1997-07-29 - Re: Queries from a Cyper-newbie?

Header Data

From: Dave K-P <dkp@iname.com>
To: Chris Avery <cavery@ccnet.com>
Message Hash: 05d9ffe285c272f9c04848e9934ed22e8a7d473827d25a6d2bdb2720b381b3b2
Message ID: <33DD81A6.3920@iname.com>
Reply To: <01BC9B6D.6CC7B860@h97-172.ccnet.com>
UTC Datetime: 1997-07-29 05:55:41 UTC
Raw Date: Tue, 29 Jul 1997 13:55:41 +0800

Raw message

From: Dave K-P <dkp@iname.com>
Date: Tue, 29 Jul 1997 13:55:41 +0800
To: Chris Avery <cavery@ccnet.com>
Subject: Re: Queries from a Cyper-newbie?
In-Reply-To: <01BC9B6D.6CC7B860@h97-172.ccnet.com>
Message-ID: <33DD81A6.3920@iname.com>
MIME-Version: 1.0
Content-Type: text/plain

Chris Avery wrote:

> 1. PGP 5.0 -- good software? If not, what problems?  Why to use DSS vs/

> RSA keys?  How is 5.0 different than 2.6.3i ?  Which is better?

	I can only speak from experience that PGP 5.0 is "good software"

in that it has not caused me any problems.  In the DSS/Diffie-Hellman

vs. RSA debate, you would do well to go to www.rsa.com and read their
on both cryptosystems.  5.0 is different from 2.6.3i in the following
ways: 5.0 can create DSS/Diffie-Hellman key pairs, 2.6.3i cannot. 
can create RSA key pairs, 5.0 cannot.  5.0 can utilize both kinds of key

pairs whereas 2.6.3i can only utilize RSA key pairs.  As well, 5.0 is

legal to use in the US while 2.6.3i violates copyright protection. Only

you can decide which is better for your purpose(s), however.

> 2. Are emails encrypted using PGP 5.0 decypherable by PGP 2.6.3i (and

> vice versa?)  Using RSA keys?

	2.6.3i is completly compatible with 5.0 (and vice versa)

_except_ if it involves DSS/Diffie-Hellman key pairs.

> 3. I understand certain encryption s/w cannot be legally exported, I am

> aware that such s/w is nevertheless being used (and built) abroad.  My

> queries:  Is purely domestic use being threatened by the pending

> legislation?  Is it already illegal to send an encrypted msg out of the

> US? If so, is it illegal to receive an encrypted msg from outside the
> US?

	As I recall, domestic use is being threatened by a law that would

make illegal the use of cryptosystems without escrowed keys.  At present

time though, it is legal to send enciphered messages to and from the US.

> 4. How strong is strong?

	From Applied Cryptography (Second Edtion) by Bruce Schneier (which

you should buy a copy of) ...

	"The wise cryptographer is ultra-conservative when choosing
public- key key lengths.  To determine how long a key you need requires
you to look at both the intended security and lifetime of the key, and
current state-of-the-art of factoring.  Today, you need a 1024-bit
to get the level of security you got from a 512-bit number in the early
1980s.  If you want your keys to remain secure for 20 years, 1024 bits
likely too short."

> 5. Is international data traffic somehow monitored (or monitorable) to

> detect encrypted traffic?

	Of course it is!  One of the uses of crytography is to secure

those messages that would otherwise be monitored in plaintext.  It goes

without saying that the ciphertext can be monitored, as well.


dkp at iname dot com * Exit the System.

4B63 E55D 1C92 68E3 8700 0EBF 5CDD 5538