.....

not sure if i understand how PGP works but i dont like the idea of
attracting the attention of hackers with high tech progs....if this is
an issue with PGP, i will uninstall it for something less hard core.
The way i understand it, PGP uses an external organisation to decrypt
stuff?.....does this mean they also have the potential to view what i
encrypt??

appreciate advice on this issue and perhaps a suggestion for a less
hard core program if you think this more apropriate when the above is
taken into account.

GnuPG is a complete and free replacement for PGP. Because it does not
use the patented IDEA algorithm, it can be used without any
restrictions. GnuPG is a RFC2440 (OpenPGP) compliant application.

http://www.gnupg.org/

IS PGP REALLY SECURE?

Yes and no. Yes, it is secure against most attackers when used on a
physically secure system in accordance with its instructions. This
includes using a good passphrase to protect your private keys and
keeping your passphrase and private keys truly private. You must also
never run or allow to be run any rogue software (including viruses,
worms, and Trojan horses) that might send your passphrase keystrokes and
your PGP key file back to some spy.

If an adversary of yours has physical access to the computer that you
use with PGP, it is not hard to install a hardware or software keystroke
logger that can capture your passphrase, and to copy your private
keyring. With that combination, any of your PGP-encrypted messages can
be read. PGP is not secure if you don't understand what you are doing.
It is also true that God knows your thoughts even before you encrypt
them, so you can't hide anything from Him.

=========================================================================
Scramdisk is a program that allows the creation and use of virtual
encrypted drives. Basically, you create a container file on an existing
hard drive which is created with a specific password. This container can
then be mounted by the Scramdisk software which creates a new drive
letter to represent the drive. The virtual drive can then only be
accessed with the correct passphrase. Without the correct passphrase the
files on the virtual drive are totally inaccessible.

Once the passphrase has been entered correctly and the drive is mounted
the new virtual drive can then be used as a normal drive, files can be
saved and retrieved to the drive and you can even install applications
onto the encrypted drive.

http://www.scramdisk.clara.net/

========================================================================
In addition you might take a look at some the resources available on:

http://www.pricelesswarehome.com

As a starter take a look at:

http://www.pricelesswarehome.org/2003/PL2003SECURITY.htm

========================================================================

 

[jimbok]

On 13 Apr 2005 04:50:18 -0700, "alpha" <[email protected]>
wrote:

The way i understand it, PGP uses an external organisation to decrypt
stuff?.....does this mean they also have the potential to view what i
encrypt??

Incorrect. Only the holder (you) with the appropriate key and/or
password can decrypt files encrypted by you. If you use PGP to
encrypt email, then only the person whose public key was used to
encrypt it, can decrypt it. Not even the sender (you) can decrypt the
email, once encrypted, to someone else's public key.
Instead of assuming, you might want to read the manual.

appreciate advice on this issue and perhaps a suggestion for a less
hard core program if you think this more apropriate when the above is
taken into account.

If you do not need PGP's email encryption capability, then you might
have a look at "Blowfish Advanced CS." It is an excellent file
encryption program, using secure algorithms.

http://bfacs.sourceforge.net/

 

[Ari Silversteinn]

If you do not need PGP's email encryption capability, then you might
have a look at "Blowfish Advanced CS." It is an excellent file
encryption program, using secure algorithms.

http://bfacs.sourceforge.net/

By what test are they secure?

 

[jimbok]

By what test are they secure?

By surviving continuous structural attacks, for years, by many of the
best cryptographers and cryptanalists in the free world. The program
is also open source, with its code available for peer review. If you
would care to review the code, it is available from the program's
author.

 

[Ari Silversteinn]

By surviving continuous structural attacks, for years, by many of the
best cryptographers and cryptanalists in the free world. The program
is also open source, with its code available for peer review. If you
would care to review the code, it is available from the program's
author.

Thanks. I did not see any of the test attacks and results, perhaps I missed
those.

 

[Ari Silversteinn]

I really like Blowfish Advanced CS, because of its jobs capability,
file renaming, flexibility, etc. It includes many algorithms including
AES(Rijindael), Twofish, Serpent, Blowfish, CAST, etc. I believe all
the algorithms conform to standards, plus, how do you know the new PGP
is absolutely "secure"?
Don't get me wrong, I do use PGP 9. I sometimes encrypt something
using PGP, then go over it with Serpent.

Appreciate the opinion. Yes, how does one know it or any other system of
encryption is secure? Are there standards that must be passed, a certain
number of attacks of certain types or is it pretty much "have at it" until
everyone (for the time being) gives up?

 

[Scott Berry]

Appreciate the opinion. Yes, how does one know it or any other system of
encryption is secure? Are there standards that must be passed, a certain
number of attacks of certain types or is it pretty much "have at it" until
everyone (for the time being) gives up?

On this subject I work in a situation where clients confidentiality is
very important. What would be a good pgp encryption program to use so
that I can actually have a public pgp key and a private pgp key?