PGP dies of neglect – your alternatives
A key for all seasons
I'm saddened to hear NAI is trying to kill PGP (or at least failing to try to keep it alive).
Are you aware that free versions of PGP for non-commercial use can be found at: http://web.mit.edu/network/pgp.html?
Thank you for your article,
Subject: PGP Personal Edition (?)
Date: Fri, 8 Mar 2002 14:49:08 -0700
-----BEGIN PGP SIGNED MESSAGE-----
You made reference that a desktop version of PGP is no longer available. While this may be true for the NAI versions, MIT is still distributing a desktop GUI version that has a lot of the same functions described in the package mentioned in your article. I am only writing to seek some clarification and inform you and potentially your viewers that they can still download a use a stable and functional version of PGP for personal use. The article confused me in stating that a GUI was no longer available, except in trial form.
Guess the article was not crystal clear to me (as a lot of things are) and wanted to make sure that this great product does not get washed up in NAI's foolish maneuvers.
Or, I could be completely wrong in all my statements, but last I checked you can still get it from MIT (http://web.mit.edu/network/pgp.html).
Lets hope that PGP lives forever!
Subject: Crypto Kong and other encryption stuff
Regarding your article about PGP or the lack thereof. There are some alternatives these days, none are as easy to use and not all are up to the
enterprise, but good enough for a technical home user.
Crypto Kong uses Elliptic Curve Cryptography and only runs on Windows. Which is a pain for those of us who avoid Windows like the plague.
Elliptic Curve Cryptography is interesting in light of the latest advances in factoring technology because it provides an alternative to 'standard'
discrete logarithm and factoring based crypto.
I have spoken with James D via email about five years ago and he is certainly not going to sell out. He has continued to develop Crypto Kong
off (IIRC) his own back.
I'm wary of any web based system, if only because its not under direct control of the user and hosts multiple users. But that said they apparantly provide an OK OpenPGP based service and it works with most standard browsers.
Not strictly for customers, but then not strictly for the US either.
*nix users should head this way; command line, fast, lots of plugins and works with most *nix sytems and comes with a slew of plugins, including GPGME which provides a simple library for applications developers.
Developed with German government money and pretty quickly updated any time there has been a problem (There was a problem with split signatures that was rapidly solved, as with a lot of Free Software).
I am sure there are probably more out there but I cannot recommend them as I have never personally used them, I only emailed BTW because I think using cryptography is a major issue and it is better to say something than
say nothing ;-).
John B Everitt
Bugger Network Associates!
Let Zimmerman go back to 6.5.8 [which is what I still use] and start from there.
Privacy is IMO more about what your application can do or prevent others doing, more than what you look like while you're doing it, although deception no doubt, has its place in a good privacy solution :-)
As for Mac OSX and WinXP, that's a downside for Microsoft in selling new products, not for PGP per se AFAICS.
O'Neill Quigley & Associates
I was interested to see that NAI had notified their customers. Only yesterday I was looking to find if one could buy the commercial PGP Desktop.
Of course, non-commercial users still have http://www.pgpi.org/.
As far as I can tell, the only real commercial alternative is the free GPG, which can be used with WinPT (Windows Privacy Tray) on all Windows systems.
The WinPT web site is http://www.winpt.org/ . The WinPT graphical installer includes GPG, and provides a very similar user interface to PGP. It's easy to install, but has the same naive user problems as PGP in understanding how to manage keys.
But then, the TLAs would not let you advertise that, would they?
Global IT Security Architecture and Strategy, Dresdner Kleinwort Wasserstein
Of course, given that Ashcroft wants his fingers in everything, and that PGP actually *works*, and given the prior treatment of Phil Zimmerman
re: PGP's crypto provisions, are you really surprised it's being left out to dry?
Sponsored: Becoming a Pragmatic Security Leader